Intune device enrollment migration to GPO method

yeooandyni 86 Reputation points

Hey folks,

We're in the process of retiring our SCCM instance and moving workloads to Intune, and for the most part, they are all either co-managed or Intune. We currently register our devices in Intune by having the SCCM client installed on the device and the co-management settings auto-enrol all SCCM devices.

What we'd like to do is have our hybrid joined devices to not have to rely on the SCCM client install to ultimately be registered in Intune - we're having issues with the SCCM client installing on new SCCM discovered devices from AD, and are having to install it manually. So that leads us to the GPO process to enrol a device. However, one line in the MS documentation has us thrown:

The device shouldn't already be enrolled in Intune using the classic agents (devices managed using agents fail enrolment with error 0x80180026).

We understand the verbiage, but want to make sure we're not going to break existing registered devices, or cause them to have errors popping up (via notifications or otherwise).

So, can we apply the GPO to all devices and if you're already an Intune registered device, will you just be skipped? Or will the GPO attempt to overwrite what has been done via the SCCM client and the Co-Management settings, error out and/or break the existing registered device in Intune.

To put it simply, we're prepared to overlook if the SCCM client is installed on new devices or not, in favour of the GPO registration. However, if the existing working Intune registered device is going to be impacted by the GPO registration, is there a way to mitigate the impact?

And finally, before anyone mentions pilot or test groups, yes, we'd be testing with a subset of registered and non-registered devices first.


Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,315 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,722 questions
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 46,171 Reputation points Microsoft Vendor

    @yeooandyni, Thanks for posting in Q&A. From your description, I know you are migrating from SCCM to Intune. For the co-managed devices, you can switch the workloads to Intune and uninstall the configuration manager client. Here is a link with the detailed steps for your reference:

    For the new Microsoft Entra Hybrid join devices, there's no need to install the configuration manager client on them. We can enroll these devices directly via GPO enrollment. As a note, ensure all the login users have both Microsoft Entra Premium and Microsoft Intune license assigned.

    Based on my experience, for the GPO enrollment policy setting, it will create schedule task to run the enrollment command. For the already enrolled device, it will be failed to do the enrollment. You can also consider create an OU to these devices to exclude the GPO. Or create an OU for these new devices and only apply the policy for these devices.

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful