Event banner

Modern management or Windows 11? It’s more about "and" than "or"

Event Ended
Monday, Nov 27, 2023, 07:00 AM PST
Online

Event details

Windows 11 and Intune are two powerful solutions that can help you transform your organization through modern management and cloud capabilities. But how can you leverage them effectively without disr...
Heather_Poulsen
Updated Dec 27, 2024
Technical Takeoff
Nathan_Lockwood's avatar
Nathan_Lockwood
Brass Contributor
Nov 27, 2023
When enabling co-management and specially moving over the device configuration to intune how should we approach group policy migration. Device management is pretty straightforward, but how about user group policy? How to you recommending balancing users that may need to access devices that are co-managed vs. not..
Anthonymelwhrhs's avatar
Anthonymelwhrhs
Iron Contributor
Nov 27, 2023

To add to this question, if I enable Intune policy management slider via co-management in configuration manager. Is on prem group policy still honored in a hybrid scenario while we start migrating policies? How does it handle conflicts between on prem and Intune?

  • Jason_Sandys's avatar
    Jason_Sandys
    Icon for Microsoft rankMicrosoft
    Nov 27, 2023
    Yes and no. Conflicts are possible and likely. Co-management is not about arbitrating between group policy and Intune. The best way to avoid these conflicts is not attempt to apply the same policy or settings from two different authorities as this will lead to hardship and confusion. Use selective targeting in either group policy (using WMI filters, OUs, groups, etc) or in Intune (using Entra ID groups or filters) if and as needed to avoid conflicts is the path of least resistance here.
  • Jason_Sandys's avatar
    Jason_Sandys
    Icon for Microsoft rankMicrosoft
    Nov 27, 2023
    Yes and no. Conflicts are possible and likely. Co-management is not about arbitrating between group policy and Intune. The best way to avoid these conflicts is not attempt to apply the same policy or settings from two different authorities as this will lead to hardship and confusion. Use selective targeting in either group policy (using WMI filters, OUs, groups, etc) or in Intune (using Entra ID groups or filters) if and as needed to avoid conflicts is the path of least resistance here.
  • Nathan_Lockwood's avatar
    Nathan_Lockwood
    Brass Contributor
    Nov 27, 2023
    I've seen it apply some items and not apply others. I know stuff around security like firewalls just reset to Windows default config and blow out all group policy firewall rules. but others seem to apply without issue. Would be nice to see a reference list to see how all this stuff gets handled
    • Joe_Lurie's avatar
      Joe_Lurie
      Icon for Microsoft rankMicrosoft
      Nov 27, 2023

      Nathan_Lockwood and Anthonymelwhrhs GPO and Configuration Manager policies are unrelated. If you move a slider in the co-management console, it should not affect the GPOs applying, except maybe WSUS/WUfB policies. But other group policies should not be impacted by the co-management confoguration.

      • Nathan_Lockwood's avatar
        Nathan_Lockwood
        Brass Contributor
        Nov 27, 2023

        Joe_Lurie  Reading a little more about workload shift I "Get it" now. Thank you for your reply and pushing me to dig deeper on the the actual function. The other big take away is don't have Group policy and Intune profiles do the same thing. I guess to push the client to Intune configuration over GPO I can enable the MDM wins Over GPO Policy. Thanks again

Date and Time
Nov 27, 20237:00 AM - 7:30 AM PST