cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Utilising Group Policy on a device enrolled in Co-Management?

Sam Smith
Copper Contributor

‎Oct 19 2017 09:23 AM

‎Oct 19 2017 09:23 AM

Utilising Group Policy on a device enrolled in Co-Management?

We are a provider of Cloud Solutions are investigating extending this to management of the end points with Intune.

 

Intune works great from a compliance stand point but lacks the breadth of configuration options afforded with Group Policy.

 

Would a device enrolled in co-management be able to be controlled by Group Policy? Will there be any restrictions to this?

 

We are investigating solutions to users that have a highly mobile workforce. Intune has been great at deploying VPN settings to get them dialled back in to their existing infrastructure.

However with them no longer being Domain Joined devices we are missing the ease of configuration.

Can you envision a scenario where a VPN profile is deployed, connected a log on and allow for a standard processing of Group Policy?

Kind of like a cloud based traditional corporate infrastructure.

2,127 Views
0 Likes
4 Replies
Reply
4 Replies
Rob York

‎Oct 19 2017 09:55 AM

‎Oct 19 2017 09:55 AM

Re: Utilising Group Policy on a device enrolled in Co-Management?

Co-management is SCCM+AD+Intune+AAD so you still get to leverage all your existing GPOs. One thing we know from speaking to customers is that GPOs are complex and organisations often don't fully understand what they actually need or even what they have in place. Co-management allows you to begin a journey to modern management without having to make a leap. Co-management bridges the gap from traditional to modern giving you time to rationalise what you have and to plan and implement the controls you need through Intune device configuration profiles.

Rob
0 Likes
Reply
D.C. Tardy

‎Oct 19 2017 09:57 AM

‎Oct 19 2017 09:57 AM

Re: Utilising Group Policy on a device enrolled in Co-Management?

Additionally, you are not required to have Active Directory joined devices that are Co-Managed.  What that means is that as you transition to modern management, you can reduce your dependence on Active Directory.

0 Likes
Reply
Sam Smith

‎Oct 19 2017 11:40 AM

‎Oct 19 2017 11:40 AM

Re: Utilising Group Policy on a device enrolled in Co-Management?

But do you have to have SCCM in order to utilise co-manage? Can I Domain Join a 1709 Windows 10 device that has only been connected to Intune so far?

I understand that some organisations have complex setups where they don'y fully understand what they need or have in place however this is not us. We are trying to make up the shortcomings of Intune for device configuration with a proven technology.

Other than wrapping a script up in an MSI how can I provision printers or make other changes that are no exposed by Intune configuration templates or the OMA-URI schema?
0 Likes
Reply
D.C. Tardy

‎Oct 19 2017 11:44 AM

‎Oct 19 2017 11:44 AM

Re: Utilising Group Policy on a device enrolled in Co-Management?

You do have to have SCCM to Co-Manage - that is the definition - Co-Manage is Intune & SCCM co-managing a device.  However, you do not need the device to be joined to on-prem Active Directory to be co-managed.  You may have the device AAD Joined or Hybrid AD/AAD joined and still co-manage with both SCCM & Intune.

1 Like
Reply