Tutorial / Cram Notes
Endpoint Configuration Manager and Intune are powerful tools in the Microsoft 365 suite that enable IT administrators to manage devices and applications across their organizations. Plan co-management to leverage the strengths of both services, ensuring a flexible and robust management strategy for organizations embarking on the transition to the cloud.
Co-management enables organizations to simultaneously manage Windows 10 devices using both Configuration Manager and Intune. This approach is particularly useful for smoothing the transition from an on-premises infrastructure to a cloud-based model. It’s a steppingstone to modern management, which provides flexibility to use the technology solution that best addresses the task or workload.
Understanding Co-Management Prerequisites
Before setting up co-management, certain prerequisites must be met:
- All devices must be running Windows 10.
- You must have Azure Active Directory (Azure AD) set up and available to integrate with Intune.
- You must have an active subscription to Intune.
- Configuration Manager must be updated to a version that supports co-management.
Co-Management Capabilities
Co-management capabilities are equally split between Configuration Manager and Intune. Here’s an overview:
| Capability | Endpoint Configuration Manager | Intune |
|---|---|---|
| Client health and compliance | X (On-premises focus) | X (Cloud focus) |
| Hardware and software inventory | X (Extensive reporting) | |
| Software deployment | X (Complex scenarios) | X (Simple, modern apps) |
| Operating system deployment | X | |
| Remote control | X | |
| Patch management | X | |
| Endpoint Protection | X | X |
| Mobile device management | X | |
| Application management for mobile | X | |
| Configuration policies for devices | X (More granular control) | X (Mobile and some desktop) |
| Resource access policies | X |
The Steps for Setting up Co-Management
-
Prepare for Co-Management
- Upgrade Windows 10 devices to a version that supports co-management.
- Ensure that your Configuration Manager is updated to the required version that supports co-management.
- Configure Azure AD and Intune services.
-
Enable Co-Management in Configuration Manager
From the Configuration Manager console, enable co-management by integrating it with Intune.
-
Configure Co-Management Settings
Select the workloads that you want to move to Intune management. For example, Compliance Policies might be initially managed by Configuration Manager and later switched to Intune.
-
Pilot Co-Management
Start with a pilot group of devices. Monitor closely how these devices behave under both management tools’ policies.
-
Transition Workloads
Gradually shift workloads from Configuration Manager to Intune based on the assessment in the pilot. For instance, client apps may first be managed by Configuration Manager, then moved to Intune.
-
Monitor and Adjust
Continuously monitor the impact of co-management on your device fleet. Use the in-console monitoring capabilities of Configuration Manager and the reporting features in Intune to make data-driven adjustments.
Benefits of Co-Management
- Improved Flexibility: Admins can use the technology that best fits their current situation, whether it’s the rich feature set of Configuration Manager for on-premises infrastructure or the anywhere-access capabilities of Intune for remote or mobile work.
- Streamlined Management: Co-management allows for a gradual migration, removing the need for sudden shifts in management tools and training, leading to a seamless user and admin experience.
- Enhanced Security: By using both Intune and Configuration Manager, organizations benefit from the robust, layered security provided by Microsoft 365.
Conclusion
Carefully planning the co-management setup between Endpoint Configuration Manager and Intune is essential for a successful IT management strategy in a hybrid world. By understanding the unique capabilities of both platforms, administrators can better orchestrate the management of their devices, ensuring that they are leveraging the right tool for the right task, at the right time. Transitioning through co-management provides a robust pathway to the modern management of your IT environment, with minimal disruption to users and existing processes.
Practice Test with Explanation
True or False: Co-management allows you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune.
- Answer: True
Explanation: Co-management enables organizations to manage Windows 10 devices with both Configuration Manager and Intune at the same time, taking advantage of the features of both platforms.
Which feature must be enabled to use co-management with Endpoint Configuration Manager and Intune?
- A) Windows Autopilot
- B) Azure Active Directory
- C) Cloud Management Gateway
- D) Intune Connector for Active Directory
Answer: B) Azure Active Directory
Explanation: Azure Active Directory is required to enable co-management as it allows for the devices to be synchronized with the cloud, facilitating management through Intune.
True or False: You can switch workloads from Configuration Manager to Intune at any time during co-management.
- Answer: True
Explanation: Co-management allows for flexible workload transition, meaning you can switch individual workloads from Configuration Manager to Intune when you’re ready.
Which Windows edition cannot be co-managed through Endpoint Configuration Manager and Intune?
- A) Windows 10 Pro
- B) Windows 10 Enterprise
- C) Windows 10 Education
- D) Windows 10 Home
Answer: D) Windows 10 Home
Explanation: Windows 10 Home does not support co-management; it is a feature available on Pro, Enterprise, and Education editions of Windows
True or False: Co-managed devices must be domain-joined to a traditional Active Directory domain.
- Answer: False
Explanation: Co-managed devices do not need to be domain-joined to a traditional Active Directory domain; they can be Azure AD joined, Hybrid Azure AD joined, or even workgroup devices.
To enable co-management in Configuration Manager, which component needs to be configured?
- A) Cloud Management Gateway
- B) Intune subscription
- C) Windows Autopilot
- D) Exchange Connector
Answer: A) Cloud Management Gateway
Explanation: The Cloud Management Gateway in Configuration Manager needs to be configured to enable co-management and manage devices over the internet.
In co-management, which service is used to determine device compliance for Conditional Access policies?
- A) Endpoint Configuration Manager
- B) Microsoft Defender for Endpoint
- C) Intune
- D) Azure Active Directory
Answer: C) Intune
Explanation: Intune is the service used in co-management for determining device compliance with Conditional Access policies.
