Onboarding AzureAD joined computers to MD-ATP but excluding SCCM co-managed devices

%3CLINGO-SUB%20id%3D%22lingo-sub-760131%22%20slang%3D%22en-US%22%3EOnboarding%20AzureAD%20joined%20computers%20to%20MD-ATP%20but%20excluding%20SCCM%20co-managed%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-760131%22%20slang%3D%22en-US%22%3E%3CP%3EWe're%20currently%20using%20SCCM%20on%20premises%20configured%20for%20Intune%20co-management.%20All%20SCCM%2FCo-managed%20devices%20are%20automatically%20enrolled%20with%20MD-ATP%20using%20the%20SCCM%20enrollment%20method.%20I'm%20looking%20at%20covering%20the%20Azure%20AD%20workplace%20only%20joined%20computers%20so%20that%20essentially%20any%20Windows%20managed%20device%20is%20enrolled%20with%20MD-ATP%20automatically.%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20the%20device%20is%20already%20enrolled%20with%20MD-ATP%20through%20SCCM%20and%20the%20Intune%20deployment%20method%20attempts%20to%20deploy%20to%20the%20Azure%20AD%20device%20(there%20because%20of%20co-management)%20-%20how%20does%20the%20MD-ATP%20onboarding%20process%20handle%20this%3F%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20exclude%20the%20already%20enrolled%20co-managed%20devices%20such%20as%20an%20attribute%20that%20I%20can%20use%20to%20create%20a%20group%20so%20that%20only%20Azure%20AD%20devices%20that%20are%20not%20enrolled%20have%20an%20enrollment%20attempt%20made%3F%3C%2FP%3E%3CP%3EHope%20that%20makes%20sense%20-%20any%20feedback%2Fsuggestions%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

We're currently using SCCM on premises configured for Intune co-management. All SCCM/Co-managed devices are automatically enrolled with MD-ATP using the SCCM enrollment method. I'm looking at covering the Azure AD workplace only joined computers so that essentially any Windows managed device is enrolled with MD-ATP automatically. 

If the device is already enrolled with MD-ATP through SCCM and the Intune deployment method attempts to deploy to the Azure AD device (there because of co-management) - how does the MD-ATP onboarding process handle this?

Is there a way to exclude the already enrolled co-managed devices such as an attribute that I can use to create a group so that only Azure AD devices that are not enrolled have an enrollment attempt made?

Hope that makes sense - any feedback/suggestions appreciated.

0 Replies