Explore using co-management to transition to modern endpoint management
Moving to modern management can sometimes be a challenging task considering the complexity of planning and switching from existing IT systems, organizational structures, and processes. Most organizations are still using some combination of on-premises Windows Server Active Directory (AD) and Configuration Manager to manage their Windows devices. To help IT professionals simplify the transition to modern management, Microsoft designed a new feature called Co-management.
If you have an on-premises Active Directory environment and you want to co-manage your domain-joined devices, you can accomplish this by configuring Microsoft Entra hybrid joined devices. By bringing your devices to Microsoft Entra ID, you maximize your users' productivity through single sign-on (SSO) across your cloud and on-premises resources. At the same time, you can secure access to your cloud and on-premises resources with conditional access, which is a capability of Microsoft Entra ID. With conditional access, you can implement automated access control decisions for accessing, for example, SharePoint Online or Exchange Online, that's based on conditions.
Intune gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. In contrast, Group Policy exposes fine-grained settings that you control individually. With Intune, you can apply broader privacy, security, and application management settings through lighter and more efficient tools. Intune also allows you to target internet-connected devices to manage policies without using Group Policy that requires on-premises domain-joined devices. This makes MDM the best choice for devices that are constantly on the go.
When co-management is configured and ready to use, you should create one or more pilot groups of users and devices. Use these groups as part of a phased rollout of co-management. You can start with small test groups, and then add more users and devices as you roll out co-management in your environment. A good strategy is to start your pilot with users and devices from the IT department. When you're confident that it works, you can easily expand your pilot to the rest of your environment.