Enable co-management and workloads

Mohd Atif Husain 195 Reputation points
2024-11-05T11:22:30.3+00:00

Dear All,

We have a client environment where co-management is enabled already. Workloads are defined like in Pilot testing with Device configuration, resource access policies, and resource access policies.

Query - Suppose we want to do security update enablement for internet devices from Intune when co-managed? Would there be any ports requirement needs to be opened for co-management thing?

From the Intune perspective, do we need to do any settings or just enabling it using cloud attach is sufficient since we can see all devices are into Intune as automatic enrollment is enabled?

Basically, how devices can be co-managed. Please share the best practices here.

Thanks in advance.

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,325 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Simon Ren-MSFT 37,006 Reputation points Microsoft Vendor
    2024-11-06T02:45:38.4233333+00:00

    Hi,

    Thank you for posting in Microsoft Q&A forum.

    1,==>Would there be any ports requirement needs to be opened for co-management thing?

    No, no additional ports are required for co-management.

    2,==>From the Intune perspective, do we need to do any settings or just enabling it using cloud attach is sufficient since we can see all devices are into Intune as automatic enrollment is enabled?

    If the prerequisites are met and SCCM Client Setting is set to configure Configuration Manager clients to automatically register with Microsoft Entra ID, we do not need to any other settings. Refer to:

    Tutorial: Enable co-management for existing Configuration Manager clients

    3,==>Basically, how devices can be co-managed. Please share the best practices here.

    There are no best practices for co-management. It depends on the real production environment and different business needs that everyone faces. You can follow below guides to enable co-management:

    Tutorial: Enable co-management for existing Configuration Manager clients

    Enroll a Windows device automatically using Group Policy

    How to enable co-management in Configuration Manager

    Hope it helps.

    Best regards,

    Simon


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Rahul Jindal [MVP] 10,361 Reputation points MVP
    2024-11-06T22:06:46.2133333+00:00

    Once you move the windows update workload to Intune, you will need to setup update rings or configure Autopatch to be able to use Windows update for business. Also, please note that Intune CSP for Windows update will not start magically working if you already have Windows update settings defined in GPO. You will need to get rid of Windows update settings in GPO (if any) otherwise GPO will take precedence.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.