co-management with microsoft intune and system center configuration manager ama

14 Topics

After enabling co-management users get prompt
Hi, I Enabled co-management, computers registers in AAD, enrolls in Intune, it seems that everything works - intune status - co-managed. But users get prompt that there is a problem with work or school account and they have to login. Until user logins there is also an mdm sync error under info button in work or school account. Then user logins sync error disappears. Why there is such prompt? I thought that sccm would enroll devices with device credentials and that would be enough? MS documentation states that co-management supports: "Ability to enroll devices without user interaction". 2fa isn’t used. What I am missing here?
jaky
Oct 14, 2022 Place Microsoft Intune
10KViews
0likes
10Comments
That's a wrap!
Thank you for joining us and voicing your questions and feedback during this fun and action-packed hour. We will put together a summary document of what was covered during and share it in this group. See you next time! (EDIT: Here's the summary attached!)
EricStarker
Oct 19, 2017 Place System Center AMA
9KViews
5likes
9Comments
Migration tool
hi, I heard of about this tool : https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/migrate-import-data , which is supposed to migrate the SCCM content to Intune. You say that it migrates policies/packages/CIs/VPN or Wifi profiles, and stuff like this : I understand there are some limitations, explained in the documentation, but are you not afraid that vast majority of users will not be able to use this tool in a prod way, because of the various current Intune limitations like no PS script support yet available, not all GPOs are existing in the "LocalSecurityPolicies" CSP, packages that are EXE-based or contains several MSI files, and so on... ?
ON2000
Oct 18, 2017 Place System Center AMA
6.9KViews
3likes
3Comments
How does one build an Intune AutoPilot ready device, using SCCM, without it becoming Co-Managed?
I would like to build devices using SCCM, much like they arrive new, for Intune AutoPilot deployments. This seemed simple enough. I created a generic Task Sequence, Then wrote a script which uninstalls the SCCM Client, gathers the device's hardware ID and then, runs "sysprep /oobe /shutdown". This script runs after the Task Sequence completes, using the Task Sequence Variable "SMSTSPostAction". All of this works beautifully, until the machine is joined to Azure AD via AutoPilot. My first sign of trouble was that the Intune Policies would not apply. I then found this message when looking at the device in Intune: Co-management <UserName>'s Windows PC is being co-managed between Intune and Configuration Manager. Configuration Manager agent state is shown below, if the state is anything other than “Healthy” there are a few steps that help with this. Configuration Manager agent state Could not connect Details The Configuration Manager client is currently unable to reach the Configuration Manager management point. Make sure the client can communicate with the server. For more information on client communication issues, see the CcmMessaging.log, LocationServices.log, or ClientLocation.log files on the Configuration Manager client. We did have Co-Management turned on, for a brief moment, in our AutoPilot journey. We quickly found that it complicated things and then followed instructions in someone's blog post to turn it off. Possibly, something went wrong turning it off? What I do not understand is why Intune thinks these devices are managed by SCCM. My best guess is that the SCCM client uninstall leaves behind cruft which the MDM system is reporting back to Intune. Is it possible to create devices, ready to be AutoPiloted and only managed by Intune, using SCCM? If so, how? Thanks. This is also a ServerFault Question.
Solved
treestryder
Oct 09, 2018 Place Microsoft Intune
6.9KViews
0likes
4Comments
Upgrading Windows 11 on Co-Managed Entra Joined Devices with Intune
Dear Support, All of our Windows 10 devices are managed through SCCM and Microsoft Intune, with shared workloads piloted through Intune. Below are the details from one of our testing devices, Here is the testing device details, Co-management configuration settings: As per the instructions provided , I have created a profile under "Update rings for Windows 10 and later" and manually synced it from the company portal, Intune device console, and Account or Work School > Info > Sync. However, I do not see any prompts or progress regarding the Windows 10 upgrade. I verified in event viewer, Application and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider -> admin, I see there was an error “MDM Session : OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x801901ad)” I checked in google the error message indicates that, the device was unable to sync because of network connection issues so restarted the device to see if this error get rid from the event viewer but I got another issue in event viewer , “MDM ConfigurationManager: Command failure status. Configuration Source ID: (E97E6844-D6DA-4626-8E08-2981CAC4E66F), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified Not sure whether because of this error windows 11 upgrade is failed? Dsregcmd /status , WUfB Policy registry entries and values: Could you please assist in providing guidance on how to upgrade Windows 10 for hybrid devices?
Solved
Munna
Apr 29, 2024 Place Microsoft Intune
4.3KViews
0likes
10Comments
Availability
Is it Co-Management feature already available to everyone who has Intune?
Solved
Yinghua Zeng
Oct 19, 2017 Place System Center AMA
4KViews
2likes
6Comments
Announcing a Co-management with Microsoft Intune and System Center Configuration Manager AMA!
We are very excited to announce an upcoming opportunity to 'Ask Microsoft Anything' (AMA) about Co-management with Microsoft Intune and System Center Configuration Manager! The AMA will take place on Thursday, October 19, 2017 from 9:00 AM to 10:00 AM Pacific Time in the System Center AMA space. Add this event to your https://aka.ms/Co-managementama/invite.
EricStarker
Oct 11, 2017 Place System Center AMA
4KViews
6likes
3Comments
Add Intune MDM to Windows 10 1709 device with ConfigMgr
Can you add Intune MDM to Windows 10 1709 device with ConfigMgr client if you haven't configured co-management between Intune tenant & ConfigMgr site?
Solved
PanuSaukkoMCT
Oct 19, 2017 Place System Center AMA
3.1KViews
1like
3Comments
Is co-management (or hybrid) required for Azure-joined machines to access domain services?
Our company is using ZenWorks for our Windows 7 machines. We have begun deploying Windows 10 machines under Intune MDM (joining to Azure) with great success so far. We do not have SCCM in place (yet). However, our biggest pain point right now is Windows 10 users accessing on-prem domain services like printing, file share, etc. These services are not going to the cloud anytime soon. As we all know, we cannot domain join a machine that is already Azure AD joined. Is co-management required for Windows 10 MDM'ed machine to gain access to these services? Or can we leverage AAD Connect to solve this issue?
Graeme Bent
Oct 19, 2017 Place System Center AMA
1.5KViews
1like
3Comments
Next Steps
Hi, this is Alpay Yilmaz from Lincolnshire, IL. I have a domain joined Windows 10 1709 VM and running ConfigMgr CB 1702, what are the next steps to begin testing co-management?
Alpay Yilmaz
Oct 19, 2017 Place System Center AMA
1.5KViews
0likes
1Comment