SCCM Intune Architecture Decision Making Tips and Sample Diagram Configuration Manager ConfigMgr. High-level (generalized) design decisions are discussed in this post. The most common design decision I have seen is discussed below.
Latest Updated Post – SCCM Architecture Decision Making Guide For 2022 Or Later | Best Practices
I must warn you that this design decision won’t suit all scenarios. This post will see SCCM Intune architecture decision-making tips and sample diagrams.
The design decisions will be based on the existing SCCM/ConfigMgr CB environment and will replicate some of the features as per the requirement. An SCCM solution will be implemented to provide device management facilities for fully managed Windows servers and Windows endpoints.
A standalone Intune platform will also be installed on managed mobile devices (iOS, Android, Windows 10 modern device via MDM channel).
- SCCM Servers On-Premises or AZURE?
- CAS and NO CAS SCCM Server
- Intune Hybrid – Intune Standalone?
- Integration with ISVs ServiceNow/Remedy?
- Windows 10 Co-Management?
- SCCM/Intune High Availability-DR Options?
- Intune SCCM Architecture Diagram
- Other Design Decisions
SCCM Servers On-Premises or AZURE?
Can we install SCCM/ConfigMgr CB infrastructure in Microsoft Azure? Installing SCCM servers in Azure supported? Yes, we can install SCCM CB infra in Microsoft Azure. And this is fully supported by Microsoft.
Microsoft doesn’t provide any supporting statement about hosting SCCM infra in the AWS IaaS solution, but it should work well if all the communication ports are open. I know some customers are running SCCM infra in AWS. This is the first step toward SCCM architecture decision-making.
Decision – CAS and NO CAS SCCM Server
A CAS (Central Administration Site) is the SCCM/ConfigMgr site server role. I would recommend avoiding SCCM/ConfigMgr CAS server wherever possible.
I don’t think; you need to have an SCCM hierarchy with CAS in 99% scenarios. There are several blog posts about CAS or NO CAS decision-making. “Determine when to use a central administration site (CAS).”
I will surely go with a standalone SCCM primary server in most SCCM infrastructures.
Whether to go with Intune hybrid with SCCM or Intune standalone? This is the most critical decision for your organization. Microsoft’s recommendation is to go with Stand-alone Intune and stand-alone SCCM/ConfigMgr. I don’t recommend Intune hybrid architecture.
Microsoft already provides detailed documentation of this decision-making. More details
Microsoft also has complete documentation about migrating Intune hybrid users to Intune standalone. So, it’s clear that Microsoft recommends going with Intune standalone and SCCM Stand-alone infrastructure.
Do not go with Intune Hybrid Solution with SCCM/ConfigMgr.
Integration with ISVs ServiceNow/Remedy?
Can Intune get integrated with ISVs like ServiceNow or Remedy? SCCM can get integrated with various 3rd party service providers like ServiceNow or Remedy. IT service management tools are essential for most organizations.
As SCCM is having vast majority market share in the device management world, this is one of the critical points that we should consider while architecture decision making.
Microsoft Intune has a way to hook into ISVs like Remedy and ServiceNow for IT service management and as well as for asset management. This integration can be achieved through Microsoft Graph APIs. But, I didn’t hear anything from Remedy or ServiceNow about Intune integration.
Windows 10 co-management is a dual management capability available with Windows 10 1709 version (Fall Creators Update) and later. Co-management is the bridge between traditional management and modern management.
Managing Windows 10 with Intune is a possible option for some scenarios. But there are some challenges with Intune management for large enterprises. These challenges could be because of
- Win 32 Application Delivery Mechanism
- Application Deployment Automation with ISV
- Bandwidth Issues (Delivery Optimization is only available for some channels)
- Complex Operating System Deployment (OSD) scenarios
- Existing investment in SCCM echo system
The co-management option could allow the organization to process the workload from on-prem to the cloud. The co-managed Windows 10 devices would be visible in the SCCM and Intune console ( + Database).
SCCM/Intune High Availability-DR Options?
Is SCCM/Intune treated as a business-critical service within your organization? Most organizations won’t treat SCCM as an essential business service (unlike exchange online).
But, in the modern world, with Intune and co-management options, we may need to rethink this strategy. From my perspective, SCCM is not business-critical. We can live without SCCM for hours (4-8).
What are the DR or High Availability(HA) options available for SCCM? Microsoft SCCM product group (development team) is working to improve the HA/DR options for SCCM/ConfigMgr.
One of the improvements which are already there in the production version of SCCM CB 1706 and later is SQL Availability groups. SQL Server Always On availability groups as high availability and disaster recovery solution for the site database.
When you use the SQL availability group then, you need to adjust your backup and restore procedure of your SCCM infra.
SCCM Primary Passive Server installation option is available in the Preview versions of SCCM CB. SCCM’s primary passive site server option is not enabled for production versions of SCCM CB.
The Passive mode SCCM site server is in addition to your existing SCCM primary site server that is in Active mode.
Intune SCCM Architecture Diagram
Following is the sample Intune SCCM/ConfigMgr architecture diagram. This explains the high-level flow between Intune/SCCM/CMG/Cloud DP and the Co-managed Windows 10 devices.
Other Design Decisions
There are several other critical design decisions. I won’t be able to cover all these in this post. Some of them will be discussed at the Bangalore IT Pro event on 16th Dec 2017.
I will try to share the presentation deck after the event.
- SCCM Tier 2/3 Hierarchy Strategies (Secondary servers/Remote DPs/MPs)
- SCCM Servicing Strategy
- SCCM Client Management Strategy
- SCCM Application Management Strategy
- SCCM Software Update Strategy
- SCCM Backup and Restore Strategy
- SCCM Backup, Restore, and Availability Requirements
- SCCM/ConfigMgr 2012 and 2007 High-Level Architecture Design Guide
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc……………