Tag:"co-management with microsoft intune and system center configuration manager ama"

Windows hello for business for Hybrid Entra Join
Environment: -No UPN matching between onprem AD and Azure, Third party federation and User provisioning . -Hybrid Entra Joined devices -Enrolled to Intune using device credentials as SCCM is setup with co management (Cloud Attach). Question: Whether setting up Windows hello for business (Which was working before enrollment) using GPO / or Intune. An error is returned. Pin: "this sign in option is only available when connected to your organization's network" "Fingerprint and Face" "The option is currently unavailable" Multiple methods to setup WFH was attempted and none worked so far. -Devices -> Win 10 -> Enrollment -> "Configure Windows hello for business" -Using Custom settings as described here(CSP or GPO): https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/configure -Biometrics devices updated/ Windows updates installed/ All devices and users affected in the organization. -What could be the issue? Any best effort to get the windows hello for business working again?
AhmedSHMK
Jul 05, 2024 Place Microsoft Intune
625Views
0likes
2Comments
Upgrading Windows 11 on Co-Managed Entra Joined Devices with Intune
Dear Support, All of our Windows 10 devices are managed through SCCM and Microsoft Intune, with shared workloads piloted through Intune. Below are the details from one of our testing devices, Here is the testing device details, Co-management configuration settings: As per the instructions provided , I have created a profile under "Update rings for Windows 10 and later" and manually synced it from the company portal, Intune device console, and Account or Work School > Info > Sync. However, I do not see any prompts or progress regarding the Windows 10 upgrade. I verified in event viewer, Application and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider -> admin, I see there was an error “MDM Session : OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x801901ad)” I checked in google the error message indicates that, the device was unable to sync because of network connection issues so restarted the device to see if this error get rid from the event viewer but I got another issue in event viewer , “MDM ConfigurationManager: Command failure status. Configuration Source ID: (E97E6844-D6DA-4626-8E08-2981CAC4E66F), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified Not sure whether because of this error windows 11 upgrade is failed? Dsregcmd /status , WUfB Policy registry entries and values: Could you please assist in providing guidance on how to upgrade Windows 10 for hybrid devices?
Solved
Munna
May 01, 2024 Place Microsoft Intune
3.4KViews
0likes
10Comments
After enabling co-management users get prompt
Hi, I Enabled co-management, computers registers in AAD, enrolls in Intune, it seems that everything works - intune status - co-managed. But users get prompt that there is a problem with work or school account and they have to login. Until user logins there is also an mdm sync error under info button in work or school account. Then user logins sync error disappears. Why there is such prompt? I thought that sccm would enroll devices with device credentials and that would be enough? MS documentation states that co-management supports: "Ability to enroll devices without user interaction". 2fa isn’t used. What I am missing here?
jaky
Oct 17, 2022 Place Microsoft Intune
9.3KViews
0likes
10Comments
Co-Management (SCCM+Intune) Hybrid Model to Intune Standalone Migration
Hi I have requirements where Co-Management (SCCM+Intune) already deployed and now have plan to migrate on Intune Standalone without SCCM. Can anyone please guide or share some documentations as per Microsoft official site they mentioned high level that is not enough to proceed since there are many dependency like on-Prem AD ,GPO etc. How to get started and what are the consideration need to perform. Any down time expected while doing transition.
Solved
Saad_Farooq
Mar 20, 2022 Place Configuration Manager
6.1KViews
0likes
7Comments
How does one build an Intune AutoPilot ready device, using SCCM, without it becoming Co-Managed?
I would like to build devices using SCCM, much like they arrive new, for Intune AutoPilot deployments. This seemed simple enough. I created a generic Task Sequence, Then wrote a script which uninstalls the SCCM Client, gathers the device's hardware ID and then, runs "sysprep /oobe /shutdown". This script runs after the Task Sequence completes, using the Task Sequence Variable "SMSTSPostAction". All of this works beautifully, until the machine is joined to Azure AD via AutoPilot. My first sign of trouble was that the Intune Policies would not apply. I then found this message when looking at the device in Intune: Co-management <UserName>'s Windows PC is being co-managed between Intune and Configuration Manager. Configuration Manager agent state is shown below, if the state is anything other than “Healthy” there are a few steps that help with this. Configuration Manager agent state Could not connect Details The Configuration Manager client is currently unable to reach the Configuration Manager management point. Make sure the client can communicate with the server. For more information on client communication issues, see the CcmMessaging.log, LocationServices.log, or ClientLocation.log files on the Configuration Manager client. We did have Co-Management turned on, for a brief moment, in our AutoPilot journey. We quickly found that it complicated things and then followed instructions in someone's blog post to turn it off. Possibly, something went wrong turning it off? What I do not understand is why Intune thinks these devices are managed by SCCM. My best guess is that the SCCM client uninstall leaves behind cruft which the MDM system is reporting back to Intune. Is it possible to create devices, ready to be AutoPiloted and only managed by Intune, using SCCM? If so, how? Thanks. This is also a ServerFault Question.
Solved
treestryder
Nov 06, 2018 Place Microsoft Intune
6.8KViews
0likes
4Comments
That's a wrap!
Thank you for joining us and voicing your questions and feedback during this fun and action-packed hour. We will put together a summary document of what was covered duringand share it in this group.See you next time! (EDIT: Here's the summary attached!)
EricStarker
Feb 09, 2018 Place System Center AMA
9KViews
5likes
9Comments
Add Intune MDM to Windows 10 1709 device with ConfigMgr
Can you add Intune MDM to Windows 10 1709 device with ConfigMgr client if you haven't configured co-management between Intune tenant & ConfigMgr site?
Solved
PanuSaukkoMCT
Oct 23, 2017 Place System Center AMA
3KViews
1like
3Comments
Migration tool
hi, I heard of about this tool : https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/migrate-import-data , which is supposed to migrate the SCCM content to Intune. You say that it migrates policies/packages/CIs/VPN or Wifi profiles, and stuff like this : I understand there are some limitations, explained in the documentation, but are you not afraid that vast majority of users will not be able to use this tool in a prod way, because of the various current Intune limitations like no PS script support yet available, not all GPOs are existing in the "LocalSecurityPolicies" CSP, packages that are EXE-based or contains several MSI files, and so on... ?
ON2000
Oct 19, 2017 Place System Center AMA
6.5KViews
3likes
3Comments
Availability
Is it Co-Management feature already available to everyonewho has Intune?
Solved
Yinghua Zeng
Oct 19, 2017 Place System Center AMA
3.7KViews
2likes
6Comments
Greater visibility of errors
Are there any plans to give the community greater visibility to errors that we see in stand alone intune? e.g instead of seeing that an error occurred. It would be nice to see what the error was, and what service is affected within the tenant rather than just a generic error code. If we could have access to reporting tools and logs, then it would greatly help speed up the process when it came to troubleshooting issues that arise from time to time.
Sam Schirmer
Oct 19, 2017 Place System Center AMA
767Views
3likes
1Comment