Home

Connection of already Hybrid Azure AD joined Win10 Devices to Intune Management

%3CLINGO-SUB%20id%3D%22lingo-sub-328417%22%20slang%3D%22en-US%22%3EConnection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-328417%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20folks%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei'm%20trying%20to%20implement%20Intune.%3C%2FP%3E%3CP%3EMy%20first%20steps%20were%20iOS%20%26amp%3B%20Android%20what%20i%20finished%20right%20now.%3C%2FP%3E%3CP%3ENow%20it's%20time%20for%20Win10%20Devices%3A%3C%2FP%3E%3CP%3EBYOD%20Devices%20with%20a%20work%20or%20school%20account%20are%20no%20problem%2C%20they%20appear%20as%20expected%20in%20the%20Intune%20console.%3C%2FP%3E%3CP%3EAt%20this%20moment%20i'%2Cm%20trying%20to%20connect%20our%20Windows%2010%20Devices%2C%20which%20are%20already%20Hybrid%20Azure%20AD%20joined.%20(joined%20to%20our%20OnPrem%20Domain)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20know%20how%20to%20achive%20this.%20Would%20you%20please%20help%20me%20out%20of%20this%3F%3C%2FP%3E%3CP%3EI%20already%20tried%20to%20set%20the%20GPO%20(Auto%20MDM%20Enrollment%20with%20AAD%20Token)%20at%20a%20local%20Win10%20Client%2C%20but%20this%20doesn't%20do%20anything.%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20that%20the%20right%20approach%3F%20(Or%20what%20should%20i%20do%3F%20Do%20i%20need%20the%20Intune%20connector%3F%20Do%20i%20need%20Autopilot%20for%20this%20first%20step%3F%20(when%20deployment%20of%20the%20OS%20is%20done%20manually%2C%20not%20by%20autopilot))%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20very%20much%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3EPatrick.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-328417%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESCCM%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESCCM-Intune-Hybrid%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-370254%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-370254%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20similar%20situation%20although%20we%20do%20not%20have%20SCCM%20on%20premise.%20Devices%20have%20been%20Hybrid%20AD%20joined%20and%20Auto%20MDM%20enrolled%20through%20GPO%20but%20show%20up%20as%20Managed%20by%20MDM%2FConfigMgr%20Agent.%20We%20do%20not%20have%20Configuration%20Manager%20OnPremise.%20How%20do%20i%20force%20MDM%20only%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDevice%20Action%20status%3C%2FP%3E%3CDIV%20class%3D%22fxc-section-legend%20azc-br-muted%20fxc-section-name%22%3ECo-management%3C%2FDIV%3E%3CDIV%20class%3D%22fxc-section-control%20fxc-base%20msportalfx-customHtml%20msportalfx-form-formelement%22%3E%3CDIV%20class%3D%22azc-formElementSubLabelContainer%22%3E%3CDIV%20class%3D%22azc-formElementContainer%22%3E%3CDIV%3E%3CP%3EUSERNAME%20Windows%20PC%20is%20being%20co-managed%20between%20Intune%20and%20Configuration%20Manager.%20Configuration%20Manager%20agent%20state%20is%20shown%20below%2C%20if%20the%20state%20is%20anything%20other%20than%20%E2%80%9CHealthy%E2%80%9D%20there%20are%20a%20few%20steps%20that%20help%20with%20this.