End-User Experience of Windows 10 Co-Management

In this post, I will cover the end-user experience of Windows 10 Co-Management. I have a series of posts on this topic, and this is the last post in that series. 

Microsoft is still making design changes in co-management topics, which are expected to become more interesting in later versions of SCCM. I wrote all my co-management posts with the SCCM 1802 product release.

This post is my post number 10 (ten) to help you configure Windows 10 Co-Management in a lab environment. I recommend reading Microsoft documentation to get the latest updates about the co-management features.

I have attached Microsoft documentation links in all of my blog posts to make it easy.

Patch My PC

(End User = Admins, Support teams, and Business users)

Video Tutorial – End User Experience of Windows 10 Co-Management

In this video, you will learn the end-user experience of Windows 10 Co-Management.

Adaptiva
End-User Experience of Windows 10 Co-Management – Video 1

User Communication Management of Windows 10 Co-Management

The real-world end-user experience of using SCCM and Intune co-managed Windows 10 devices differs from normal SCCM-managed devices.

We should communicate this change to end-users and support teams. This change in communication will make their life easier. I hope SCCM and Intune product teams are working to improve the end-user experience of co-managed devices.

What is the tool they want to use for application installation?

Software Center? Application Catalog? Intune Company Portal/ https://portal.manage.microsoft.com/Apps ? Windows Store for Business?

Windows 10 Co-managed Device – How to Refresh SCCM/Intune Policies?

As mentioned in the SCCM 1806 TP post, users or admins can now sync the Intune and SCCM policy refresh from one place (download client policy or SCCM client agent).

This MDM sync will automatically happen when you change the workload switch settings in co-management configuration properties. You don’t need to sync from management tools, such as the Intune MDM and SCCM client agent settings.

SCCM CB 1806 (TP) client actions from a co-managed device automatically synchronize MDM policy from Microsoft Intune. This sync also happens when you initiate the Download Computer Policy action from Client Notifications in the SCCM console.

How to Install SCCM client on Intune Managed Windows 10 Device?

I have an Intune-managed Windows 10 device. This post will show the experience of getting that device into SCCM management. As discussed in the previous post, I have deployed a required SCCM client application from Intune to this Windows 10 device.

You can check the status of the SCCM client deployment from https://portal.manage. microsoft.com/Apps. As you can see in the video tutorial, the content is downloaded from the cloud DP, and the client gets installed.

The Windows 10 device’s co-management status was updated in the SCCM console only after a couple of policy refreshes.

End-User Experience of Windows 10 Co-Management - Fig.1
End-User Experience of Windows 10 Co-Management – Fig.1

Immediate use of Microsoft Intune features for SCCM Managed Devices.

Immediate use of Microsoft Intune features available for SCCM-managed devices in a co-managed scenario.

  • Remote Actions
  • Factory reset
  • Selective wipe
  • Delete devices
  • Restart device
  • Fresh start

SCCM Orchestration with Intune for the following workloads

SCCM can offload the workloads to Intune for the following workloads. As I explained in this post, SCCM can handle Intune workloads like application deployment. SCCM can be used to deploy complex MSI applications to a co-managed device.

Compliance Policies Device Configuration (Available with SCCM TP 1805 or later) Resource Access Policies (WiFi, VPN profiles) Endpoint Protection Configuration Policies Office Click-to-Run Apps (Available with SCCM TP 1806 or later) Windows Update Policies (Patching without on-prem WSUS/SUP)

SCCM Client Status from the Control Panel Applet

The following are the Windows 10 co-management properties for the SCCM client applet. The SCCM 1802 production version has 55 co-management capabilities.

When a device is co-managed, the co-management feature should be enabled in the SCCM client applet.

  • Client Certificate: Self-signed
  • Co-management Capabilities:55
  • Co-Management: Enabled
  • Connection Type: Currently Internet

In the screenshot below, you can see that the connection type is Currently INTRANET. After a couple of policy refreshes, it changed to the Currently Internet.

Once all the policies are delivered to the client, the status is changed to “Currently Internet” in the SCCM client applet in the control panel.

End-User Experience of Windows 10 Co-Management - Fig.2
End-User Experience of Windows 10 Co-Management – Fig.2

SCCM Console – How to check the Windows 10 Co-Management Status of a Device?

As you can see in the video tutorial, check whether the device is enabled for co-management from the SCCM console. You may need to add the column “Co-Managed” to get co-management information in the SCCM 1802 console.

End-User Experience of Windows 10 Co-Management - Fig.3
End-User Experience of Windows 10 Co-Management – Fig.3

Intune Portal – How to check the Windows 10 Co-Management Status of a Device?

As you can see in the video tutorial, check whether the device is enabled for co-management from the Intune portal. The All Devices tab in the Intune Blade will help you video the co-managed status of a Windows 10 device.

  • Managed by MDM
  • Managed by MDM/ConfigMgr Agent/SCCM Agent
End-User Experience of Windows 10 Co-Management - Fig.4
End-User Experience of Windows 10 Co-Management – Fig.4

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His primary focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.