As mentioned in my previous Intune Guides here, I’ve a hybrid environment with Intune and SCCM / ConfigMgr 2012 R2 CU3. In this post, I’ll walk you through, How to Enroll, Manage windows 8.1 machines which are connected to internet (not connected to cooperate network) and How to deploy application to Windows 8.1 workplace join machine? This scenario is mostly applicable for road warier devices which never get connected to office or cooperate network. With on premises SCCM environment it’s always a challenge to manage these kind of devices. However with SCCM and Intune integration is the perfect solution to manage these kind of road warier laptop devices.
I’ve segregated this post into 3 parts as listed below :-
- 1. How to Enroll Windows 8.1 Laptops or Desktops to Intune and SCCM 2012 ?
2. How to Install Application on Windows 8.1 Workplace joined machine via Intune + SCCM 2012 console?
3. How to Manage Windows 8.1 machine which is joined Workplace via Intune + SCCM 2012 console?
- 4. How to force Intune policies into Windows 8.1 Workplace Join devices ASAP/Immediately?
How to Enroll Windows 8.1 Laptops or Desktops to Intune and SCCM 2012 ?
Enrollment has two phases, you can perform this in any order. Install Intune Company portal and then Join the machine into workplace. Without Workplace join, the company portal application won’t work on Windows 8.1 machines.
1. Open Windows Store and search for “Intune” and Install company portal application.
2. Installing Company portal Application.
3. Intune Company portal application is successfully installed on this PC.
In this example, I’m using firstname.lastname@example.org account to enroll this PC to Intune + SCCM 2012 environment.
5. Add the device PC to Workplace Join to complete the enrollment process into intune + SCCM environment !!
Either you can perform Workplace join operation as first step before installing Intune company portal application or you can join Workplace in the same way which I followed in this post.
5. Tried to join to the workplace from my laptop and it failed with following error.
The following error could be because of the reasons mentioned in the following point. “Confirm you are using the correct sign-in info and that your workplace uses this feature. Also, the connection to your workplace might not be working right now. Please wait and try again.“
6. Now what can we do ? Workplace join is not working for Windows 8.1 laptop?
There are THREE points you need make sure before joining a machine to workplace.
a) You need to have the following registry entry in your machine before you try to join any Workplace (one of Windows 8.1 bug);
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM \DiscoveryService = manage.microsoft.com
b) Remove the machine from Domain if the machine or PC is joined to any domain. Join workgroup before joining to a workplace !
c) Also the windows 8.1 machine should NOT have SCCM/Configmgr 2012 or 2007 client installed !
7. How to join device or PC to workplace ?
Now go back to Start screen on Windows 8.1 , open SEARCH, and then type PC Settings. Select Change PC Settings and On the PC Settings page, select Network, and then click Workplace.
8. Enter the User ID and click Join. It may take some time to connect your device workplace
7. Allow apps and services from IT admin
Select I agree and click on Turn On button.
8. Successfully logged into the Company Portal !!
9. You can see the enrolled Windows 8.1 machines in SCCM 2012 console !
As you can see in the following screen shot, the Windows 8.1 machine is not FULLY managed machine and it has been enrolled as mobile device (see the difference in the symbol).
How to Install Application on Windows 8.1 Workplace joined machine?
1. Login to company portal now and see one of the web application is getting installed.
I’m logged in with user ID anoop and that user is assigned to a web application called Kuku Kube. As you can see in the following screenshot Kuku Kube is getting installed on newly enrolled Windows 8.1 workplace joined machine/s.
2. Web application Kuku Kube is successfully installed on my windows 8.1 machine.
How to Manage Windows 8.1 machine which is joined Workplace ?
1. Create new Configuration Item policy for Windows 8.1 machine through which we can manage these machines.
All these operations are done from SCCM 2012 R2 CU3 console. In this Configuration Item, I’ve created using System Security group and rule Updates = Automatic Updates is required. This CI will check whether the Automatic Updates are enabled or not on the Windows 8.1 machine and perform remediation if not enabled.
2. Disabled the Windows Update on Windows 8.1 Workplace joined machines
Never Check for updates (not recommended)
3. Monitoring Workspace of SCCM 2012 confirms the deployed CI already applied to Windows 8.1 Workplace machines
4. CI remediation has successfully completed on the Windows 8.1 Workplace joined machines
Software Updates settings got enabled via CI remediation process. You can see that Install Updates automatically is current settings.
How to Force Policy Sync with Intune /SCCM 2012 and Windows 8.1 devices?
Open Intune company portal, click or tap on the logged device and Click or tap on the Check Complacency Status Icon on Windows 8.1 device. “Checking compliance. This might take a few minutes.”