In this post, I will cover the Windows 10 Co-Management end-user experience. I have a series of posts in the Windows 10 co-management topic, and this is the last post on that series. Microsoft is still performing design changes in co-management topics, and this is expected to get more and more interesting in later versions of SCCM. I did all my co-managements posts with SCCM 1802 product release.
This post is my post number 10 (ten) to help you to configure Windows 10 Co-Management in a lab environment. I would recommend reading Microsoft documentation to get the latest update about the co-management features. I have attached Microsoft documentation links in all of my blog posts to make it easy for you.
(End User = Admins, Support teams, and Business users)
All in One - How to Setup Co-Management Eight(8) Video Tutorials
Co-Management Related Posts
Overview Windows 10 Co-Management with Intune and SCCM Custom Report to Identify Machines Connected via SCCM CMG How to Setup Co-Management - Introduction - Prerequisites Part 1 How to Setup Co-Management - Firewall Ports Proxy Requirements Part 2 Setup Co-Management - AAD Connect UPN Suffix Part 3 Setup Co-Management - CA PKI & Certificates Part 4 Setup Co-Management Cloud DP Azure Blob Storage Part 5 Setup Co-Management Azure Cloud Services CMG Part 6 SCCM Configure Settings for Client PKI certificates Part 7 How to Setup SCCM Co-Management to Offload Workloads to Intune - Part 8 How to Deploy SCCM Client from Intune - Co-Management - Part 9 End User Experience of Windows 10 Co-Management - Part 10
Video Tutorial – End User Experience of Windows 10 Co-Management
User Communication Management of Windows 10 Co-Management
The real world end user experience of using SCCM and Intune co-managed Windows 10 device is a bit different from normal SCCM managed device. We should communicate this change to end users and support teams. This change communication will make their life easy. I hope SCCM and Intune product teams are working to improve the end-user experience of co-managed devices.
What is the tool they want to use for application installation?
Software Center ? Application Catalog ? Intune Company Portal/ https://portal.manage.microsoft.com/Apps ? Windows store for Business?
Windows 10 Co-managed Device – How to Refresh SCCM/Intune Policies ?
As mentioned in SCCM 1806 TP post, now users or admin can sync the Intune and SCCM policy refresh from one place (download client policy or SCCM client agent). This MDM sync will automatically happen when you change the workload switch settings in co-management configuration properties. You don’t need to do the sync from both the management tools like Intune MDM setting and SCCM client agent settings.
SCCM CB 1806 (TP) client actions from a co-managed device automatically synchronize MDM policy from Microsoft Intune. This sync also happens when you initiate the Download Computer Policy action from Client Notifications in the SCCM console.
How to Install SCCM client on Intune Managed Windows 10 Device?
I have an Intune managed Windows 10 device. In this post, I will show the experience of getting that device into SCCM management. As discussed in the previous post, I have deployed a required SCCM client application from Intune to this Windows 10 device.
You can check the status of the SCCM client deployment from https://portal.manage. microsoft.com/Apps. As you can see in the video tutorial, the content is downloaded from the cloud DP, and the client got installed. The co-management status of the Windows 10 device got updated in SCCM console only after a couple of policy refreshes.
Immediate use of Microsoft Intune features for SCCM Managed Devices
Immediate use of Microsoft Intune features which would be available for SCCM managed devices in a co-managed scenario.
Remote Actions Factory reset Selective wipe Delete devices Restart device Fresh start
SCCM Orchestration with Intune for the following workloads
SCCM can offload the workloads to Intune for following workloads. As I explained in this post, SCCM can take care of Intune workloads like application deployment. SCCM can be used for deploying the complex MSI applications for a co-managed device.
Compliance Policies Device Configuration (Available with SCCM TP 1805 or later) Resource Access Policies (WiFi, VPN profiles) Endpoint Protection Configuration Policies Office Click-to-Run Apps (Available with SCCM TP 1806 or later) Windows Update Policies (Patching without on-prem WSUS/SUP)
SCCM Client Status from the Control Panel Applet
Following are the Windows 10 co-management properties for SCCM client applet. There are 55 co-management capabilities with SCCM 1802 production version. When a device is co-managed, the co-management feature should be enabled in SCCM client applet.
Client Certificate: Self-signed Co-management Capabilities:55 Co-Management:Enabled Connection Type:Currently Internet
In the screenshot below, you can see the initially the connection type was Currently INTRANET. The connection type is changed to Currently Internet after a couple of policy refreshes. Once all the policies are delivered to the client, the status is changed to “Currently Internet” in SCCM client applet in control panel.
SCCM Console – How to check Windows 10 Co-Management Status of a Device?
As you can see in the video tutorial, check whether the device is enabled for co-management from SCCM console. You may need to add an additional column “Co-Managed” to get co-management information in the SCCM 1802 console.
Intune Portal – How to check Windows 10 Co-Management Status of a Device?
As you can see in the video tutorial, check whether the device is enabled for co-management from Intune portal. All devices tab in Intune blade will help you to vide the co-managed status of a Windows 10 device.
Managed by MDM Managed by MDM/ConfigMgr Agent/SCCM Agent