%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2009258%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ELearn%20more%3C%2FA%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22fxc-section-control%20fxc-base%20msportalfx-customHtml%20msportalfx-form-formelement%22%3E%3CDIV%20class%3D%22azc-form-labelcontainer%20azc-text-label%22%3EConfiguration%20Manager%20agent%20state%3C%2FDIV%3E%3CDIV%20class%3D%22azc-formElementSubLabelContainer%22%3E%3CDIV%20class%3D%22azc-formElementContainer%22%3E%3CDIV%3ECould%20not%20connect%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22fxc-section-control%20fxc-base%20msportalfx-customHtml%20msportalfx-form-formelement%22%3E%3CDIV%20class%3D%22azc-form-labelcontainer%20azc-text-label%22%3EDetails%3C%2FDIV%3E%3CDIV%20class%3D%22azc-formElementSubLabelContainer%22%3E%3CDIV%20class%3D%22azc-formElementContainer%22%3E%3CDIV%3EThe%20Configuration%20Manager%20client%20is%20currently%20unable%20to%20reach%20the%20Configuration%20Manager%20management%20point.%20Make%20sure%20the%20client%20can%20communicate%20with%20the%20server.%20For%20more%20information%20on%20client%20communication%20issues%2C%20see%20the%20CcmMessaging.log%2C%20LocationServices.log%2C%20or%20ClientLocation.log%20files%20on%20the%20Configuration%20Manager%20client.%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22fxc-section-control%20fxc-base%20msportalfx-customHtml%20msportalfx-form-formelement%22%3E%3CDIV%20class%3D%22azc-form-labelcontainer%20azc-text-label%22%3ELast%20Configuration%20Manager%20agent%20check%20in%20time%3C%2FDIV%3E%3CDIV%20class%3D%22azc-formElementSubLabelContainer%22%3E%3CDIV%20class%3D%22azc-formElementContainer%22%3E%3CDIV%3E2%2F1%2F1900%2C%2012%3A00%3A00%20AM%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-329419%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-329419%22%20slang%3D%22en-US%22%3E%3CP%3EYes.%20You%20need%20provide%20global%20Admin%20account.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-329396%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-329396%22%20slang%3D%22en-US%22%3EThank%20you%20for%20your%20answer!%20That%20was%20a%20good%20advice%20for%20me.%3CBR%20%2F%3EWhen%20setting%20up%20co-management%20in%20SCCM%20the%20wizard%20asks%20me%20for%20giving%20the%20credentials%20for%20an%20%22Intune%20organizational%20account%22.%20It%20is%20not%20possible%20for%20me%20to%20connect%20with%20my%20%22normal%22%20O365%20Admin%20Account.%20Is%20the%20organizational%20account%20something%20different%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-329366%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-329366%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20want%20to%20%3CSPAN%3Eget%20the%20policies%20and%20configurations%20from%20Intune%20you%20need%20to%20enable%20co-management%20and%20adjust%20the%20slider%20to%20set%20the%20authority.%20GPO%20will%20take%20precedence%20over%20MDM%20policy%20from%20Intune.%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20474px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F71716iF08595F3E5601031%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22thLI3LTRKV.jpg%22%20title%3D%22thLI3LTRKV.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-329289%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-329289%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Aaron%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei've%20already%20read%20this%20MS%20Doc.%20Yesterday%20i%20found%20out%20a%20few%20things%20with%20dsregcmd%20and%20got%20the%20first%20machines%20working.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20current%20problem%20seems%20to%20be%20an%20SCCM%20topic.