User Profile
RobYork
Joined 9 years ago
User Widgets
Recent Discussions
Re: Endpoint workload
null null All of them.... none of them... it really depends on the individual organization and what you're trying to achieve. Personally conditional access is one of the first I'd look at, it introduces something net new so there's no migration or redesign. Really it comes down the the value you can bring to your org by attaching to the cloud. Swinging workloads should be value driven not arbitrarily driven simply for the reason of swinging a workload. Especially in the current work from home reality, lots of customers are looking to move to Autopilot and leverage more cloud based management to enable easier provisioning and managing off the corporate network. Couple of resources to check out aka.ms/bigthree and Flexible paths to cloud management with Microsoft Endpoint Manager - Microsoft Tech Community Rob1.1KViews0likes0CommentsRe: Add Intune MDM to Windows 10 1709 device with ConfigMgr
Panu, there will never be a situation where both MDM and SCCM are in conflict. If you don't enable co-management then the pre-1709 behaviour stands. We will de-register the MDM agent. When you enable co-management, by default the MDM channel will be in a read only state with SCCM being the authority for management of the device. As you then swing over features to Intune, SCCM will then stop providing policy for those features to the co-managed device leaving Intune the authority for those features and SCCM for the rest. Rob3KViews1like0CommentsRe: Utilising Group Policy on a device enrolled in Co-Management?
Co-management is SCCM+AD+Intune+AAD so you still get to leverage all your existing GPOs. One thing we know from speaking to customers is that GPOs are complex and organisations often don't fully understand what they actually need or even what they have in place. Co-management allows you to begin a journey to modern management without having to make a leap. Co-management bridges the gap from traditional to modern giving you time to rationalise what you have and to plan and implement the controls you need through Intune device configuration profiles. Rob2.4KViews0likes3CommentsRe: If I join them to Intune will I be able to bring them into SCCM?
We quietly added ccmsetup.msi which can bootstrap the client install files over the Internet with CMG. Shameless plug: check out my Ignite session where i demo just that https://myignite.microsoft.com/sessions/53475?source=sessions Rob2.9KViews1like0CommentsRe: Adopting co-management
Hi Will, Absolutely, this is what we'd call modern provisioning. You can push SCCM with Intune using a quietly added CCMSETUP.MSI that can bootstrap the full client setup over the Internet. We also added AAD auth pieces to allow client registration to happen over CMG to result in a fully managed device from the Internet all user driven. If you haven't already, check out my session from Ignite. I show this flow https://myignite.microsoft.com/sessions/53475?source=sessions Rob1.5KViews2likes0CommentsRe: Adopting co-management
No. Co-management is SCCM and Intune Standalone only, no support for hybrid. Otherwise you're moving Workloads from SCCM to.... SCCM. For Hybrid customers looking to adopt co-management we recently release migration tools to allow you to switch your management authority it Intune standalone.1.5KViews2likes2CommentsRe: Is Co-Management just for Intune and SCCM or can it be used with Intune and AD/GPO?
Co-management is SCCM+AD+Intune+AAD it allows you to bridge the current SCCM+AD state of traditional devices into Intune+AAD by allowing all of them simultaneously whilst rationalising your on prem dependencies to allow you to make the full step into modern2.9KViews1like0CommentsRe: Getting to Co-Managed Starting from ConfigMgr
Hi Nash, There are two routes to co-management. Modern provisioning is one of them but you are absolutely correct that customers have way more devices in a traditional state (AD+SCCM) and with 1710 we will have the ability to uplift them to a co-managed state by registering with AAD and enrolling into Intune. Rob917Views4likes0CommentsRe: ConfigMgr/Intune
Hi Tobias, you wont get into a situation where Intune and SCCM are managing the same workloads. With co-management you move over whole workloads. Once a device has had a workload moved to Intune, SCCM no longer provides policy for that feature. So for instance, if you move over to Windows Update for Business, SCCM stops providing update policy to the clients.1.7KViews2likes0CommentsRe: Install latest Software Updates during OSD using Config Manager and Automatic Deployment Rules
You have a couple of options here. Automatic Deployment Rules (ADRs) are able to deploy approve and deploy updates, but often customers choose to phase this rollout to validate the patches dont clash with any apps or utilities you may have "out in the wild". https://docs.microsoft.com/en-us/sccm/sum/deploy-use/automatically-deploy-software-updates You can also look at offline servicing for images so that the patches are included in the image before it's even transmitted to the device and applied. this has the benefit of being both the most secure AND quick as there is likely no increase in build time. It also means you dont have to recapture your WIM as often.3.7KViews0likes0Comments
Recent Blog Articles
Managing Patch Tuesday with Configuration Manager in a remote work world
This article is designed to help you successfully deliver patches to your managed PCs that are no longer on-premises and connecting via VPN using home broadband networks. We will take you through a d...150KViews19likes17CommentsManaging remote machines with cloud management gateway in Microsoft Endpoint Configuration Manager
The increase in the global workforce working from home is unsurprisingly putting an added focus from organizations on remote functionality and management. Naturally we have seen an increase in the nu...154KViews19likes70Comments