Share via

Windows Autopilot Hybrid Azure AD joined - install MECM client

Bojan Zivkovic 461 Reputation points
2021-03-26T09:15:38.007+00:00

Hi, I found some documentation saying installation of MECM client with Autopilot (user-driven/hybrid azure ad joined) is not supported/recommended. I have MECM environment with intranet clients only and MECM/Intune co-management enabled for Pilot devices with some workloads moved to Intune as well. We do not have a CMG. I would like to deploy MECM client along with other Apps using Autopilot - is that a best idea, if not what should I do? I know MECM client can be automatically installed (Enable automatic site-wide client push installation) but still I would like to have it installed along with other apps - OSD Task Sequence performed by HelpDesk colleagues all these years does just that.

To see if MECM client installation from Intune would work I published it as LOB with this command-line argument:

CCMSETUPCMD="SMSMP=internalMPHostName SMSSITECODE=ourSiteCode"

I started installation from Web Company Portal but still nothing ...

Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
468 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 48,851 Reputation points Microsoft Vendor
    2021-03-29T07:43:30.277+00:00

    @Bojan Zivkovic , Based on my research, to deploy ConfigMgr client to Microsoft Intune enrolled devices. We need to meet the following prerequisites:
    82229-image.png
    We can see more details in the following link:
    https://learn.microsoft.com/en-us/mem/configmgr/comanage/tutorial-co-manage-new-devices

    In our environment, I notice there' s no CMG and the device is not Azure AD joined. Path 2 for co-management is not available in our environment. I think Path 1 is for our situation:

    I notice we tried to deploy it via LOB. Could you let us know what kind of device we applied this app? Is it a Hybrid Azure AD joined device? if yes, I think this is not an official method for co-management. This may cause some unexpected issue.. So we don't recommend.

    If we want to get some more information from our LOB deployment. Here are some articles for the reference:
    https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-troubleshooting-msi-app-deployments-in-microsoft/ba-p/359125
    https://learn.microsoft.com/en-us/archive/blogs/sudheesn/troubleshooting-sccm-part-i-client-push-installation

    Hope it can help.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Bojan Zivkovic 461 Reputation points
    2021-03-29T08:25:10.383+00:00

    This is windows autopilot user-driven Hybrid Azure AD joined deployment so I would like to see Configuration Manager client being installed during autopilot along with other apps deployed to group containing test devices (similar to OSD TS in Configuration Manager). Since co-management is enabled just on pilot collection test device is not member of (since it is brand new machine without Configuration Manager client) I wonder what will happen in the end even if client is successfully installed - logically device should still being managed by Configuration Manager only and that should be displayed in Intune.

    Many questions pop up during learning/testing and as in most cases books/trainings usually do not cover more complicated scenarios like mine here (Hybrid Azure AD joined/co-management etc.) and I can only dream of being sent to official Microsoft training.

  3. Bojan Zivkovic 461 Reputation points
    2021-04-01T08:30:57.56+00:00

    Ok, will give it a try. You just added ccmsetup.exe and deployed it without command-line arguments?

  4. Bojan Zivkovic 461 Reputation points
    2021-04-09T09:33:03.9+00:00

    I have tested this, although not as part of autopilot but as Win32 app published to group containing my account only (will do real test as part of autopilot also). Everything worked fine (installed from web company portal) but on Intune end I see two entries for same computer - one being managed by ConfigMgr and other co-managed.

    Also device having been Hybrid Azure AD joined via autopilot is displayed with Azure AD joined join type in Intune.

    86244-image.png

  5. Bojan Zivkovic 461 Reputation points
    2021-04-14T07:50:51.423+00:00

    I have noticed this too - having synced OU containing computer account of Hybrid Azure AD joined device (Autopilot) in Azure AD Connect, now it is listed as Hybrid Azure AD joined. As I said before, prior to this sync it was listed as Azure AD joined which is wrong.

    87638-image.png

    Based on this, is it good practice to always sync OU containing future Hybrid Azure AD joined device (Autopilot)? I am not sure if there is any problem in terms of functionality if computer account is not synced to Azure AD with AAD Connect - I know it is requirement for Hybrid Azure AD join but nobody mentions AAD Connect in conjunction with Autopilot and Hybrid Azure AD join type.

    Finally, our MECM is 2010 version but it seems bug was not fixed?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.