Application Manager for MECM Network Architecture

Application Manager communicates with the Configuration Manager console, or more precisely with the Configuration Manager API and Configuration Manager cmdlets.


For Application Manager to work, it must be installed on a machine which has Configuration Manager console installed. The operating system for the setup can be either Windows or Windows Server. 

The AM installation requires a service account with the following prerequisites:

  • Having at least application administrator role in MECM.
  • Being a member of local administrator group or
    • Having full access to the following Windows registry key: "HKEY_LOCAL_MACHINE\SOFTWARE\Recast Software\Agent" and
    • Having modify permission to the following folder: "%ProgramData%\Recast Software" and 
    • Having modify permission to a folder which is specified for downloads. This folder can be a local folder or a UNC location.

The service account credentials are saved to a Windows service.

Internal network communication

Application Manager uses WMI queries to communicate with Configuration Manager Site Server if the console is installed on a remote machine. On the other hand, if the Configuration Manager console is installed on a Configuration Manager Site Server, there is no need for such communication over network. The potential network traffic from Application Manager/ConfigMgr console installation is similar with WMI queries as if the MECM Console was used manually.

The WMI queries use RPC protocol to TCP port 135. For more information, see Ports used in Configuration Manager in the Microsoft Docs.

Public network communication

Application Manager for Configuration Manager constantly monitors new application versions over the Internet and downloads application media from Azure using the HTTPS protocol over TCP/443.

Application Manager requires outbound access to the following external domains: