Co-Management is another buzzword in the device management world. What is this co-management?
Windows 10 or Windows 11 co-management is dual management (with SCCM and Intune) capability available with Windows 10 1709 version (Fall Creators Update).
Co-management is the bridge between traditional management and modern management. Microsoft renamed the co-management node in the SCCM admin console to Cloud Attach.
In this post, we will see more details “Overview Windows 10 or Windows 11 Co-Management with Intune and SCCM.”
I had a fascinating conversation with Bill Bernat on Co-Management, Auto Pilot, and CMG.
You can watch the E³ podcast video. This is my first interview experience!
Co-Management Related Posts
Why Modern Management?
What are the problems with traditional management? Why are most organizations trying to get into modern management? It’s all about moving fast and adopting the agile scrum method.
I did a more detailed analysis of the IT industry in the Future of SCCM ConfigMgr Intune Admin Jobs post. I hope Airbnb and Uber stories will give you more thought points about modern management.
Traditional IT is designed to manage a single business-owned device that is always connected to the corporate network. The devices and users landscape have changed over the years. To handle these changes in the modern world, IT needs to change.
Modern IT management should be agile and handle multiple flavors of devices for users. And it should be able to manage cloud-managed SaaS applications. Automation, Pro-Activeness, and Self service are the other 3 trigger points for modern IT.
How to move to Cloud Management?
Co-management is the transition method proposed by Microsoft to move to cloud management. In my opinion, this transition method will help organizations with tons of on-prem infrastructure.
The first step of this transition should be Windows 10 co-management with SCCM and Intune. Prominent organizations can’t take a big leap toward modern management. Co-management is the best approach to transformation in a controlled and iterative way.
Entry Points to Co-Management?
A more detailed explanation is available in the following post – SCCM CMG SCCM Cloud Management Gateway Workflow Scenarios 1 (anoopcnair.com).
- SCCM + Domain Joined Devices
- Intune + AAD Joined Devices
SCCM + Domain Joined Devices
Assume that your organization is already an SCCM shop, and SCCM manages all the devices. We can offload some of your SCCM workloads to Intune in this scenario.
When you have Windows 10 device which the SCCM client already manages, you can configure co-management to offload compliance policy workload to Intune.
From my perspective, setting up a compliance policy in Intune is a much better experience than in SCCM. Moreover, there are some advanced controls in Intune compliance policies.
After the co-management configuration, compliance policies can be deployed via Intune. We don’t need to create and implement compliance policies from SCCM.
Instead, we can use Intune to deploy compliance policies. Other workloads like Win 32 application deployment can be handled through SCCM.
Intune + AAD Joined Devices
Assume that you have Intune setup and your organization doesn’t have any on-prem infrastructure. The devices are already managed through Intune. Today, we have some gaps with Intune management like Win 32 application deployment.
If your organization wants to deploy a Win 32 application with some complicated command line to an Intune managed device, we need some help from SCCM. This is where the second entry point of Co-management comes into the picture.
You can configure the SCCM to perform co-manage of that machine with Intune, as you can see in the co-management configuration video above. Intune can deploy an SCCM client to Intune managed devices so that the device would be capable of installing Win 32 applications via SCCM.
Co-Management SCCM Pre requisites?
There is no specific prerequisite to enable co-management except some details outlined in Microsoft documents like Azure AD, Intune, etc.
- Configuration Manager
- Azure Active Directory (Azure AD)
- Microsoft Intune
- Windows 10
- Permissions and roles
When you want to use both the entry points to co-management, there are two prerequisites from the SCCM side. Those requirements are CMG (Cloud Management Gateway) and Cloud DP (CDP). CDP and CMG are Platform as a Service (PaaS) solutions in Azure. CMG and CDP have their prerequisites which I’m not going to cover in this blog.
NOTE! – This CMG/CDP prerequisite is applicable only when you want to install ConfigMgr/SCCM client on to Intune Windows 10 devices from the internet when the client doesn’t have the SCCM on-prem infra reachability.
Cloud Management Gateway (CMG)
Cloud Distribution Point (CDP)
The Cloud Management Gateway is an SCCM proxy management point solution hosted in the Azure cloud service.
Example:- A client from the internet contacts SCCM to get policies. The request will reach CMG. And the CMG will forward this request from a client to on-prem SCCM components. The on-prem SCCM component will validate the request and provide policies via CMG.
The Cloud Distribution Point is another PaaS solution in Azure, and it’s a content location in the cloud. The CDP role is similar to the on-prem Distribution Point role. Clients from the internet can easily get the content from Cloud Distribution Point.
Sample High-Level Architecture of Co-Management with SCCM & Intune
Do you want to download the SCCM Architecture Visio Diagram? Check out 👍👍 SCCM Architecture Visio Template Download from GitHub Throwback.
What is Enterprise Endpoint Experts (E³) Podcast?
Adaptiva has insightful articles and videos from IT industry experts on their website Adaptiva Academy. E³ podcast is an excellent resource for video/audio interviews with SCCM, Intune, and Security experts from the industry.
Bill is an excellent host of Adaptiva’s E³ podcasts. He is very serious with all his interviews. I had a unique experience being his guest for this month’s Enterprise Endpoint Experts (E³) Podcast.
Plan for the cloud management gateway in Configuration Manager Co-Management - Ask Microsoft Anything (AMA) about Co-Management How to Setup SCCM CB and Intune Co-Management Co-management of Windows 10 and Office 365 ProPlus with SCCM and Intune
Anoop is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.