Forum Discussion
MDE deployment with Intune and SCCM client
Hello All, We want to deploy MDE with Intune. All devices are having SCCM client installed and configured. In this scenerio, enabling co-management is a must? Please guide. Thanks
rahuljindal
Thanks and i agree to addressing the proxy issues. Most of the methods require hybrid entra setup which requires WinHttp and we are facing issues there.
Can you please guide on the below as well,
While trying to enroll to Intune with Group Policy, (as per below link: https://learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy), the device must be registered to Azure AD.
We can manually add the Work/School account and do that, but is not practical. Can you guide, if there is a better approach to register all domain joined devices to Azure AD in bulk?
Many thanks.
Thanks and i agree to addressing the proxy issues. Most of the methods require hybrid entra setup which requires WinHttp and we are facing issues there.
Can you please guide on the below as well,
While trying to enroll to Intune with Group Policy, (as per below link: https://learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy), the device must be registered to Azure AD.
We can manually add the Work/School account and do that, but is not practical. Can you guide, if there is a better approach to register all domain joined devices to Azure AD in bulk?
Many thanks.
That is where co-management comes in handy. Is manual work place join working for you and allowing the devices to hybrid join? If proxy is blocking hybrid join in general, then I don't expect the manual process to work either. All of this will require unrestricted access to Azure cloud services so unless that is sorted, I am afraid you will continue to face issues.
- rahuljindal
We are configuring tenant attach. As part of the prerequisites, it requires administratio service to be setup and functional in config manager.
https://learn.microsoft.com/en-us/mem/configmgr/tenant-attach/prerequisites
In the article to setup administration services, it mentions, "Some scenarios require access to the administration service from the internet, such as tenant attach".
https://learn.microsoft.com/en-us/mem/configmgr/develop/adminservice/set-up#enable-internet-access
Does it require internet access just for administration purpose or which other functions? Is is must to provide internet access to the administration service?
Please guide if you can. Thanks. - rahuljindal
As part of the co-managment config, hybrid aad was setup and since they are using proxy, we had to configure winhttp. With configuring winhttp, they had issue accessing several internal application urls/applications. - Then co-management should work as well. Is it setup correctly?
- rahuljindal
Manual workplace join is working and devices in AAD is Microsoft Entra hybrid joined type.
We have allowed Microsoft Defender for Endpoint URL list for commercial customers (Standard) via proxy, as per this link: https://learn.microsoft.com/en-us/defender-endpoint/configure-environment