MicrosoftThis was a great find for me. We are heavily federated, to the point that each college/school/unit (CSU) wants to "run their own SCCM without running their own server." Essentially I'm a "cloud" service provider kind of like Microsoft, in that I run the infrastructure for constituents and provide them a "slice" of CM via RBAC. I RBAC CM for each CSU by on-prem OU, Libraries, Engineering, Fine Arts, etc., etc. and moving to Intune was going to be a challenge because it's flat and there really was no concept of the OU in AzAD. But, syncing the top level collections I create in SCCM to AzAD groups and then using those to achieve the same result is fantastic. Our only issue now is that every CSU sees all of the CM devices for the whole university in the Intune portal with no real good way to filter out the ones they can't affect. Can't wait for RBAC in intune to catch up, or to get a filter for devices. federation is a huge deal here, so I'd say that's the #1 thing we almost can't wait for, RBAC consistency between CM, EM and ATP. Thanks for all the work so far, it's been amazing!
