Paths to co-management

There are two primary ways for you to set up co-management. It's important to understand the prerequisites for each path. They each require some combination of Microsoft Entra ID, Configuration Manager, Microsoft Intune, and Windows 10 or later.

  1. Auto-enroll existing Configuration Manager-managed devices into Intune

  2. Bootstrap the Configuration Manager client with modern provisioning


As we talk with our customers that are using Microsoft Intune to deploy, manage, and secure their client devices, we often get questions regarding co-managing devices and Microsoft Entra hybrid joined devices. Many customers confuse these two topics – the first is a management option, while the second is an identity option. See the blog post Understanding hybrid Microsoft Entra ID and co-management scenarios. This blog aims to clarify Microsoft Entra hybrid join and co-management, how they work together but are not the same thing.

Path 1: Auto-enroll existing clients

Taking this path can get your existing Configuration Manager-managed devices quickly enrolled into Intune. The management of these devices from Configuration Manager is no different from before you enable co-management. Now you get all the cloud-based benefits. This path is transparent to your users.

Here's what you need to set it up:

For a tutorial on this path, see Tutorial: Enable co-management for existing Configuration Manager clients.

Path 2: Bootstrap with modern provisioning

This path is for those devices that are first enrolled with Intune. They are cloud-first devices and use Intune to install the Configuration Manager client.

Here's what you need to set it up:

  1. Setup enhanced HTTP
  2. Create the cloud services in Azure
  3. Configure the management point and clients to use the cloud management gateway
  4. Use Intune to deploy the Configuration Manager client

For a tutorial on this path, see Tutorial: Enable co-management for new internet-based devices.