Co-Manage - SCCM/Intune

Question

Hi All,

I need some advice on the below issue please

I have configured co-manage between SCCM & Intune to offload the Windows update and client apps to Intune. I am able to deploy client apps, PS script or Update from Intune with Intranet

But when it comes to VPN, no machines are getting enrolled automatically. Those devices are Azure AD joined already but its not getting Hybrid AD join since there is no line of sight with DC.

Is that VPN should have line of sight with DC? Which port needed? Even GPupdate /force is failing
VPN User wer able to logon to O365 environment and there is no issues?
When VPN user connect to Intranet ? it gets Hybrid immediately?

Answer 1

For hybrid Azure AD joined, device need to connect to domain controller for registration process. you will need to fix the domain controller connectivity issues before fixing the hybrid AAD joined issues.

Answer 2

Hi @karthik palani ,

There are two main paths to reach to co-management: 1.Existing Configuration Manager clients 2.New internet-based devices

Is it the path of New internet-based devices, if so, we could check bootstrap with modern provisioning, here is the article to refer to:
https://learn.microsoft.com/en-us/mem/configmgr/comanage/quickstart-paths#bkmk_path2

Besides, Agree with EswarKoneti, we could try to fix the domain controller connectivity issues.

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

Those devices are Azure AD joined already but its not getting Hybrid AD join

A device cannot be both Azure AD domain joined and Hybrid Azure AD domain joined. Are you sure the devices are AAD domain joined or are they just AAD registered?

Co-management requires either hybrid AAD domain joined or AAD domain joined.