How to Set Up Co-Management in Microsoft SCCM to Connect to Microsoft Intune
Рет қаралды 66,558
Күн бұрынYou can follow me on Twitter / setupconfigmgr for #ConfigMgr tips and tricks!
In this video guide, we will be covering how to setup Co-management in Microsoft SCCM. Co-management will allow you to use the full Configuration Manager client as well as the Microsoft Intune MDM. For more details see the accompanying blog post setupconfigmgr.com/how-to-set...
Topics in Video:
Introduction - (0:00)
Overview of Co-management in SCCM and Microsoft Intune: (0:21)
The first scenario overview, using Azure AD Join Only (Cloud Domain Join): (1:02)
The second scenario overview, using On-Prem domain join and auto-register in Azure Hybrid AD and MDM: (1:26)
Validate Azure AD and Intune enrollment is enabled in the online portal: (1:53)
Covering CMG prerequisites for the option to Install the SCCM Agent from an Azure AD only scenario: (4:12)
Add the co-management subscription into the SCCM console: (5:58)
Uploading the CCMSetup.msi to auto-deploy through Intune to install the SCCM agent through CMG: (8:16)
Enroll a device into Azure AD from OOBE to have it auto-enroll into MDM/Intune: (11:16)
Validate the device enrolled in MDM and the SCCM Client auto started and review the CCMSetup download from CMG over the internet: (12:38)
Review ClientIDStartupManager to review how the Azure AD Authentication is used to be approved within the SCCM environment: (14:31)
Validate in the Configuration Manager Control Panel applet the co-management is showing enabled: (15:47)
Review the scenario for registering on-prem domain joined devices to register into Hybrid Azure AD and auto-MDM enroll in Intune: (17:23)
Install Azure AD Connect and Configure the OU for the user/device sync we need for the lab: (18:13)
Validate a valid public UPN suffix is configured in Active Directory Domain and Trust and configure the on-prem users that will be used to auto-enroll devices with the public UPN in AD Users and Computers: (19:31)
Set GPO to have devices auto-enroll into MDM/Intune when the device registered into Azure AD: (26:08)
Run dsregcmd /status to see if the device is registered with Azure AD: (28:07)
Configure devices to auto Azure Hybrid AD Join in Azure AD Connect: (28:51)
Validate on-prem domain joined SCCM client switched to be co-managed after auto-enrolling into Intune: (32:08)
Validate both devices are showing in Intune and the SCCM console with co-management capabilities: (33:17)
Deploy device reset to both co-managed devices: (34:59)
Helpful Resources:
Tutorial: Configure hybrid Azure Active Directory join for managed domains - docs.microsoft.com/en-us/azur...
Enable Windows 10 automatic MDM enrollment - docs.microsoft.com/en-us/intu...
Co-management for Windows 10 devices - docs.microsoft.com/en-us/sccm...
Enroll a Windows 10 device automatically using Group Policy - docs.microsoft.com/en-us/wind...
Prerequisites for co-management - docs.microsoft.com/en-us/sccm...
Auto-Pilot for new Windows 10 Devices - docs.microsoft.com/en-us/sccm...
#SCCM #Intune
@Sudheerbangera 5 жыл бұрын
Justin. Thanks for doing this for the community. We appreciate it.
@PatchMyPC 5 жыл бұрын
Very welcome!
@chetangwari2215 4 жыл бұрын
Justin thanks for doing this for the community. appreciate it.
@PatchMyPC 4 жыл бұрын
You're welcome!
@RichardGailey 5 жыл бұрын
Your series on SCCM is an incredible resource. Thank you so much for creating these videos. I have just started a new IT role and will be using SCCM on a daily basis, which is pretty scary at first as I have never used it. However, I feel so much more confident now. Thank you.
@PatchMyPC 5 жыл бұрын
Thanks awesome to hear! It's comments like this that keeps me doing them!
@precisionxt 5 жыл бұрын
I agree. These scenarios and explanations are the best I've found. Thanks for doing these!
@PatchMyPC 5 жыл бұрын
@@precisionxt thanks for watching!
@550891 4 жыл бұрын
another excellent tutorial. i like the details you provide. thank you!
@PatchMyPC 4 жыл бұрын
Thanks for watching!
@ITNinza 4 жыл бұрын
You are awesome. I was looking to have someone who teaches the same way we do in classroom trainings...
@PatchMyPC 4 жыл бұрын
Glad to help
@CautionCU 4 жыл бұрын
Really nice vid. Studying ms100 and this tied up a lot of details where I really don't feel like setting up a whole sccm, aadconnect environment.