%3C%2FP%3E%3CP%3ELet%20me%20describe%20the%20current%20situation%20and%20the%20goal%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrently%3A%3C%2FP%3E%3CP%3E1.%20We%20don't%20manage%20mobile%20devices%20(iOS%20%26amp%3B%20Android)%20yet.%3C%2FP%3E%3CP%3E2.%20We%20manage%20Win10%20Devices%20(okay%2C%20most%20of%20them%20are%20mobile%2C%20too%20%3B)%3C%2Fimg%3E%20by%20SCCM.%20(Enrolling%20the%20operating%20system%2C%20install%20a%20few%20software%20products)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EObjective%3A%3C%2FP%3E%3CP%3E1.%20We%20want%20to%20manage%20our%20clients%20(iOS%2C%20Android%20%26amp%3B%20Win10)%20with%20Intune%20in%20AAD.%3C%2FP%3E%3CP%3E2.%20We%20want%20to%20use%20SCCM%20also%20in%20future%20for%20the%20%22first%20enrollment%22.%20(An%20on-site%20training%20for%20sccm%20for%20my%20colleague%20is%20pending%2C%20starts%20in%20end%20of%20february.)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20i've%20done%20so%20far%3A%3C%2FP%3E%3CP%3E1.%20I%20learned%20quite%20a%20few%20interesting%20things%20about%20Intune%20in%20combination%20with%20iOS%20%26amp%3B%20Android%2C%20so%20we%20are%20able%20to%20manage%20them.%20Currently%20we're%20in%20a%20testphase%20and%20want%20to%20go%20in%20a%20pilot%20phase%20with%20a%20few%20more%20Users%2Fdevices)%3C%2FP%3E%3CP%3E2.%20I%26nbsp%3Benrolled%20some%20Win10%20testclients%20with%20the%20GPO%20setting%20to%20the%20Intune%20console.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20these%20clients%20already%20had%20the%20sccm%20agent%20installed%2C%20when%20they%20got%20enrolled%20in%20Intune%2C%20they%20appear%20in%20Intune%20as%20%22managed%20by%3A%20MDM%2FConfigMgr%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20problem%20is%2C%20that%20they%20won't%20get%20the%20policies%20and%20configurations%20i%20configured%20in%20Intune.%3C%2FP%3E%3CP%3EBecause%20i'm%20not%20experienced%20in%20using%20SCCM%20yet%20i%20don't%20know%20how%20to%20go%20on.%3C%2FP%3E%3CP%3EDo%20i%20need%20the%20feature%20%22co-management%22%20within%20SCCM%20to%20achive%20this%20objective%3F%3C%2FP%3E%3CP%3E(The%20devices%20already%20appear%20in%20intune%2C%20as%20i%20mentioned%20before)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20goal%20should%20be%3A%3C%2FP%3E%3CP%3E-%20Managing%20all%20mobile%20devices%20(iOS%2C%20Android%20%26amp%3B%20Win10)%20in%20Intune%3C%2FP%3E%3CP%3E-%20Installing%20the%20basics%20of%20our%20desktop%20devices%20with%20onprem%20SCCM%20(Installing%20OS%20to%20workstations%2C%20installing%20some%20basic%20software%20packages.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%2C%20my%20englisch%20is%20understandable%20so%20far%20%3AD%3C%2Fimg%3E%3C%2FP%3E%3CP%3EI%20would%20be%20happy%20if%20you%20(or%20anyone%20else)%20can%20help%20me%20a%20little%20bit.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20very%20much!%3C%2FP%3E%3CP%3EPatrick%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-329143%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-329143%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20you%20certain%20that%20Hybrid%20Azure%20AD%20join%20is%20configured%20correctly%3F%20Configuring%20Hybrid%20Azure%20AD%20join%20in%20Azure%20AD%20Connect%20and%20setting%20the%20GPO%20are%20all%20that%20you%20need%20(plus%20assigning%20EMS%20%2F%20Intune%20licenses).%20Once%20these%20are%20configured%2C%20you%20should%20see%20devices%20register%20pretty%20quickly.