One of the key elements of Microsoft 365 powered device is the ability to modernize the deployment and management of Windows 10 and Office 365 ProPlus. We have been regularly adding new modern management features in Intune since the release of Windows 10. Some of recent improvements include the ability to deploy Office 365 ProPlus , BitLocker management, integration with Windows Update for Business, and more. We are also working on new features including the ability to run PowerShell scripts on Windows 10 devices using Intune Management Extension, new Windows 10 MDM settings, and enhanced support for Windows AutoPilot, Windows Defender ATP, Windows Store for Business, and Surface Hub.
While there are many benefits of modern management, most organizations are still using an on-premises Windows Server Active Directory (AD) and System Center Configuration Manager (ConfigMgr) to manage their Windows devices. Based on conversations with our customers, we heard that until now, it wasn’t always easy to move to modern management. Some customer scenarios require the ConfigMgr agent, and there are also Windows 7 devices that need to be managed. Customers also use deeply integrated partner or homegrown solutions for ConfigMgr, and not to mention the complexity of planning and switching from traditional to modern management with existing IT systems, organizational structures, and processes. Many organizations were looking for a more simplified and manageable way to transition from ConfigMgr and AD to a modern management approach with Intune and Azure AD. We are excited to make this possible with a new feature of ConfigMgr and Intune called co-management .
Co-management delivers a bridge that simplifies planning and reduces the risks as organizations transition the management of Windows 10 devices to cloud-based Intune and Azure AD. Co-management helps to streamline the journey to modern management in a controlled and iterative way. This allows IT to modernize some workloads of Windows 10 management (e.g. device compliance assessment for conditional access) while maintaining ConfigMgr for other workloads (e.g. Win32 app distribution) based on your needs and at your own pace with the end goal to fully transition to modern management. Starting with the Anniversary Update (June 2016), a Windows 10 device can be joined to on-premises Active Directory (AD) and cloud-based Azure AD at the same time. Co-management takes advantage of this improvement and enables the device to be managed by both ConfigMgr agent and Intune MDM. This allows organizations to move parts or workloads of their management to the cloud – making the move in manageable chunks. For example, customers can transition device compliance check, resource access profile deployment, or Windows 10 update management from ConfigMgr to Intune while continuing to use ConfigMgr for other workloads such as software distribution and deep device security configuration. Overtime, it will be possible to transition more workloads through co-management. Another common use case is the ability to modernize OS deployment where a traditional imaging process can be replaced with Windows AutoPilot integrated with Intune and Azure AD while the rest of provisioning and management is done through ConfigMgr. You will be able to learn more about these improvements in the recordings of our Ignite sessions (search for BRK3057, BRK3075, BRK3076, and BRK2079 on https://myignite.microsoft.com/videos after Ignite ends) as well as test it out in your lab in the upcoming ConfigMgr Technical Preview Branch release (version 1709). We are planning to make co-management generally available with the 1710 release of ConfigMgr Current Branch later this year.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.