ConfigMgr Admins: Let’s start learning Intune. In this post, I will cover Intune Learning for ConfigMgr Admins. Microsoft Intune and ConfigMgr are part of the Endpoint Manager Product group. Both are part of Microsoft’s modern device management solutions.
Microsoft Intune is a cloud-based endpoint management solution that simplifies user access to organizational resources and streamlines app and device management across various devices, including mobile devices, desktop computers, and virtual endpoints.
Companies utilize this Enterprise Mobility Management platform to control and secure access to their data and applications effectively. It helps organizations manage and monitor the use of mobile devices, access to corporate networks, and data security measures.
My recommendation to the SCCM admin is to start learning Microsoft Intune. The Configuration Manager is tightly integrated with Intune and Azure. Tenant Attach is one of the features within SCCM. This feature helps admins manage devices managed by on-prem ConfigMgr servers from the Intune console.
- Unable to Join Teams Meetings Using Links from Outlook Because of ASR Rules
- Easy Guide to Enable Edge Built-in PDF Reader for WebView2 with Intune
- Microsoft Introduces New Windows Enrollment Attestation Feature in Intune
- Intune Guide to Turn Off Tracking App Launches
Intune ASU Architecture: Drilldown (Service-Based Sevices)
The Intune ASU architecture employs a stateful and stateless microservice approach using Service fabric-based services. The architecture is designed to be inherently scalable, utilizing Azure Service Fabric for built-in scale-out and partitioned data model capabilities. The architecture focuses on fault and upgrade domains, ensuring resiliency and high availability.
The stateful microservices are designed to utilize in-memory processing and employ 5-way replication for high availability. Additionally, the architecture includes measures for disaster recovery with a 10-minute recovery point objective (RPO) and static partitioning per Service. Complete disaster recovery requires deployment and re-hydration, which can take up to 4 hours.
Device | Type | No.of Nodes | Processes per Node | Memory per Node |
---|---|---|---|---|
Front End (FE) | Azure A4 | 20-30 | 20-30 | |
Middle Tier (MT) | Azure A7 | 50-70 | 20-40 | 3-6 TB |
I have a series of posts to explain the difference between SCCM and Intune administration and architecture. Check out those posts:
- Microsoft Intune for SCCM Admins Part 1 (the video post here)
- Microsoft Intune for SCCM Admins Part 2
Introduction to Microsoft Intune for Beginners
I don’t think SCCM will disappear for another 5-6 years. Instead, features like tenant attach will blur the difference between Intune and ConfigMgr more in the coming years.
This is why Brad Anderson mentioned that the truth is straightforward: MEM means ConfigMgr has eternal life.
i’ve been asked a couple times today if Microsoft Endpoint Manager means the death of #ConfigMgr —
honestly, the truth is really simple: MEM means ConfigMgr has eternal life!#MSIgnite pic.twitter.com/AeMp5eGxa7— Brad Anderson (@Anderson) November 4, 2019
This post would be helpful for Intune newbies. The latest Intune posts are available at https://www.anoopcnair.com/intune/
What is Microsoft Intune, and How is it different?
Intune is a Microsoft Enterprise Mobility Management (EMM) solution. The EMM provider helps to manage mobile devices, network settings, and other mobile services and settings.
Microsoft Intune combines Device, Application, Information Protection, Endpoint Protection (antivirus software), and Security/Configuration policy management solution (SaaS) facilitated by Microsoft in the Cloud.
Take a Free Intune Subscription
Let’s check the Quickstart: Try Microsoft Intune for free
What are the Management Options in Intune?
Intune can manage macOS, Android, iOS, and Windows devices via the MDM (Mobile Device Management) channel. The following post explains the different Microsoft Intune Enrollment options.
Published by Scott: Intune Learning ConfigMgr Admins
What is Modern Workplace OSD Replacement (Windows AutoPilot)?
Not really, but Autopilot is the enrollment service provided by Microsoft from the Cloud. The following link has more posts related to Windows Autopilot.
https://www.anoopcnair.com/windows-autopilot/
How to Start Using Intune Portal?
The Intune portal (console) is part of Microsoft Endpoint Manager. Let’s learn more about EndPoint Portal—Intune Admin Related Activities.
What are the Intune Team’s Roles and Responsibilities?
The roles and responsibilities of the Intune team are summarized below at a high level. Some parts of it involve Azure AD and other teams of the organization.
Understanding the roles and responsibilities will help the IT Pros understand how Intune works and how it will be deployed within the organization. My previous post, “Intune Team’s Roles and Responsibilities“, provides more details.