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDocs%20here%3A%3C%2FP%3E%0A%3CP%3E%3CA%20title%3D%22Enroll%20a%20Windows%2010%20device%20automatically%20using%20Group%20Policy%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fenroll-a-windows-10-device-automatically-using-group-policy%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fenroll-a-windows-10-device-automatically-using-group-policy%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-465339%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-465339%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F161413%22%20target%3D%22_blank%22%3E%40Nathan%20Hart%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20this%20same%20problem.%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20i%20have%20SCCM%20co-management%20configuration%20set.%3C%2FP%3E%3CP%3ECo-management%3C%2FP%3E%3CP%3Ethe%20configuration%20is%20set%20to%20device%20collections.%3CBR%20%2F%3EI%20removed%20my%20test%20device%20from%20this%20collection%20and%20try%20to%20register%20it%20in%20Intune%20as%20being%20only%20managed%20by%20MDM.%3C%2FP%3E%3CP%3EUnfortunately%2C%20it%20still%20appears%20as%20MDM%20%2F%20ConfigMgr%3C%2FP%3E%3CP%3EThe%20MDM%20policy%20is%20set.%3CBR%20%2F%3EHow%20to%20change%20the%20device%20authorization%20for%20MDM%2C%20leaving%20other%20devices%20managed%20by%20co-management%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-469777%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-469777%22%20slang%3D%22en-US%22%3EBecause%20of%20a%20new%20techcommunity%20account%2C%20this%20is%20just%20a%20short%20response%20to%20follow%20up%20the%20thread.%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-747216%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-747216%22%20slang%3D%22en-US%22%3E%3CP%3EI%20successfully%20setup%20Hyrid%20ad%20join%20and%20co-management%20for%20some%20Pilot%20devices.%20Management%20is%20still%20controlled%20by%20ConfigMgr.%3C%2FP%3E%3CP%3EIn%20the%20Azure%20console%20I%20see%20however%20stated%20that%20the%20Configmgr%20Agent%20state%20reports%20as%20%3CSTRONG%3Ecould%20not%20connect%3C%2FSTRONG%3E.%20(See%20attached%20screenshot).%20Remote%20restart%20does%20work%20(with%20some%20delay)%20so%20there%20seems%20to%20be%20connection.%20Can%20anyone%20put%20me%20in%20the%20right%20direction%20how%20to%20troubleshoot%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-756655%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-756655%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F371670%22%20target%3D%22_blank%22%3E%40nielsvd%3C%2FA%3E%26nbsp%3B%26nbsp%3BIt%20seems%20to%20me%20that%20the%20communication%20with%20the%20portal%20is%20done%20through%20the%20extension%20(Intune%20Management%20Extension%20-%20I%20do%20not%20remember%20the%20name)%20installed%20when%20connecting%20the%20device%20to%20Intune%20MDM.%3CBR%20%2F%3EI%20would%20check%20if%20the%20sccm%20agent%20on%20the%20device%20is%20working%20correctly%2C%20possibly%20reinstalling%20the%20agent.%20In%20addition%2C%20I%20would%20check%20sccm%20versions%2C%20windows10%20versions.%20Not%20all%20versions%20work%20together.%3CBR%20%2F%3ESometimes%2C%20after%20uninstalling%20the%20sccm%20agent%2C%20the%20garbage%20remains%20in%20the%20registry.%20Intune%20means%20the%20device%20as%20co-management%20but%20in%20reality%20the%20device%20does%20not%20have%20the%20sccm%20agent.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Deleted
Not applicable

