06-30-2020 06:38 AM
06-30-2020 06:38 AM
Today we take an in-depth look at Cloud Attach and Microsoft Endpoint Manager, as modern management becomes increasingly crucial. After a quick overview of cloud attach, we dive into the phases of cloud attach and finally tenant attach. This session is packed with valuable information including prerequisites, licensing information, dashboards and more.
While not mentioned specifically in this session, here are some additional resources you might find helpful:
Q: Is co-managed the same as cloud attach?
A: Co-management is fully managed by both Configuration Manager and Microsoft Intune with explicit admin intent on which workload is managed by either Configuration Manager or Intune. Cloud attach is Configuration Manager only managed devices that show up in the cloud portal.
Q: When you enable co-management in the wizard, the Microsoft docs state that a Global Admin account is required to login. Is that really the case or can we use an Intune licensed account that has the Intune Administrator role?
A: Yes, the Global Admin account is required. There are a couple of specific Azure AD object that are created (app registrations to be specific) that require this.
Q: What has changed or been added/improved with Microsoft Endpoint Manager since Ignite 2019?
A: Keep in mind that Intune and Configuration Manager, while becoming more integrated, are still two separate entities with different release schedules. Intune releases new functionality every month while Configuration Manager releases new functionality approximately every four months. For Intune, see What's new in Microsoft Intune and for Configuration Manager see What's new in Configuration Manager.
Q: Should I start Cloud Attach without Cloud Management Gateway first and then do it later if I need?
A: You could go this route. Attaching to the cloud allows your devices to take advantage of cloud features; CMG allows Configuration Manager to manage your devices directly over the internet.
Q: I have a CSP sandbox tenant where creating VMs in Azure is now allowed. This is a permanent testing environment. Can I still populate the CMG there or will that also be forbidden?
A: Unfortunately, CSP-based subscriptions do not support CMG. You need a separate non-CSP subscription to support CMG. This is documented in the Azure Resource Manager section of the article, "Plan for the cloud management gateway in Configuration Manager"(see the note).
Q: Should Azure AD sync be what onboards the co-management? Or the Configuration Manager client?
A: AD Connect syncs identities, so that is required to enable your devices to be hybrid Azure AD joined. Once your devices have a cloud identity (they are hybrid Azure AD joined), Configuration Manager will coordinate the enrollment to Intune, based on your co-management settings in the ConfigMgr console.
We hope you find this session useful. We'd love your feedback and ideas for future sessions so please fill out this short survey. Thank you!