Setting up a team is also part of the Learn Microsoft Intune process.
- User Management
- Application Creation and Deployment/Assignment
- Service Administration
- Mobile Application Management
- Device/Profile Management
- Conditional Access
- Company Resource Access
- Software Update Management
What is MDM Authority?
Before working with Intune, a mobile device management authority (MDM) is essential. The MDM authority determines where you will perform MDM tasks.
Monthly or Weekly Updates Of Intune
Let’s find more details about Intune Monthly or Weekly Updates Intune Features in Development Intune Case Studies Devices Node Different Platforms – Windows, Android, iOS, and macOS.
Mobile App Mgmt without Enrollment (MAM)
Microsoft Intune supports MAM without enrollment (MAM WE) and Conditional Access policies for Android devices. There are two types of management options for Windows, Android, and iOS devices with Intune.
The first is the traditional MDM management method, and the second is the light management of Android, iOS, and Windows apps via Intune.
BYOD devices are suitable for the MAM WE type of Intune management. Intune can also assign Conditional Access policies to MAM users.
For example, if a consultant’s device has already enrolled in a third-party EMM solution, but he wants to access the client’s corporate email on his mobile device for a very short period, then the “MAM WE” is the best option for that consultant.
I posted about MAM WE: How to Enable Intune MAM without Enrollment and Conditional Access.
Updated List of Microsoft Intune MAM protected apps – https://docs.microsoft.com/en-us/intune/apps-supported-intune-apps
Intune and macOS Device Management
Intune natively supports Mac Device management, but its Mac device support has dramatically improved. For more details, what happens if you install the Company Portal app and enrol your MacOS device in Intune?
Jamf is the third-party solution that Microsoft advised all organizations to consider if they want to manage Mac Devices more deeply with Intune.
Learn to Troubleshoot Intune Issues
The MEM portal makes Intune troubleshooting easy. Whenever you face an issue with Intune, it’s recommended that you start with the “Microsoft Intune—Help and Support” page in the MEM Admin Center portal.
I have a post discussing “Start Troubleshooting Intune Policy Deployment Issues from Intune“. More details about the video experience are here.
Intune Training Courses
Let’s check the Microsoft Learn courses Simplify Device Management with Microsoft Endpoint Manager and Introduction to Microsoft 365 Unified Endpoint Management.
Learn about modern device management, the Microsoft Endpoint Manager (Intune + SCCM/ConfigMgr), and how the business management tools in Microsoft 365 can simplify device management.
Learning Objectives
Upon completion of this module, the learner will be able to:
- Explain modern device and application management concepts
- Explain the value of the Microsoft Endpoint Manager (MEM), including Microsoft Intune and ConfigMgr
- Describe how Autopilot can help streamline new device acquisition and setup
Resources
- MDT Deployment for Windows 10 OS Deployment Scenario by Jitesh Kumar HTMD Weekend
- HTMD12 SCCM Configuration Item Baseline Remediation Explained by Deepak Rai | ConfigMgr
- ConfigMgr SSRS Report Creation Process Explained by Kannan CS SQL Query Tips Tricks for Admins | Video
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His primary focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
Hello,
I would like to clarify following topics as I’m still not sure what is possible only by using SCCM and what is possible by using Autopilot.
– SCCM allows usage of customized OS deployment images assigned to users or computers
– Autopilot just customize and add domain connectivity for already installed OS or not?
I’m asking because I need to ship computers for new hired users working from day one at HO and want to know what Autopilot can do. Is it just settings configuration (language, input locale, keyboard), join the computer into AAD domain or is it capable to deploy customized OS image to the machine without need to be done in the office with corporate network connectivity.
I saw some articles for Autopilot articles which mentioned that user will power the computer, connects it to network (ethernet or WiFi) and join with AAD credentials and than Domain Controler connectivity is needed to start Autopilot enrollment process.
My question is how this can be achieved when user get standard OS deployed by manufacturer and without any VPN SW when not sitting in corporate office?
Thank you for answering and/or explaining me possible solutions.
With best regards
Martin
I think the best option with modern management is the Azure AD Joined + Autopilot scenario. With that scenario, end-users can just unbox the device and go through enrollment process without any help from IT team.
If you are looking for Hybrid Azure AD joined scenario, then it would be difficult without the VPN connection back to on-prem. More details https://www.anoopcnair.com/windows-autopilot-hybrid-domain-join-guide/