Hi folks,

 

i'm trying to implement Intune.

My first steps were iOS & Android what i finished right now.

Now it's time for Win10 Devices:

BYOD Devices with a work or school account are no problem, they appear as expected in the Intune console.

At this moment i',m trying to connect our Windows 10 Devices, which are already Hybrid Azure AD joined. (joined to our OnPrem Domain)

 

I don't know how to achive this. Would you please help me out of this?

I already tried to set the GPO (Auto MDM Enrollment with AAD Token) at a local Win10 Client, but this doesn't do anything. 

Is that the right approach? (Or what should i do? Do i need the Intune connector? Do i need Autopilot for this first step? (when deployment of the OS is done manually, not by autopilot))

 

Thank you very much :)

Patrick.

 

 

 

10 Replies

Are you certain that Hybrid Azure AD join is configured correctly? Configuring Hybrid Azure AD join in Azure AD Connect and setting the GPO are all that you need (plus assigning EMS / Intune licenses). Once these are configured, you should see devices register pretty quickly.

 

Docs here:

https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatica...

Hi Aaron

 

i've already read this MS Doc. Yesterday i found out a few things with dsregcmd and got the first machines working.

 

My current problem seems to be an SCCM topic.

Let me describe the current situation and the goal:

 

Currently:

1. We don't manage mobile devices (iOS & Android) yet.

2. We manage Win10 Devices (okay, most of them are mobile, too ;) by SCCM. (Enrolling the operating system, install a few software products)

 

Objective:

1. We want to manage our clients (iOS, Android & Win10) with Intune in AAD.

2. We want to use SCCM also in future for the "first enrollment". (An on-site training for sccm for my colleague is pending, starts in end of february.)

 

What i've done so far:

1. I learned quite a few interesting things about Intune in combination with iOS & Android, so we are able to manage them. Currently we're in a testphase and want to go in a pilot phase with a few more Users/devices)

2. I enrolled some Win10 testclients with the GPO setting to the Intune console.

 

When these clients already had the sccm agent installed, when they got enrolled in Intune, they appear in Intune as "managed by: MDM/ConfigMgr".

 

The problem is, that they won't get the policies and configurations i configured in Intune.

Because i'm not experienced in using SCCM yet i don't know how to go on.

Do i need the feature "co-management" within SCCM to achive this objective?

(The devices already appear in intune, as i mentioned before)

 

The goal should be:

- Managing all mobile devices (iOS, Android & Win10) in Intune

- Installing the basics of our desktop devices with onprem SCCM (Installing OS to workstations, installing some basic software packages.

 

I hope, my englisch is understandable so far :D

I would be happy if you (or anyone else) can help me a little bit.

 

Thank you very much!

Patrick

Hi,

 

If you want to get the policies and configurations from Intune you need to enable co-management and adjust the slider to set the authority. GPO will take precedence over MDM policy from Intune.thLI3LTRKV.jpg

 

 

Thank you for your answer! That was a good advice for me.
When setting up co-management in SCCM the wizard asks me for giving the credentials for an "Intune organizational account". It is not possible for me to connect with my "normal" O365 Admin Account. Is the organizational account something different?

Yes. You need provide global Admin account.

I have a similar situation although we do not have SCCM on premise. Devices have been Hybrid AD joined and Auto MDM enrolled through GPO but show up as Managed by MDM/ConfigMgr Agent. We do not have Configuration Manager OnPremise. How do i force MDM only?

 

Device Action status

Co-management

USERNAME Windows PC is being co-managed between Intune and Configuration Manager. Configuration Manager agent state is shown below, if the state is anything other than “Healthy” there are a few steps that help with this. 

Learn more
Configuration Manager agent state
Could not connect
Details
The Configuration Manager client is currently unable to reach the Configuration Manager management point. Make sure the client can communicate with the server. For more information on client communication issues, see the CcmMessaging.log, LocationServices.log, or ClientLocation.log files on the Configuration Manager client.
Last Configuration Manager agent check in time
2/1/1900, 12:00:00 AM
Highlighted

@Nathan Hart 

Hi 

I have this same problem. 

But i have SCCM co-management configuration set.

Co-management

the configuration is set to device collections.
I removed my test device from this collection and try to register it in Intune as being only managed by MDM.

Unfortunately, it still appears as MDM / ConfigMgr

The MDM policy is set.
How to change the device authorization for MDM, leaving other devices managed by co-management?

Because of a new techcommunity account, this is just a short response to follow up the thread. :)

I successfully setup Hyrid ad join and co-management for some Pilot devices. Management is still controlled by ConfigMgr.

In the Azure console I see however stated that the Configmgr Agent state reports as could not connect. (See attached screenshot). Remote restart does work (with some delay) so there seems to be connection. Can anyone put me in the right direction how to troubleshoot this?

 

@nielsvd  It seems to me that the communication with the portal is done through the extension (Intune Management Extension - I do not remember the name) installed when connecting the device to Intune MDM.
I would check if the sccm agent on the device is working correctly, possibly reinstalling the agent. In addition, I would check sccm versions, windows10 versions. Not all versions work together.
Sometimes, after uninstalling the sccm agent, the garbage remains in the registry. Intune means the device as co-management but in reality the device does not have the sccm agent.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies