Microsoft Bringing 'Comanagement' to Intune and SCCM
- By Kurt Mackie
- October 02, 2017
Two of Microsoft's client management products, System Center Configuration Manager (SCCM) and Intune, got a new "comanagement" capability last week.
Comanagement permits organizations to domain-join client devices concurrently to Active Directory used on-premises and the Azure Active Directory service, which is Microsoft's cloud-based identity and access service. Once joined, under the comanagement scheme, either solution -- SCCM or Intune -- can be used to manage these devices.
Previously, it was possible to manage mobile devices through SCCM by using a connector to Intune. The idea behind comanagement, though, isn't so much about consolidating management tools. It's aimed at carving a path toward using Intune as the primary device management tool when an organization is ready. Microsoft is adopting this same sort of plan for its own operations, as it explained back in June.
Microsoft views comanagement as a transitional tool that will help organizations get to so-called "modern management" using Microsoft 365 solutions. "Microsoft 365" is branding for a licensing bundle that can include the rights to use Office 365 applications, Windows 10, and the Enterprise Mobility + Security offering (which includes Intune, along with security capabilities). Next month, Microsoft is expected to roll out new Microsoft 365 licensing options, including an F1 licensing product for "firstline workers."
The ability to use comanagement with Windows 10 devices will depend on having the Windows 10 "Fall Creators Update" in place, which is planned for release on Oct. 17. There's also a version dependency for SCCM ("ConfigMgr"):
"We are planning to make co-management generally available with the 1710 release of ConfigMgr Current Branch later this year," Microsoft explained in an announcement last week.
The comanagement approach is seen as a bridge for organizations managing Windows 7 clients. The announcement offered a diagram (see below), showing a rough timeline toward getting to modern management. Curiously, the timeline is associated with Windows 7's end of "extended support," which is slated to occur on Jan. 14, 2020:
Other modern management capabilities include the ability for end users to self-provision new Windows 10 PCs using Microsoft's coming Windows AutoPilot service. Under this approach, which is conceived as a replacement for traditional device imaging, IT pros can set up baseline device configurations using Intune and the AutoPilot service will just prompt end users to answer five questions after unboxing and powering up the device, according to this Microsoft video.
With Windows AutoPilot, end users just need to be able to log into the device using their Azure AD password and they'll get a personalized desktop. The actual provisioning process does not require that end users have a connection to a corporate network, according to the video.
Other Intune Enhancements
Intune has Management Extensions that add to its mobile device management capabilities. A new extension will be coming to Intune will let IT pros run PowerShell scripts on any device managed by Intune. Microsoft also is planning to add an Intune management extension that will permit the management of Win32 applications and .EXE apps, which are capabilities that Intune has lacked, the video explained. It's not clear when those capabilities will arrive.
Microsoft also announced last week that Intune is now integrated with Jamf Pro, a service for managing Apple devices. The integrated solution will enable "automated compliance management" for macOS devices when they use applications authenticated with Azure AD. This conditional access scheme for macOS devices is expected to be available "in late 2017," according to the announcement.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.