Event banner
Event details
40 Comments
- is CMG required for co-management?
- Heather_Poulsen
Community Manager
Here are the prerequisites for co-management: https://docs.microsoft.com/mem/configmgr/comanage/overview#prerequisites
- Jason_Sandys
Microsoft
Not on a technical level, however, co-management is *not* a remote management solution and you will have issues if the ConfigMgr agent cannot communicate with the ConfigMgr site for an extended period of time. Thus, I strongly recommend not doing this if remote management is in scope and you have no other regular connectivity between the managed endpoints and ConfigMgr (like a VPN).
- Rachelle_BlanchardNo, CMG is not required for co-management. If there is documentation somewhere out that states this, please let us know so we can fix it.
- For Windows enrollment I can assign a co-management authority profile to a group, but excluding a group is not available yet. Is it going to be implemented soon ? Purpose: we have some devices like PAW (maintained in a group) where MECM client should not be installed during provisioning
- Rachelle_Blanchard
Admin reply: This question was answered live. Please refer to the recording for more details.
- Heather_Poulsen
Don't be shy. This is a great forum to ask your questions about managing devices on-prem while adding additional value and simplicity via the cloud, but also to share information about use cases and scenarios you need to support. Post your questions now in the Comments.
- how do we get started going down this road?
- Heather_Poulsen
Here are some great places to start. The panel will definitely provide some tips, but here are some helpful resources to guide you:
- Jason_SandysThe official docs are always a great place to start: https://docs.microsoft.com/en-us/mem/configmgr/cloud-attach/enable. Here's a video Danny did last year as well: https://techcommunity.microsoft.com/t5/video-hub/cloud-attach-today-cloud-manage-now/ba-p/2908529
- Is it possible that a co-managed device with Endpoint Security sliders moved to Intune to get the policies from ConfigMgr or GPO if these are still targeted to that device via some collection, group?
- Keep in mind that it will add complexity and unknown side effects if settings are applied from Intune and GPO. Give up the GPO and setup the settings within the Endpoint Protection hive of Intune. If you love your collections you can sync them to Azure AD groups and use those for assigment in Intune
- Rachelle_Blanchard
Admin reply: This question was answered live. Please refer to the recording for more details.
- Matt_CallWhen the Endpoint Protection slider is moved to Intune, Endpoint Protection policies will stop applying from Configuration Manager. Group Policy is completely orthogonal to the management plane and will continue to apply regardless of ConfigMgr Co-management status.
- Heather_Poulsen
Welcome to Tech Community Live: Endpoint Manager edition and the Cloud attach AMA. Let's get started! Post your questions in the Comments. We will be answering questions in the live stream—and others will be answering here in the chat.
- Heather_Poulsen
The Cloud attach AMA starts soon. Post your questions in the Comments now.
Right now in endpoint.microsoft.com I just see a bunch of empty blocks saying contact your intune admin to get access. What rights do I need to properly use the product? We're currently 100% on-prem, nothing in intune and no tenant attach yet.
we aren't on anything cloud yet because previous mgmt was a million% anti-cloud and only now are they relaxing about it. with covid we already had a big VDI farm and big vpn capacity so it wasn't a big deal.
- intune admin role
- that sounds like a global admin - are there more granular rights that can be assigned? like is there an article somewhere that explains waht rights are needed for which roles, like reporting, server admins, workstation admins, view-only, app packager, etc?
