SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr

SCCM Intune Architecture Decision Making Tips and Sample Diagram Configuration Manager ConfigMgr. High-level (generalized) design decisions are discussed in this post. The most common design decision I have seen is discussed below.

I must warn you that this design decision won’t suit all scenarios. This post will see SCCM Intune architecture decision-making tips and sample diagrams. A standalone Intune platform will also be installed on managed mobile devices (iOS, Android, and Windows 10 modern devices via the MDM channel).

The design decisions will be based on the existing SCCM/ConfigMgr CB environment and will replicate some of the features as required. An SCCM solution will be implemented to provide device management facilities for fully managed Windows servers and Windows endpoints.

This post provides all the details of the SCCM Intune Architecture Decision-Making Tips Sample Diagram Configuration Manager ConfigMgr.

Patch My PC

Video – Intune Design Decisions – SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr

What are Intune Design Decisions | Why Intune Standalone Architecture? No Integration with SCCM? From this video, you will get details on Intune Design Decisions—the critical decision points on Intune Architecture.

SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr – Video 1
Index
SCCM Servers On-Premises or AZURE?
CAS and NO CAS SCCM Server
Intune Hybrid – Intune Standalone?
Integration with ISVs ServiceNow/Remedy?
Windows 10 Co-Management?
SCCM/Intune High Availability-DR Options?
Intune SCCM Architecture Diagram
Other Design Decisions
SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr – Table 1

SCCM Servers On-Premises or AZURE?

Can we install SCCM/ConfigMgr CB infrastructure in Microsoft Azure? Is installing SCCM servers in Azure supported? Yes, we can install SCCM CB infrastructure in Microsoft Azure. Microsoft fully supports this.

More details about on-prem or Azure (IaaS)

Microsoft doesn’t provide any supporting statement about hosting SCCM infra in the AWS IaaS solution, but it should work well if all the communication ports are open. I know some customers are running SCCM infra in AWS. This is the first step toward SCCM architecture decision-making.

Adaptiva
SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr - Fig.1
SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr – Fig.1

Decision – CAS and NO CAS SCCM Server

A CAS (Central Administration Site) is the SCCM/ConfigMgr site server role. I would recommend avoiding the SCCM/ConfigMgr CAS server wherever possible.

I don’t think you need to have an SCCM hierarchy with CAS in 99% of scenarios. There are several blog posts about CAS or NO CAS decision-making. “Determine when to use a central administration site (CAS).” I will surely use a standalone SCCM primary server in most SCCM infrastructures.

Intune Hybrid – Intune Standalone?

Whether to go with Intune hybrid with SCCM or Intune standalone is the most critical decision for your organization. Microsoft recommends going with Stand-alone Intune and stand-alone SCCM/ConfigMgr. I don’t recommend Intune hybrid architecture. Microsoft has already provided detailed documentation of this decision-making process. More details 

Choose between Microsoft Intune standalone and hybrid with SCCM

Microsoft also has complete documentation about migrating Intune hybrid users to Intune standalone. So, it’s clear that Microsoft recommends going with Intune standalone and SCCM Stand-alone infrastructure. Do not go with Intune Hybrid Solution with SCCM/ConfigMgr.

SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr - Fig.2
SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr – Fig.2

Integration with ISVs ServiceNow/Remedy?

Can Intune be integrated with ISVs like ServiceNow or Remedy? SCCM can be integrated with various third-party service providers like ServiceNow or Remedy. IT service management tools are essential for most organizations.

As SCCM has the vast majority of market share in device management, this is one of the critical points that we should consider during architecture decision-making.

Microsoft Intune has a way to integrate with ISVs like Remedy and ServiceNow for IT service and asset management. This integration can be achieved through Microsoft Graph APIs, but I haven’t heard anything from Remedy or ServiceNow about Intune integration.

Decision – Windows 10 Co-Management?

Windows 10 co-management is a dual management capability available with Windows 10 1709 version (Fall Creators Update) and later. Co-management is the bridge between traditional management and modern management.

More details about co-management are available in my previous post

Managing Windows 10 with Intune is a possible option for some scenarios. However, there are some challenges with Intune management for large enterprises. These challenges could be because of

  • Win 32 Application Delivery Mechanism
  • Application Deployment Automation with ISV
  • Bandwidth Issues (Delivery Optimization is only available for some channels)
  • Complex Operating System Deployment (OSD) scenarios
  • Existing investment in the SCCM echo system

The co-management option could allow the organization to process the workload from on-prem to the cloud. The co-managed Windows 10 devices would be visible in the SCCM and Intune console ( + Database).

SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr - Fig.3
SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr – Fig.3

SCCM/Intune High Availability-DR Options?

Is SCCM/Intune treated as a business-critical service within your organization? Most organizations don’t consider SCCM an essential business service (unlike exchange online). But, in the modern world, with Intune and co-management options, we may need to rethink this strategy. From my perspective, SCCM is not business-critical. We can live without SCCM for hours (4-8).

What are the DR or High Availability(HA) options available for SCCM? Microsoft SCCM product group (development team) is working to improve the HA/DR options for SCCM/ConfigMgr.

One of the improvements already in the production version of SCCM CB 1706 and later is SQL Availability groups. SQL Server Always On availability groups are high availability and disaster recovery solutions for the site database. When you use the SQL availability group, you need to adjust your SCCM infra’s backup and restore procedure.

The SCCM Primary Passive Server installation option is available in the Preview versions of SCCM CB. SCCM’s primary passive site server option is not enabled for production versions of SCCM CB.  The passive mode SCCM site server is in addition to your existing SCCM primary site server, which is in active mode.

SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr - Fig.4
SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr – Fig.4

Intune SCCM Architecture Diagram

The following is the sample Intune SCCM/ConfigMgr architecture diagram. It explains the high-level flow between Intune/SCCM/CMG/Cloud DP and the Co-managed Windows 10 devices.

SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr - Fig.5
SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr – Fig.5

Other Design Decisions

Several other critical design decisions are involved. I won’t be able to cover all of them in this post. Some will be discussed at the Bangalore IT Pro event on December 16, 2017. I will try to share the presentation deck after the event.

More details about the other design decisions

  • SCCM Tier 2/3 Hierarchy Strategies (Secondary servers/Remote DPs/MPs)
  • SCCM Servicing Strategy
  • SCCM Client Management Strategy
  • SCCM Application Management Strategy
  • SCCM Software Update Strategy
  • SCCM Backup and Restore Strategy

Resources

  1. SCCM Backup, Restore, and Availability Requirements
  2. SCCM/ConfigMgr 2012 and 2007 High-Level Architecture Design Guide

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

4 thoughts on “SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr”

  1. Hello Anoop,

    Great articles. I am wondering if you can clarify your comments about this statement “Microsoft’s recommendation is to go with Stand-alone Intune and stand-alone SCCM/ConfigMgr. I don’t recommend Intune hybrid architecture.”

    Are you referring to co-management ?

    Thanks,
    Olu

    Reply
  2. Hi, I was not referring to co-management, but there was a hybrid option at that time, and Microsoft deprecated it after a few years.

    But I also try to avoid co-management, but that is entirely up to your organization’s infrastructure setup.

    Reply
  3. Thanks for the prompt response.

    What are your thoughts on co-management based on experience. What are the reasons to stay away from it?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.