Jump to content


ZeZe

ConfigMgr CB with Intune (doubts)

Recommended Posts

Hi all,

 

To anyone that has more knowledge about Intune with ConfigMgr (Hybrid Solution).

 

I manage to install Intune and enroll my iPhone. I deploy 2 apps and it works fine. Then I tried to add my Windows 10 Enterprise (TP) client to the MDM. And here it's where I start to have some doubts.

 

- I cannot enroll my Windows device, if it has already been added to ConfigMgr? Correct?

- I manage to install the company portal and also to add my intune account into this device. But I can't see it in the Intune, only on ConfigMgr console. Is this normal?

- For what I can understand, I can still create my company compliance policies and deploy these configurations to a collection of devices (using ConfigMgr console) and not the MDM. Correct? Therefore, I can't see my Windows device in the Portal company. Correct?

- It sounds that the Hybrid solution is not very clear in terms of how it works with Intune. I understand that all the policies that we create in the ConfigMgr are used by the MDM to deploy them over our mobile devices (in my case only my phone). But if I create additional devices (workstation) and try to managed, I can create policies and deploy it to collection, however, only when the computer is in the company network, the computer will be able to load these new policies. Correct? hmm..

 

I really appreciate any information that helps me to understand a bit more about MDM. It sounds a bit complicated and more complex than I initially anticipated.

 

Thank you in advanced.

Share this post


Link to post
Share on other sites


So let's go down the list...

 

1) You can if its Windows 8/10 via the OMA-URI protocol, but why would you? The ConfigMgr agent will give a way more detailed overview of the system than the Intune MDM one. For Windows 7, this is true - it's either the Intune agent or ConfigMgr agent

 

2) Yes - once you link Intune with ConfigMgr, all data and monitoring is shunted into the ConfigMgr console. There's a caveat here, and that's with devices that have the actual Intune agent installed. These will NOT show in the ConfigMgr console, only on the web portal. I've already raised this issue with Microsoft, we'll see if they ever do anything about it.

 

3) Partly. It is true that once you hook Intune into ConfigMgr, you create all the policies and configuration items in the console, which will then send them to devices via Intune. As for seeing your Windows device in the portal, it depends on how you're linking it - whether by ConfigMgr agent, Intune agent, or OMA-URI protocol.

 

4) When you link Intune with ConfigMgr, think of Intune as a secondary site in the cloud. It gathers data and hosts a database, but basically all the management is done by the primary site (aka your on-prem ConfigMgr infrastructure). So all configuration and policy management is done through the console, and ConfigMgr will automatically take care of managing clients, whether mobile or full clients.

 

Hope that helps a bit!

  • Like 1

Share this post


Link to post
Share on other sites

So let's go down the list...

 

1) You can if its Windows 8/10 via the OMA-URI protocol, but why would you? The ConfigMgr agent will give a way more detailed overview of the system than the Intune MDM one. For Windows 7, this is true - it's either the Intune agent or ConfigMgr agent

 

2) Yes - once you link Intune with ConfigMgr, all data and monitoring is shunted into the ConfigMgr console. There's a caveat here, and that's with devices that have the actual Intune agent installed. These will NOT show in the ConfigMgr console, only on the web portal. I've already raised this issue with Microsoft, we'll see if they ever do anything about it.

 

3) Partly. It is true that once you hook Intune into ConfigMgr, you create all the policies and configuration items in the console, which will then send them to devices via Intune. As for seeing your Windows device in the portal, it depends on how you're linking it - whether by ConfigMgr agent, Intune agent, or OMA-URI protocol.

 

4) When you link Intune with ConfigMgr, think of Intune as a secondary site in the cloud. It gathers data and hosts a database, but basically all the management is done by the primary site (aka your on-prem ConfigMgr infrastructure). So all configuration and policy management is done through the console, and ConfigMgr will automatically take care of managing clients, whether mobile or full clients.

 

Hope that helps a bit!

 

Thank you for your reply! It really helps me!!

 

As for the "portal company" app that we install on the device, this app can be removed by the user? I mean, is it possible to prevent user from removing this app? Maybe a compliance policy will make sure the user cannot uninstall software from the phone?

 

As for software to rollout to an user/device - which I did with 2 apps (Facebook app and CNN), I noticed that when the app is requested to be install it will request user credentials to install the app. This credentials are regarding user Apple Store, however if I wanna to avoid this user credential popup, I would had to have a VPP (Volume Purchase Program). And I think this is only possible if we an organization - I cannot test this. Correct?

 

Thank you!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...