Co-Management at Microsoft

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

At Microsoft we have been driving several key initiatives for the device management strategy which aligns with Modern management and Zero Trust Networking. With our north star goal, we started our co-management journey last year to concurrently manage Windows 10 devices by using both Configuration Manager (a.k.a SCCM or ConfigMgr) and Microsoft Intune. One of the key driving factorwas for us to start leveraging additional cloud-powered capabilities like conditional access. The purpose of this post is to share the progress and plan for our co-management roadmap at Microsoft. This is one of the first posts on co-management where we share what we have done so far, and we will share in depth details for different co-management workload transition experience and learning in coming months. 

 

There are two paths available for co-management. At Microsoft we leveraged both paths which are auto enrolling all existing Configuration Managed devices and bootstrapping with modern provisioning, where Intune was used to deploy Configuration Manager client on Azure AD joined devices.  

 

Today we have 220,000 co-managed devices at Microsoft where 200,000 devices are Hybrid AD joined and 22,000 devices are Azure AD joined. 

 pic1.jpg

 

 

Workload: The real benefit of co-management begins when we start switching workloads to Intune as the primary authority for the workload management. Our goal is to have all workloads switched to Intune in next one year. With all current available workloads, we started with Compliance Policies workload and switch to Intune which allows us to start using Conditional Access for Hybrid AD joined Configuration Manager managed devices. For several other workloads, such as Endpoint protection and Resource access policies, we are in the process of piloting with limited devices before we switch for all managed clients later this year.  

 pic2.jpg

 

 

How to use pilot groups for each workload  

This is one of the key features we have been waiting for and now it has been released in Configuration Manager 1906 current branch. This allows us to have multiple pilot groups for co-management workloads. Multiple pilot groups will help us to do core validations, proof of concepts and production roll outs, simultaneously, when switching workloads from Configuration Manager to Intune. 

 pic3.jpg

 

 

We hope this post helps in sharing overview of co-management journey at Microsoft and we will come back with more learning for each workload transition in future posts 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.