Co-Management Today with SCCM and Intune
While we used to actively block devices from registering with Intune and SCCM or Group Policy at the same time, we more than welcome this duality of management capabilities today. Outside of cloud-only enterprises, Microsoft not only allows, but encourages the practice of allowing settings management from multiple sources. Microsoft refers to this current practice as co-management.
The advantage of Hybrid MDM was that it allowed you to manage SCCM exclusive and MDM exclusive devices from a single console. Essentially it was a a product of convenience more than anything. With co-management, the two work in cohesion. Clients can now have the Configuration Manager client installed and be enrolled in Intune. For those organizations that have a considerable investment in time and resources in SCCM, Co-management adds greater functionality to your SCCM structure by incorporating cloud functionality.
Co-management requires version 1710 or later and requires all involved Windows 10 devices to be Azure AD-joined or joined to on-premise AD and registered with Azure AD. For new Windows 10 devices, you can simply join them to Azure AD, enroll them in Intune and install the Configuration Manager client for co-management ability. When it comes to Windows 10 devices that already have the Configuration Manager client installed the path is more complex, but basically requires you to setup hybrid Azure AD and enrolling them into Intune. Whichever way you get there; the end result is that you get the best of both worlds.
Co-management is about more than just increased functionality however. It gives IT administrators the flexibility to choose which management solution works best for their organization, devices and workloads they have to manage. This facility of choice is exemplified in the screenshot below that shows the workloads tab of the SCCM admin screen. As you can see, with co-ecomanagement you can switch the authority from Configuration Manager to Intune for select workloads. This puts the SCCM admin in charge of which tool will manage what policies by simply moving the slider to the selected choice.
Note the presence of the “Pilot Intune” option. As MDM is relatively new to most admins, Pilot Intune gives you the ability to pilot things first in order to ensure everything operates as expected. Once results are confirmed, you can throw the switch all the way. Eventually, Microsoft hopes that all the siders will be moved to the right, with everything hosted and managed in the cloud. Those who are intimidated by SCCM might say that’s not a bad thing.
Comments (0)