We had a serious discussion about the decision making process between Intune hybrid and standalone. In that post, we discussed about 8 Reasons to Select Intune Standalone Over Hybrid. So in the nutshell the decision was to go with Intune standalone instead of jumping into slow train. In this post, we will see migration guide Intune hybrid SCCM to Intune standalone.
Read the Microsoft case study sharing best practices and lessons learned from Microsoft’s SCCM Intune hybrid to standalone migration.
[Related Posts – 8 Reasons to Select Intune Standalone Over Hybrid]
During the MVP Summit in Seattle, we had a great discussion with Shitanshu Verma and his team about their experience of migrating from Intune hybrid to Intune standalone. I didn’t find any post from Shintanshu or his team on this topic. It would be great if he can have a post on Intune standalone migration topic.
NEW customers should select INTUNE STANDALONE as a preferred method
EXISTING customers should start PLANNING to MIGRATE to INTUNE STANDALONE
Microsoft want existing customers to move to Intune standalone environment. Intune hybrid might die soon (this is my best guess). As I mentioned in the previous post, the existing Intune hybrid customers should start the planning of migration from Intune hybrid to Intune standalone.
Following are high level content covered in this Guide
Convince Your Boss - Intune Standalone Decision Inventory - Identify Configurations, Users and Devices to Migrate SCCM Prerequisite for Intune Standalone Migration Intune Standalone Migration Tool Prepare for Intune Standalone User Migration Phased User Migration - Intune Standalone
Convince Your Boss – Intune Standalone Decision
I discussed more than eight (8) reasons to go with Intune Standalone over Hybrid. I performed detail analysis of decision making process to go with Intune standalone. This step helps to find out executive sponsor for Intune standalone migration project.
Microsoft already provides detailed documentation of this decision making. Microsoft is committed to update the following documentation up to date. More details choose between Microsoft Intune standalone and hybrid with SCCM.
Convince Your Boss = YES
Inventory – Identify Configurations, Users and Devices to Migrate
Once you decided to migrate to Intune standalone then, this is the inventory phase for the migration from hybrid MDM (Intune integrated with SCCM) to a cloud experience using Intune on Azure.
The first phase is to perform an inventory on your existing Intune hybrid (SCCM) environment to understand the special configurations. This inventory task should be performed using Intune Data Importer tool. This will help you to understand the existing setup and plan your migration.
The next step of Intune standalone migration is to identify the infrastructure dependency on your on prem infrastructure. NDES servers could be one of the dependency for certificate deployment. You shall build NDES server before migrating from Intune hybrid to standalone.
Inventory = Collected?
SCCM Prerequisite for Intune Standalone Migration
SCCM 1610 or later is the minimum requirement for Intune standalone migration. Microsoft recommend that you specify the top-level site (CAS or standalone Primary) hierarchy. This is not specific requirement from SCCM or Intune perspective. But this is to provide support for Intune standalone migration tool.
Microsoft provide Intune standalone migration tool to migrate uses are devices from SCCM to Intune. The tool only discovers objects accessible by the user running the tool. Make sure the user who runs the prerequisite tool must have SCCM FULL admin rights on SCCM hierarchy and service admin rights on Intune.
SCCM 1610 and Later = Ready?
Intune Standalone Migration Tool
Download Intune Data Importer tool and run this from top tier SCCM server to collect the inventory details. The user with SCCM Full admin and Global admin must run the Data Importer tool the first time using the following intunedataimporter.exe -GlobalConsent parameter.
The Intune Data Importer tool collects data about the objects you select from your SCCM hierarchy. This provides details about the objects you can select for import and information about why some object cannot be imported, and lets you import selected objects into your Microsoft Intune tenant.
I don’t think all the objects from SCCM can be migrated to Intune with the tool. You need to have loads of manual work to complete the migration to Intune. Fix all the errors of Intune data importer tool. This tool will help to get the inventory:
- Configuration items
- Certificate profiles
- Email profiles
- VPN profiles
- Wi-Fi profiles
- Compliance policies
Intune Data Importer Tool = Downloaded and Ready to Run?
Prepare for Intune Standalone User Migration
Identify the pilot user(s) to perform pilot migration of Intune standalone. Make sure your completed the following steps before the start of pilot user migration.
- Get ready with Server infra – NDES, Exchange connector
- Communicate the change plan to all the stake holders
- Start training support staff for Intune device management (Start Learning Intune)
- Fix all the errors of Intune import tool
- Fix Role Based Administration for Intune admins
- Get ready with Intune (Data Warehouse) reports to replace Intune reports
- Find out the Graph API details to automate the Intune workflow
All the preparation tasks are Completed = Yes?
Phased User Migration – Intune Standalone
Don’t change tenant level MDM authority to Intune until all the users are migrated. My recommendation is to perform phased user migration. Migrated users and their devices are managed in Intune. When you use co-management Windows devices then, those Windows devices can be managed via Intune and SCCM.
You can configure a mixed MDM authority in the same tenant by selecting some users to be managed in Intune. Other users continue to be managed in SCCM. You can gradually migrate additional groups of users until you are ready to switch the tenant-level MDM authority from SCCM to Intune standalone.
Tenant Level MDM Authority = Mixed Mode