According to Microsoft, most organizations are still using some combination of on-premises Windows Server Active Directory (AD) and System Center Configuration Manager (ConfigMgr) to manage their Windows devices. To simplify the transition to modern management, Microsoft designed a new feature called co-management.
Co-management is a simple way to transition from ConfigMgr and AD to a modern management approach with Intune and Azure AD.
What does Co-Management do?
Co-management enables you to move some of the workloads for Windows 10, such as endpoint protection or conditional access management, to Intune while maintaining ConfigMgr for other workloads, such as software distribution.
There are some immediate benefits of managing Windows 10 devices with Intune, especially for mobile machines out in the wild.
- Selective wipe – wipe is useful for resetting a device before you give the device to a new user, or when the device has been lost or stolen
- Delete devices – You can delete devices from the Intune portal. The next time the device checks in, any company data on it will be removed.
- Restart device – Restart device causes the device you choose to be restarted
- Fresh Start – Fresh Start removes any apps that are installed on a PC running Windows 10, version 1703 or later. Fresh Start helps remove pre-installed (OEM) apps that are typically installed with a new PC.
What are the Prerequisites for Co-Management?
For typical ConfigMgr clients that you want to co-manage, the prerequisites are:
- Mobile Device Management authority set to Microsoft Intune
- Device is Hybrid Azure AD joined
- Windows 10 version 1709 or later
- ConfigMgr version 1710 or later
- An Azure account that has a Intune subscription assigned
- A ConfigMgr account that is a full administator with the “All” security scope
Setting Up Co-Management
How to setup co-management and transition a workload to Intune:
- Configure and assign a workload in Microsoft Intune, such as Endpoint Protection Antivirus management
- In the ConfigMgr navigate to \Administration\Overview\Cloud Services\Co-management and start the Co-management wizard
- Sign into Microsoft Intune
- Set automatic enrollment in Intune to “Pilot”
- Transfer the Endpoint Protection workload to Pilot Intune
- Specify a ConfigMgr collection of hybrid Azure AD joined machines as the pilot collection
- You can monitor your progress with the co-management dashboard in the ConfigMgr console under: