Event banner
Event details
254 Comments
- Despite moving significant portions of our processes from Configuration Manager to Intune, there are two primary points that have been holding us back - management of on-premises servers where internet access is not allowed and for device inventory reporting (running CMPivot queries on large groups of devices, querying software/hardware inventory, etc.). What are your suggestions for next steps to leverage Intune for similar functionality? Currently, we are having trouble seeing a way to avoid maintaining both Intune and Configuration Manager side by side with a duplication of effort.
- For reporting I think you can do cool stuff with Log Diagnostics and KQL. Check out Maurice Daly's stuff. msendpointmgr.com.
- Thanks Paul! I'll take a look - I may have missed an interesting solution there. For update compliance, there are certainly more options out there, but there were a few other scenarios I found less guidance available. Something I have noticed with CMPivot is in Configuration Manager, I can create an arbitrary group of devices (device collection) and query the devices in near real-time. When investigating issues or discrepancies, it's very powerful for inspection. With co-management, I've seen the CMPivot option available via the Intune portal, but only for querying an individual device. In many scenarios where I use CMPivot, I may not know what devices I need to investigate, but once I identify the indicators for an issue, I can use CMPivot via Configuration Manager to query for those indicators across a large swatch of devices, then start identifying correlations. The Intune flow for similar investigations will likely be different, but it's not something I have found yet. Regarding inventory, there are certainly many options collecting state information for devices, but I was curious about whether the panel had any thoughts I hadn't come across. It was a good discussion. Appreciate your reply, Paul!
- I have made a point of referring to on-prem AD as Legacy in terms of workstations and GPOs have a ton of baggage, especially when changing local administrator security groups since there is almost always a GPO that will conflict with the OMA-URI for that.
- What is your view on migrating GPO's to Intune? Personaly I am a big fan of the startover and don't migrate that on-prem payload. But wondering what is your vision on that.
- It is a good idea but finding it difficult to completely ditch GPOs.
- I'm wondering whay you are missing.
- Joe_Lurie
Microsoft
Of course we have the GPO analytics which allow you to see which GPOs are available in Intune, and even create new policies, but the recommendation is to start over, as you say. There will be many GPO settings that were set in XP (or even Windows 2000) that are still alive today that companies never bothered to remove. And settings like Active Desktop for Vista that are still disabled. Starting over allows you to configure only what is needed, without all the legacy settings which may require troubleshooting later on.
- Aria is correct. There are many things Microsoft does well but it doesn't cover all and existing 3rd party solutions exist and often are valuable to the organization.
Some of the greatest features are all based on the inventory. Right now some customers leverage it for Cloud Sync Collections. Slice and dice your machines up like you need them. It’s great. Other customers use and still require PXE deployments. Is there any plan to enhance the inventory? Have a bare metal deployment for Intune?
- SteveThomasAs of now, the modern Windows deployment and provisioning solution for Intune is Windows Autopilot.
- When dealing with large packages such as Autodesk or Creative suite it just seems easier to use Config manager with a OSD to roll these out.
- In the last 5 years I only once have configured a CM environment. The only reason back then was Win32 apps nog being available yet in Intune. Since Win32 apps came to Intune I never ever used CM anymore.
- Security.microsoft.com vulnerability recomendations sometimes only have group policy options as a fix. Since we are using Intune and Azure AD only and can't implement group policy, what other options do we have left? Can we request group policy fixes to be added to the settings templates in Intune for windows machines?
- You can do GPO ingestion, or you can work out the registry setting the GPO would set. But it is harder than it needs to be. Also naming of settings in Intune and GPO are quite inconsistent.
- Same with some of the Baselines (e,g, Windows Update baselines) they are published as GPOs but not something you can easily ingest into Intune.
- What are your suggestions when clients have complex application stacks and don't appreciate the current process of application deployment and application upgrade management currently available via Intune? ConfigMgr still provides far better application management capabilities for complex application deployments that are very common in the Legal Industry.
- Jason_SandysNo one is forcing or even asking customers to move away from ConfigMgr. It's still a great tool and is why we've created features like co-management and tenant attach -- collectively referred to as cloud attach. We are currently hard at work on direct integration between Intune and the Microsoft Store and Windows Package Manager repositories. The vision here is that this will greatly simplify all application management tasks and make them no-brainers for standard, public software management.
- No, no one is forcing anyone. The issue is this panel is encouraging a Cloud First mentality, but there are still some serious lacks of feature parity that many organizations still depend upon. Even startups that require certain applications and control requirements cannot achieve this via Intune solely.
Possibly if they have an office with a very small internet facing connection? That is why you could use CM still?