True or False: Only newly deployed Windows 10 devices can be enrolled into co-management.
- Answer: False
Explanation: Existing Windows 10 devices can also be enrolled into co-management, not just newly deployed ones.
Which of the following statements is true about the co-management licensing requirements?
- A) Intune license is required for each user.
- B) Configuration Manager license is required for each user.
- C) Intune and Configuration Manager licenses are required for each device.
- D) No additional licenses are needed if you already have Configuration Manager.
Answer: A) Intune license is required for each user.
Explanation: An Intune license is required for each user that has a device being managed through Intune in a co-management scenario.
In which scenario would you use co-management?
- A) When you exclusively want to use Configuration Manager to manage devices
- B) When you need to manage non-Windows devices such as iOS and Android
- C) When you want to manage devices using both Configuration Manager and Intune
- D) When you solely rely on cloud-management without an on-premises infrastructure
Answer: C) When you want to manage devices using both Configuration Manager and Intune
Explanation: Co-management is the simultaneous management of Windows 10 devices using both Configuration Manager and Intune.
True or False: After enabling co-management, all workloads are automatically shifted to Intune management.
- Answer: False
Explanation: After enabling co-management, the administrator has control over which workloads are managed by Intune and can shift them progressively.
Which workload can be moved from Configuration Manager to Intune in a co-management setup?
- A) Software update deployment
- B) Operating system deployment
- C) Resource access policies
- D) All of the above
Answer: D) All of the above
Explanation: In a co-management setup, various workloads such as software update deployment, operating system deployment, and resource access policies can be moved to Intune management, among others.
Interview Questions
What is co-management between Endpoint Configuration Manager and Intune?
Co-management is the integration of Endpoint Configuration Manager and Intune to provide a unified endpoint management solution.
What are the benefits of co-management?
Co-management enables organizations to leverage the strengths of both solutions to manage their endpoints effectively, including Windows 10 PCs, mobile devices, and servers.
How does co-management work?
Co-management allows organizations to use Intune for modern management scenarios, such as managing mobile devices and Windows 10 PCs that are always connected to the internet, while still using Configuration Manager for traditional management scenarios, such as managing servers and PCs that are not always connected to the internet.
What is tenant attach in Configuration Manager?
Tenant attach is a feature of Configuration Manager that allows Configuration Manager to connect to Intune and share device information.
How do device sync actions work in co-management?
Device sync actions allow devices to be shared between Intune and Configuration Manager, so that both solutions can manage the same device.
What is the Configuration Manager tenant attach feature used for?
The Configuration Manager tenant attach feature is used to enable device sync actions between Configuration Manager and Intune.
What is Cloud Native Windows Endpoints?
Cloud Native Windows Endpoints is a feature of co-management that allows Windows 10 devices to be managed directly from the cloud.
What are the benefits of Cloud Native Windows Endpoints?
With Cloud Native Windows Endpoints, devices can be enrolled and managed directly from the cloud, without the need for on-premises infrastructure. This provides flexibility for managing endpoints, regardless of their location.
How do you assess the readiness of your environment for co-management?
Before implementing co-management, organizations should assess the readiness of their environment and consider their existing endpoint management infrastructure.
What are some of the management scenarios that can be handled by Configuration Manager in co-management?
Configuration Manager can be used for traditional management scenarios, such as managing servers and PCs that are not always connected to the internet.
What are some of the management scenarios that can be handled by Intune in co-management?
Intune can be used for modern management scenarios, such as managing mobile devices and Windows 10 PCs that are always connected to the internet.
How can Cloud Native Windows Endpoints be used to manage devices that are not connected to the corporate network?
Cloud Native Windows Endpoints enables devices to be enrolled and managed directly from the cloud, even if they are not connected to the corporate network.
Can Configuration Manager and Intune manage the same device in co-management?
Yes, Configuration Manager and Intune can manage the same device in co-management.
How does device sync work between Configuration Manager and Intune?
Device sync is enabled through the Configuration Manager tenant attach feature, which allows Configuration Manager to connect to Intune and share device information.
Can co-management be used to manage both Windows 10 PCs and mobile devices?
Yes, co-management can be used to manage both Windows 10 PCs and mobile devices, as well as servers.
This is a very informative post on co-management between Endpoint Configuration Manager and Intune. I’m planning to take the MS-101 exam, and this topic is quite crucial.
I agree! Co-management is a critical topic when it comes to managing devices on Microsoft 365.
Thanks for the detailed explanation!
One of the key benefits of co-management is the ability to pilot Intune while still managing devices with SCCM. Has anyone implemented this in their organization?
Yes, we have! Piloting with Intune allowed us to explore its capabilities without interrupting our existing setup.
We also found it beneficial for phased deployments. It’s much easier to transition when you can test in a controlled environment first.
I appreciate the blog post.
The transition from SCCM to Intune seems complicated. Any tips on making it smoother?
Start by ensuring all your endpoints are enrolled correctly. Also, utilize the co-management dashboard to monitor and review devices.
Focusing on hybrid Azure AD joins can also simplify the process, as it helps with policy and security settings transition.
Can Intune handle complex application deployment like SCCM?
Intune is getting there, but SCCM still has the edge in complex application deployments, especially for legacy apps.
Agreed, SCCM is better for complex scenarios. However, for modern apps, Intune is quite robust.
The detailed steps in this guide are very helpful for my MS-101 prep!
What are some common pitfalls to avoid in co-management setups?
One common mistake is not setting proper compliance policies in Intune before enabling co-management.
Another pitfall is not adequately training your IT staff on Intune capabilities, which can lead to misconfigurations.