@PatchMyPC 4 жыл бұрын
Glad it was helpful!
@subhojitchoudhury5876 3 жыл бұрын
Thanks a lot your guidance. That was really helpful and has given me a kickstart to further deep dive into it.
@PatchMyPC 3 жыл бұрын
Thanks for watching
@shibujoey 4 жыл бұрын
Awesome explanation.. Thanks Justin
@PatchMyPC 4 жыл бұрын
Thanks for watching
@vaquarshaikh5225 3 жыл бұрын
Thanks Justin, it was a very resourceful video.
@PatchMyPC 3 жыл бұрын
Thanks for watching
@cheeseynz 3 жыл бұрын
Your channel is a godsend
@PatchMyPC 3 жыл бұрын
Thanks!
@arupsen8394 2 жыл бұрын
You're a genius sir!!! Hands down!
@PatchMyPC 2 жыл бұрын
Thanks for watching
@dine607 5 жыл бұрын
Nice explanation Justin! The reason why your on-Prem machine joined to Hybrid Azure AD because even thought you un installed AAD connect, your Service Connection Endpoint (SCP) for your Azure Tenant still available in your OnPremise AD. So the machines used that information to join itself to Hybrid Azure AD.
@PatchMyPC 4 жыл бұрын
Thanks for watching.
@williamjarquin726 3 жыл бұрын
Great video, great explanation
@PatchMyPC 3 жыл бұрын
Thanks for watching
@550891 5 жыл бұрын
excellent tutorial as usual !
@PatchMyPC 5 жыл бұрын
Thanks for watching.
@jamesdeano8093 5 жыл бұрын
awesome serie. Its pretty hard to find content about modern deployment using co management with intune and sccm
@PatchMyPC 5 жыл бұрын
Thanks for watching!
@edriantomoro1658 3 жыл бұрын
Thanks Justin for this video. Very enlightening. Just a question on activating co-management on local sccm, is azure ad connect need to be setup first or the azure ad is a prerequisite?
@PatchMyPC 3 жыл бұрын
I believe you will want it first
@jonathanworth5929 4 жыл бұрын
Thanks for this! Quick question, would IBCM (rather than CMG) allow the Config Mgr Client to be installed via Intune for Azure-AD joined devices only? We are looking at a 1:1 scheme for laptops and would like to use Autopilot and the benefits of Intune but also have some management of the devices using Config Mgr and I'd only want them to be Azure-AD joined rather than Hybrid.
@PatchMyPC 4 жыл бұрын
You should be able to install when using IBCM, but would need to have a client certificate for IBCM authentication.
@jonathanworth5929 4 жыл бұрын
@@PatchMyPC Great thanks!
@arturopanca6317 4 жыл бұрын
Thanks Justin for the video, I have a question about AAD, what AAD subscription do I need?
@PatchMyPC 4 жыл бұрын
I believe premium may be needed for auto-enroll to work.
@Ramis505 4 ай бұрын
Hi Justin, Thank you so much for the video. Please correct me if I am wrong, First we need to sync the objects like users and devices to Azure AD through Azure AD connect. Second, we then enable CMG to have the devices co-managed. Also, we need to assign the license to the users to have the current devices (Managed by SCCM) enrolled to intune. The GPO enrollment is another enrollment type, is my understanding correct
@coderedex 2 жыл бұрын
Hi Justin, silly question, do you need a CMG to have co-managment capabilities? Or can you just have inTune and SCCM work independently from each other?
@PatchMyPC 2 жыл бұрын
CMG is not a requirement I believe.
@bgtip 5 жыл бұрын
When switching the workloads over to intune, how long does it take for the changes to apply? I have switched the "device configuration" workload over to intune, and created a device configuration policy that i assigned to some of my co-managed devices. But for some reason they do not get the policy, the status is set to "Not Applicable", Meanwhile non-co-managed devices that are only managed by Intune, get the Device configuration policy more or less right away. Please advise!
@PatchMyPC 5 жыл бұрын
I would expect next policy cycle, but I haven't tested it.
@bgtip 5 жыл бұрын
@@PatchMyPC Hey! thanks for ur reply, i found out what my problem was. Apperently the setting within "device configuration" within Intune was not included in the workload. Therefor i have to use GPO to deal with that.
@AdrianKL78 5 жыл бұрын
hi, when i enable co-management i dont get the parameter for AADCLIENTAPPID and AADTENANTID in the command line generated, what could be the reason?
@PatchMyPC 5 жыл бұрын
I think in 1810, they may have reduced the number of parameters needed for a CMG based client stall.
