Collaborative Administration for Windows 10 Computers
Co-management is a modern approach that allows the simultaneous management of Windows 10 devices using both Configuration Manager (ConfigMgr) and Microsoft Intune. This method offers a seamless transition from traditional on-premises management to cloud-based management.
Preparing for Co-Management
To start, ensure your environment meets the necessary prerequisites. You'll need a Configuration Manager version that supports co-management, Windows 10 devices, Azure AD, EMS or Intune licenses, Azure AD automatic enrollment, an Intune subscription, and more.
Next, integrate your on-premises Active Directory with Microsoft Entra ID (Azure AD) via Microsoft Entra Connect to enable hybrid join. Additionally, configure the Service Connection Point (SCP) in AD for devices to find Intune MDM automatically.
Enabling Co-Management in Configuration Manager
In the ConfigMgr console, go through the Co-management Configuration Wizard to sign in to your Intune tenant, choose enablement options, choose workloads to switch to Intune, and complete the wizard to enable co-management. Assign pilot device groups for testing purposes.
Automatic Enrollment of Devices
Devices managed by ConfigMgr will be auto-enrolled in Intune using either Group Policy or automatic enrollment. Group Policy can be configured to trigger automatic enrollment into Intune for domain-joined devices. After login with a Microsoft Entra account on the device, auto-enrollment happens in the background without user interaction.
Shifting Workloads to Intune
Once co-management is enabled, incrementally move workloads from ConfigMgr to Intune. This includes compliance policies, device configuration, and Windows Update policies. Migrate applications and policies gradually from Configuration Manager to Intune for modern cloud-based management.
Managing and Monitoring Devices
With co-management active, workloads can be balanced between ConfigMgr and Intune. Monitor device compliance and deployment success as you transition more workloads to Intune.
In summary, the process flows from preparing the environment (licenses, Azure AD integration), enabling co-management in ConfigMgr, using Group Policy for seamless device enrollment to Intune, and then gradually shifting management workloads to Intune while monitoring device compliance and deployment success.
It's important to note that co-management is different from Hybrid MDM with Configuration Manager. Co-management allows management in both the ConfigMgr console and the Intune console, while Hybrid MDM integrates Intune's MDM capabilities into Configuration Manager and does not allow use of the Intune console.
Co-management allows concurrent management of Windows 10 1709 devices using both Configuration Manager and Intune. This modern approach was introduced in Configuration Manager 1710. For new Windows 10 devices, consider using Windows AutoPilot and creating a new Windows AutoPilot Deployment Program profile in Intune to configure the Out of Box Experience and automatically enroll devices in Intune.
References:
- Microsoft Docs: Co-management
- Microsoft Docs: Set MDM authority
- Microsoft Docs: Configure SCP in AD
- Microsoft Docs: Auto-enrollment into Intune
- Microsoft Docs: Group Policy and Auto-enrollment
Data-and-cloud-computing technology plays a crucial role in co-management, as this modern approach enables simultaneous management of Windows 10 devices using both on-premises Configuration Manager ( ConfigMgr ) and cloud-based Microsoft Intune.
By utilizing technology such as Azure AD automatic enrollment and Service Connection Point (SCP) configuration in AD, devices can be automatically enrolled in Intune, facilitating a smooth transition from traditional on-premises management to cloud-based management with co-management.
