Co-management – Enabling Co-management SCCM 1710

This post will show how you can enable co-management in SCCM 1710 and how to automatically enroll a Windows 10 1709 machine into Intune (Intune standalone) when it is currently managed by SCCM 1710.

Prerequisites:

  • Configuration Manager version 1710 or later
  • Azure AD
  • EMS or Intune license for all users
  • Azure AD automatic enrollment enabled
  • Intune subscription (MDM authority in Intune set to Intune)

Suggested readings:
Co-management for Windows 10 devices
Enable Windows 10 automatic enrollment
How to configure hybrid Azure Active Directory joined devices

In portal.azure.com then Azure Active Directory, Mobility (MDM and MAM), Microsoft Intune, I have set my MDM user scope to All for automatic Intune enrollment for Windows.

intunecomgmt-17

In the SCCM console, in Administration, expand Cloud Services, right click on Co-management to create a new co-management policy.

intunecomgmt-02

Sign in with the Intune account

intunecomgmt-03

I have set automatic enrollment in Intune to pilot.

intunecomgmt-04

Configure the workloads.

intunecomgmt-05

I have created a collection called Comanagement Pilot. I have added my test Windows 10 1709 machine managed by SCCM 17010 into this collection.

intunecomgmt-06

intunecomgmt-07

You can check the Monitoring node and look for the CoMgmtSettingsPilot status. You can see my test machine WIN10MDT has successfully had the co-management policy applied.

intunecomgmt-16

Previously in the Azure Active Directory then Devices blade in portal.azure.com you can see that my Windows 10 1709 machine is Hybrid Azure AD joined but the MDM was set to none.

intunecomgmt-19

Once the policy was applied above, you can see the machine has changed from None under MDM, to Microsoft Intune.

intunecomgmt-18

Advertisements

One thought on “Co-management – Enabling Co-management SCCM 1710

  1. Trekveer Harry

    I have a question I hope you can answer. If we have on-prem AD joined Windows 10 device and have setup co-management do we have to configure (1) “hybrid Azure Active Directory joined devices” or (2) configure the GPO “Enroll a Windows 10 device automatically using Group Policy” or (3) does the ConfigMgr client do this and registers the device?

    Secondly when we have on-prem AD joined Windows 10 device and have setup full co-management with client management gateway and cloud distribution point, and the device is off network for more than 30 days does the computer account/password expire or is this mitigated by the management gateway/internet facing?

    Like

    Reply

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s