Share via

Intune Comanagement

Matt Dillon 437 Reputation points
2022-11-17T17:27:31.387+00:00

Inherited a on-prem AD and SCCM environment. Added PKI certs and a CMG, and now enabled Cloud Attach. Just finished getting all devices HAADJ and mostly co-managed. All newly imaged devices end up co-managed.

I have moved the Workloads for O365 apps and Windows Updates to Intune. For new devices, I have created a Hybrid AD Join Autopilot that comes pretty close to a fully SCCM imaged device when complete. I am finding that on the Autopiloted devices, once the SCCM client gets auto installed or installed from Company Portal, things get really messy.

Looking for some direction on what should be happening. If I autopilot a device, can it be comanaged? If I flip the workload for Client Apps, will that still allow apps to be installed from Software Center? I was trying to use Collections that were Cloud Synced to AAD groups to control the Windows Patching. I am finding that some of these Autopiloted devices will not properly sync. Its like the object number does not match. If I delete the device from Intune (both in the devices section and the autopilot devices section) after the SCCM client is installed, that is when stuff does not work.

Looking for guidance on what is expected after a hybrid autopilot basically. Is comanagement an option without breaking stuff?

Microsoft Security | Intune | Other
0 comments
Accepted answer
  1. Crystal-MSFT 53,986 Reputation points Microsoft External Staff
    2022-11-18T02:45:30.617+00:00

    @Matt Dillon , Thanks for posting in Q&A. For your situation, I know you have enrolled device with Autopilot Hybrid Azure AD join and then install Configuration Manager client. Based as I know, it is not a recommend method.

    For Autopilot into co-managment, currently, Hybrid Azure AD-joined device is not supported. Here is a link with more details:
    https://learn.microsoft.com/en-us/managed-desktop/get-started/autopilot-co-management#before-you-begin

    For your situation, if you want some workloads controlled by Configuration Manager but others controlled by Intune, we suggest you only choose co-management method to enroll the device. we can use path1 to configure it.
    https://learn.microsoft.com/en-us/mem/configmgr/comanage/quickstart-paths#bkmk_path1

    If you want all the workloads controlled by Intune, you can only choose Autopilot Hybrid Azure AD joined method to pre-configure new devices,

    Hope it can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rahul Jindal [MVP] 10,911 Reputation points MVP
    2022-11-17T22:07:48.73+00:00

    Co-management is 100% supported through Autopilot. Maybe this is your issue..windows-autopilot-for-pre-provisioned.html

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.