How to Set Up Co-Management in Microsoft SCCM

Video Guide

Overview

• In this video guide, we will be covering how to setup Co-management in Microsoft SCCM. Co-management will allow you to use the full Configuration Manager client as well as the Microsoft Intune MDM.

Topics in Video

• Overview of Co-management in SCCM and Microsoft Intune - https://youtu.be/rTapalSHv6U?t=21
• The first scenario overview, using Azure AD Join Only (Cloud Domain Join) -  https://youtu.be/rTapalSHv6U?t=62
• The second scenario overview, using On-Prem domain join and auto-register in Azure Hybrid AD and MDM - https://youtu.be/rTapalSHv6U?t=86
• Validate Azure AD and Intune enrollment is enabled in the online portal - https://youtu.be/rTapalSHv6U?t=113
• Covering CMG prerequisites for the option to Install the SCCM Agent from an Azure AD only scenario - https://youtu.be/rTapalSHv6U?t=252
• Add the co-management subscription into the SCCM console - https://youtu.be/rTapalSHv6U?t=358
• Uploading the CCMSetup.msi to auto-deploy through Intune to install the SCCM agent through CMG - https://youtu.be/rTapalSHv6U?t=496
• Enroll a device into Azure AD from OOBE to have it auto-enroll into MDM/Intune - https://youtu.be/rTapalSHv6U?t=676
• Validate the device enrolled in MDM and the SCCM Client auto started and review the CCMSetup download from CMG over the internet - https://youtu.be/rTapalSHv6U?t=758
• Review ClientIDStartupManager to review how the Azure AD Authentication is used to be approved within the SCCM environment - https://youtu.be/rTapalSHv6U?t=871
• Validate in the Configuration Manager Control Panel applet the co-management is showing enabled - https://youtu.be/rTapalSHv6U?t=947
• Review the scenario for registering on-prem domain joined devices to register into Hybrid Azure AD and auto-MDM enroll in Intune - https://youtu.be/rTapalSHv6U?t=1043
• Install Azure AD Connect and Configure the OU for the user/device sync we need for the lab - https://youtu.be/rTapalSHv6U?t=1093
• Validate a valid public UPN suffix is configured in Active Directory Domain and Trust and configure the on-prem users that will be used to auto-enroll devices with the public UPN in AD Users and Computers - https://youtu.be/rTapalSHv6U?t=1171
• Set GPO to have devices auto-enroll into MDM/Intune when the device registered into Azure AD- https://youtu.be/rTapalSHv6U?t=1568
• Run dsregcmd /status to see if the device is registered with Azure AD - https://youtu.be/rTapalSHv6U?t=1687
• Configure devices to auto Azure Hybrid AD Join in Azure AD Connect - https://youtu.be/rTapalSHv6U?t=1731
• Validate on-prem domain joined SCCM client switched to be co-managed after auto-enrolling into Intune - https://youtu.be/rTapalSHv6U?t=1928
• Validate both devices are showing in Intune and the SCCM console with co-management capabilities - https://youtu.be/rTapalSHv6U?t=1997
• Deploy device reset to both co-managed devices - https://youtu.be/rTapalSHv6U?t=2099

Helpful Resources:

• Tutorial: Configure hybrid Azure Active Directory join for managed domains - /en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains
• Enable Windows 10 automatic MDM enrollment - /en-us/intune/windows-enroll#enable-windows-10-automatic-enrollment
• Co-management for Windows 10 devices - /en-us/sccm/core/clients/manage/co-management-overview
• Enroll a Windows 10 device automatically using Group Policy - /en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy
• Prerequisites for co-management - /en-us/sccm/core/clients/manage/co-management-prepare#prerequisites
• Auto-Pilot for new Windows 10 Devices - /en-us/sccm/core/clients/manage/co-management-prepare#new-windows-10-devices