@surajkumardas4237 5 ай бұрын
I have a question regarding licensing. I have a visual studio subscription but that doesn't belong to me. It's given to me JUST to configure CMG in my lab environment and it doesn't seem to include license for Intune. So can I enroll in MS developer program using my personal account and configure a sandbox with a tenant name which is same as my current AAD tenant and then use it to setup comanagement in sccm? Would that work?
@ShehzadKhan-yk3pb 5 жыл бұрын
Hi Justin, The links in the description of the video all refer back to this main video. Can you please provide the link to the video where you configure the Cloud Management Gateway. Thanks in Advance
@ShehzadKhan-yk3pb 5 жыл бұрын
Never Mind Justin. I got the link to it on your channel. btw, your videos are 10/10. Great job
@PatchMyPC 4 жыл бұрын
Thanks!
@jadonsancho2197 3 жыл бұрын
Is there any way I could exercise this with a trial account & lab?
@PatchMyPC 3 жыл бұрын
I think you could. I'm pretty sure there is an Intune trial.
@vickg 5 жыл бұрын
I am not able to get the client install command line when signing in for Co-Management. My azure services and CMG have been setup. Any idea?
@PatchMyPC 5 жыл бұрын
What's ccmsetup.log saying?
@vickg 5 жыл бұрын
Solved... Removed the CMG connection point and re-added it... Now I get the command line ... Sometimes it's back to the basics :)
@kocha9 5 жыл бұрын
Hello, in my Azure Portal, Mobility MDM & MAM, Microsoft Intune Enrollment is missing, do You know how can i configure it?
@PatchMyPC 5 жыл бұрын
Hmm, I'm not sure why that would be. - Justin
@lonewaffle 4 жыл бұрын
I'm in the same boat. Did you ever figure that out?
@moseschougule6268 4 жыл бұрын
Hi, While trying to setup CMG, i get an error on the last option "Testing the CMG channel for management point", i have tried almost everything and seems i'm out of option, can you suggest here?
@PatchMyPC 4 жыл бұрын
Is you MP HTTPs
@professor3095 3 жыл бұрын
So i have to install cmg first before i can go on with this tutorial?
@PatchMyPC 3 жыл бұрын
No, you don't need to.
@tiagobial4 8 ай бұрын
For me the big problem is that the machines are taking a long time to enroll on intune with co-management.
@medeis1272 Жыл бұрын
Is there any way to change mdm authority from sccm to intune?
@PatchMyPC Жыл бұрын
This may be helpful learn.microsoft.com/en-us/mem/configmgr/comanage/workloads
@huythai6464 Жыл бұрын
Hello Justin, so When I try to enroll devices into co-management, there was en error Failed to enroll with RegisterDeviceWithManagementUsingAADDeviceCredentials with error code 0x80180015. By any chance you know the reason of thiss issue, or any troubleshoot step that I need to check to identify the main cause of the problem. Really appreciate if you response my issue
@Atreus21 2 жыл бұрын
I still don't understand why I should enable this. Perhaps I don't know enough about Intune but I wish I could get some examples of how this is a benefit.
@PatchMyPC 2 жыл бұрын
It's totally optional. If your not using Intune, there wouldn't be any value.
@sanjeev.bhardwaj 5 ай бұрын
01.Change status of 3000 Co-manage devices to Intune manage only. 02.Deploy company portal app on co-manage devices. 03.How to manage Autopilot for co-manage devices?(hardware hash etc) Environment is Hybrid AD Joined. GPO Migration completed. Application migration done completed. Script migration completed. Please share your valuable knowledge and experience share some documents or video reference please.
@pcpll 4 жыл бұрын
Good video but please stop using slang words like "on-prem" for users. What does this mean for a newbie ? There is more technical and precise words to describe this.
@PatchMyPC 4 жыл бұрын
I would recommend a quick google search if there's something you don't pick up on, should probably be pretty easy to find. I will keep it in mind for future videos.
Patch My PC
Рет қаралды 89 М.
Patch My PC
Рет қаралды 292 М.
Office365Concepts
Рет қаралды 22 М.
MSEndpointMgr - Jungling the Cloud
Рет қаралды 3,2 М.
Microsoft Endpoint Manager - Steve Rachui
Рет қаралды 1,3 М.
HTMD Community
Рет қаралды 10 М.
Patch My PC
Рет қаралды 69 М.
Sameer Gaming
Рет қаралды 8 МЛН
Immersed
Рет қаралды 87 МЛН
business Us
Рет қаралды 11 МЛН
MaviGadget
Рет қаралды 10 МЛН