Forum Discussion

Sam Smith's avatar
Sam Smith
Copper Contributor
Oct 19, 2017

Utilising Group Policy on a device enrolled in Co-Management?

We are a provider of Cloud Solutions are investigating extending this to management of the end points with Intune.

 

Intune works great from a compliance stand point but lacks the breadth of configuration options afforded with Group Policy.

 

Would a device enrolled in co-management be able to be controlled by Group Policy? Will there be any restrictions to this?

 

We are investigating solutions to users that have a highly mobile workforce. Intune has been great at deploying VPN settings to get them dialled back in to their existing infrastructure.

However with them no longer being Domain Joined devices we are missing the ease of configuration.

Can you envision a scenario where a VPN profile is deployed, connected a log on and allow for a standard processing of Group Policy?

Kind of like a cloud based traditional corporate infrastructure.

4 Replies

  • RobYork's avatar
    RobYork
    Icon for Microsoft rankMicrosoft
    Oct 19, 2017
    Co-management is SCCM+AD+Intune+AAD so you still get to leverage all your existing GPOs. One thing we know from speaking to customers is that GPOs are complex and organisations often don't fully understand what they actually need or even what they have in place. Co-management allows you to begin a journey to modern management without having to make a leap. Co-management bridges the gap from traditional to modern giving you time to rationalise what you have and to plan and implement the controls you need through Intune device configuration profiles.

    Rob
    • dctardy's avatar
      dctardy
      Icon for Microsoft rankMicrosoft
      Oct 19, 2017

      Additionally, you are not required to have Active Directory joined devices that are Co-Managed.  What that means is that as you transition to modern management, you can reduce your dependence on Active Directory.

      • Sam Smith's avatar
        Sam Smith
        Copper Contributor
        Oct 19, 2017
        But do you have to have SCCM in order to utilise co-manage? Can I Domain Join a 1709 Windows 10 device that has only been connected to Intune so far?

        I understand that some organisations have complex setups where they don'y fully understand what they need or have in place however this is not us. We are trying to make up the shortcomings of Intune for device configuration with a proven technology.

        Other than wrapping a script up in an MSI how can I provision printers or make other changes that are no exposed by Intune configuration templates or the OMA-URI schema?

Resources