Cloud attach your Configuration Manager environment

Applies to: Configuration Manager (current branch)

Attaching your Configuration Manager environment to the cloud allows you to continue to modernize and streamline your management solution. Cloud attach allows you to transform your existing environment without having to worry about much disruption or risk. A Configuration Manager environment is considered cloud attached when it uses at least one of the three primary cloud attach features. You can enable these three features in any order you wish, or all at once.

• Tenant attach
• Endpoint analytics
• Co-management

Tenant attach

Tenant attach provides immediate value by having your device records in the cloud and being able to take actions on these devices from the cloud-based console. You can get real-time data from Configuration Manager clients including clients connected from the internet. When you upload your clients to Microsoft Intune admin center, some of the features you may want to use include:

• Run PowerShell scripts
• Install applications
• Query devices with CMPivot
• Display a timeline of events from the device

Endpoint analytics

Endpoint analytics gives you insights for measuring the quality of the experience you're delivering to your users. Endpoint analytics can help identify policies or hardware issues that may be slowing down devices and help you proactively make improvements before end users generate a help desk ticket. Each of the reports provides scores for your organization's user experience. There are built-in baseline scores for the median of all other organizations, which allows you to compare your scores to a typical enterprise. You'll be given Insights and recommendations for improving your organization's user experience and your score. Endpoint analytics includes the following reports:

• Work from anywhere
• Startup performance
• Application reliability

Co-management

Co-management transforms your on-premises Configuration Manager environment without having to go through a large migration effort. Co-management helps simplify device management by giving you the ability to manage workloads from the cloud. You can specify which workloads to move, such as compliance policy to enable Conditional Access. Conditional Access combines granular control over organizational data while maintaining a consistent user experience on any device from any location. Enforcing compliance policy from Intune is a critical part of developing your Zero Trust architecture. Use Windows Autopilot with co-management to simplify the complex process of provisioning devices from the cloud.

Cloud management gateway (CMG)

Cloud management gateway (CMG) is an additional cloud feature that allows you to manage internet-based clients using your established workflows and processes. CMG helps minimize the management traffic from Configuration Manager to clients through your VPN. When you enable CMG, you maintain a connection to your devices wherever they are on the internet. This connection enables you to keep up with your usual software deployments, device configuration, and software updates processes for internet clients without having to make large infrastructure investments.

Next steps

Enable cloud attach