Hi
Looking to fully utilize Intune features and capabilities and
move away from current cloud attached model, ie. Intune and Configuration Manager
(SCCM) working in co-management mode (hybrid mode) to cloud-only model (Only
Intune without SCCM).
Any Steps or documentations how to get started and what are the considerations need to be performed?
Going to cloud-only is the right way to go, Intune is basically capable of almost anything that SCCM does, though some actions need different approach. If you want to get your AD computer members to cloud only, the ugly fact is that you need either to disjoin them from AD manually and join them to AzureAD manually as well, or re-install it clean with autopilot. There is no automated & clean way to transform from AD to AAD only.
Hi
Thanks for the response. However can you please go through below urls 3rd party
Also i raised ticket with Microsoft Support team they also share link:
Microsoft Support Shared Link
So would like to confirm if above steps works since co-management already enabled and we need to just move to Intune without end user impact.
Like Shift workload from SCCM to Intune and after verify all configurations/policies completely switch to Intune.
Sure you can continue working in hybrid mode and not shut down AD and SCCM, and move with time all workloads to Intune, but you will be always stuck with on-prem.
Yes that seems to be fine for client too by telling them limitations, basically currently they only want to remove co-management model and have plan to manage devices from Intune. So in that case do client need to re-purpose devices again or any end user impact if we do shift workload as per mentioned link:
Link 1 from System Center Dudes is useless and outdated.
Link A is useless and outdated, you should ignore that and inform whoever gave it to you from support of the same -- have them ping me directly if they have questions.
Link B can be used but doesn't achieve your stated goal.
For your stated goal, the only thing you must do technically is remove the ConfigMgr agent. This assumes that by "hybrid mode" you mean hybrid Azure Active Directory join. As @yannara calls out as well though, you should strongly consider implementing full Azure Active Directory join as well for new devices and develop a plan to transition your existing hybrid Azure Active Directory joined devices to Azure Active Directory join.
Hi
Thanks Jason for your contribution and suggestion. As far your response it means we first need to engage with Fast Track team to discuss whole scenario. However just for the info like asking from @yannara too.
What if client wants to keep on-Prem AD & SCCM and continue to use Hybrid Model for other purpose and only wants to remove co-management model from their environment and have plan to manage devices including Configurations/Polices via Intune. If consider below link. Can you share your valuable response on that is that possible?
Basically again their requirement is to remove co-management model and move to Intune and manage devices from intune without end user impact as its production environment.
Basically again their requirement is to remove co-management model and move to Intune and manage devices from intune without end user impact as its production environment.
That's exactly what I answered above: remove the ConfigMgr agent from the endpoints. Done. This will remove co-management. Moving workloads has no value unless the ConfigMgr agent is installed on the endpoints. As long as you/they have replicated all necessary configurations, settings, policies, etc. that are enforced using ConfigMgr in Intune, there will be no impact.
Ok seems like better option.
First remove agent from all devices. Once done.
So here are two more options that comes in , hope so you could also guide me on that on next step after agent remove:
If they replicated all necessary configurations, settings, policies, etc. that are enforced using ConfigMgr in Intune then still we need to shift workloads? as per above link? Also during that how device get connected ?
If all necessary configurations, settings, policies, etc. are not replicated let say then still we need to shift workloads? or need to adopt other approach like from scratch? Also during that how device get connected ?
As noted, co-management workloads are irrelevant for non-co-managed endpoints. Co-management workloads are a function of the ConfigMgr agent, thus no agent, no workload. Everything will come from Intune as that's the entire point of removing the ConfigMgr agent and moving away from ConfigMgr and co-management.
I have no idea what you are asking about getting connected. Getting connected to what?
Since on Microsoft URL shared earlier i guess that point did not mention so get confused. So what I understood is that removing SCCM agent from client machines that are bulk in number will automatically remove co-management feature and there is no need to do additional steps. Right?
Secondly let me elaborate above points
Like currently all devices Laptops/Mobile enrolled and state show co-management including configuration/polices are managed via SCCM with hybrid mode on device while basic configuration done by client on Intune and device status is co-management mode. So my point is after removing agent do we need to do autopilot/re-enroll devices what will be the device state after removing agent Is that Intune based or after change MDM authority it show state then? Plus how devices get policies/profiles during that specific time while removing agent at first step.
Although Its production environment did we need to re-configured all below Polices/Profiles on Intune or existing on-Prem can be used.
Compliance Policies
Device Configurations including Endpoint Policies/Resource Access
Client Apps
Office C2R
Windows Update Polices
May be this discussion will be out of scope for you , Basically i need to summarize this while discussion with client very soon by telling that these are the steps we need to perform 1,2,3,4 etc. and you are good to go that what i try to make it clear from you.
Same answers. Co-management is a function of the ConfigMgr agent. If you remove it, co-management is also removed. There is nothing additional you need to do assuming that you've already moved all required policies, configuration, settings, etc. to Intune and targeted them appropriately.
Plus how devices get policies/profiles during that specific time while removing agent at first step.
After removing the ConfigMgr agent, they will be Intune managed only which is why you need to move your policies, configurations, settings, etc. to Intune before you remove the ConfigMgr agent.
Although Its production environment did we need to re-configured all below Polices/Profiles on Intune or existing on-Prem can be used.
Same answer, on-prem is irrelevant as that's the entire point here. Removing co-management and the ConfigMgr agent means all you have left is Intune.
Hi Jason,
Thanks alot for clarification and guidance. Just now get better clarity about it until get another requirement from client end. I will try follow that approach and will share experience.
5 people are following this question.
