AzureAD joined Machines and MECM over VPN

Iron Contributor

I have some AzureAD joined machines that alos have a VPN into my datacentre for file share access etc. Currently they are using Intune for configuration and software deployment. I find Intune limiting for the latter and would like to leverage our MECM (and co-management) infra for this. I have a CMG but it can be expensive.

Is it possible that AzureAD joined machines could use MECM directly (as opposed to the CMG) when connected over the VPN (i.e. when they have line of sight of our on-prem MECM infra) ?

3 Replies
Yes, but you will still need co-management if you want workloads to be managed between Intune and ConfigMgr. However, in my professional opinion, managing clients over VPN will be more expensive than utilising CMG.
I appreciate the respsone. The VPN is a sunken cost for us really as the VPN is required for other reasons.

@shocko I understand, however this is exactly the reason as to why you should consider CMG to ease the load of your VPN infrastructure so that other services that depend on VPN do not get affected. That's just my 2 cents.