Event banner
Event details
254 Comments
- Will there be an MBAM equivalent in the cloud? 🙂 Currently have to use the work of MVP's top cover this.
- Cloud only requires an Intune license, Cloud attach and co-management can run on Windows + Software Assurance
- In our case SCCM was already in place on some devices and was the easiest avenue to quiet onboarding.
- Will there be a way to move from legacy ASR rules via MDM configured by Config manager to intune. Currently you have to run a cleanup script which is not so easy on 10's of thousands of systems.
- Could we turn the question onto its head. In what case(s) is maintaining/implementing a hybrid joined/managed device still a viable option or perhaps... a necessary evil. 😈 I'm not very familiar with config manager, but my customers are. 😉
- I want to pick up on something Aria mentioned - one pain point I see between group policy and Intune/cloud management is that there's no mechanism in Windows to "choose" or "select" a preference of which configuration management system to "honor" if there's a conflict. Can you speak to that? I may just be misinformed.
- There is an Intune policy setting called "MDMWins", which means if the same setting is configured in Intune policy and Group Policy, and both are applied, the Intune policy will win
- Jason_Sandys
Microsoft
We in general discourage the use of this policy/setting as there are a variety of exceptions where it does not work as expected. We've documented most of those exceptions but unfortunately, the list is not exhaustive. We strongly encourage folks to use the various targeting mechanisms to ensure only policy from one or the other applies to specific devices.
- In an established Configuration Manager environment, is there any benefit to going Hybrid AADJ and ConfigMgr co-management over moving to cloud-only, and does the answer change depending on whether you are talking about new devices vs. devices already managed in ConfigMgr? We piloted cloud-only management and it worked great, but now we're looking at what migration would look like.
- Jason_SandysThat's ultimately for you to determine based on your requirements. Keep in mind that we only recommend using HAADJ for existing devices though and for new Windows provisioning, we strongly recommend only using AADJ.
- Joe_LurieOur best practice is to go full cloud management and identity. If you are able to go Azure AD joined instead of Hybrid, that's the recommended strategy. For many customers, that's a long-term plan, for others, they can get there more quickly. Same with management: CM to Intune. If you can move to Intune today, we would recommend starting that migration.
- Is there a list ready, or script available to find and delete those keys?
- ConfigMgr client absolutley is a source of failure in my environment. Devices revert to COnfigMgr management, even when all workloads are migrated.
Is there any plan to move Azure VMs/servers security configuration/endpoint management to MEM?
- SteveThomasIf you are referring to Intune, not at this time. I would suggest looking into solutions like Azure Arc. https://learn.microsoft.com/en-us/azure/azure-arc/overview
