Deploy the SCCM Client using Microsoft Intune and the Cloud Management Gateway (CMG without PKI certificates)

November 1, 2018October 25, 2018 by Martin Bengtsson

Introduction

Last week I blogged about how to get properly started with Windows AutoPilot. This week I’m continuing on the topic, and going into details on how you can deploy the SCCM (System Center Configuration Manager) client as a part of the Windows AutoPilot enrollment and thus achieve Co-management with SCCM and Microsoft Intune.

I have previously blogged a lot about Co-management. Focus here has been enrolling devices already managed by SCCM into Intune MDM.

This post is the opposite. This time we are deploying a device through Windows AutoPilot, enrolling it into Microsoft Intune and then deploying the SCCM client through the Cloud Management Gateway. Sounds interesting? Read on 🙂

Find all my Co-management posts here: https://www.imab.dk/category/co-mgmt/
- My post about setting up the Cloud Management Gateway without PKI certificates is especially of interest if pursuing Co-management

How to get properly started with Windows AutoPilot: Everything you initially need to know!

October 21, 2018October 20, 2018 by Martin Bengtsson

Introduction

It’s time for me to take on a new topic on the blog. I have been experimenting, working and blogging a lot about SCCM, Intune and Co-management, but never really touched base with Windows AutoPilot. Time is due and this will be the first in a series of posts about Windows AutoPilot and how to eventually reach Co-management with SCCM and Microsoft Intune through Windows AutoPilot.

First things first though. This post will give you everything you need to know on how to properly get started with Windows AutoPilot. Curious? Read on 🙂

A peek into my AutoPilot devices in my test tenant 🙂

Auto MDM Enrollment fails with error code 0x8018002a (Troubleshooting MDM enrollment errors. Co-management with ConfigMgr and Intune)

November 12, 2019September 22, 2018 by Martin Bengtsson

Introduction

Not going to do a great introduction on this one, but I think it deserves a mention anyway (I couldn’t find the situation or error explained elsewhere). More specifically, this is about an error I encountered myself in a Co-management scenario, where the computer fails the auto enrollment into Intune MDM. Let’s dig in 🙂

Setting up Cloud Management Gateway (CMG) in SCCM 1806 (HTTP mode without trusted root certificates)

January 4, 2019August 5, 2018 by Martin Bengtsson

Introduction

More Configuration Manager 1806 and more awesomeness. 1806 gives us additional improvements to the Cloud Management Gateway and removes the need for PKI in your environment. With these improvements, it has never been easier to setup the CMG. In this post I will walk you through the exact steps I went through in order to successfully deploy the CMG in a HTTP only environment.

A ready Cloud Management Gateway displayed in the console

Flipping the switch, part 4: Moving Device Configuration workload to Intune MDM (Co-management with SCCM 1806)

August 3, 2018August 2, 2018 by Martin Bengtsson

Introduction

Again, continuing the Co-management and flipping the switch journey, and moving the brand new Device Configuration workload to Intune MDM. This is the latest addition to the co-management world introduced in Configuration Manager 1806 (released 2 days ago at time of writing) and it’s absolutely amazing.

This means we finally (almost) can ditch group policies altogether and do our device configurations with Intune MDM. I will give you how to and an excellent example in this post. Read on. 🙂

The highlighted configurations now also work on co-managed computers

Flipping the switch, part 3: Moving Software Updates workload to Intune MDM (Co-management with SCCM)

December 21, 2018June 27, 2018 by Martin Bengtsson

Introduction

Continuing on the Co-management and flipping the switch journey. I have previously been going through how to initially enable Co-management with Configuration Manager and Microsoft Intune, and how to move some of the Endpoint Protection workloads to Intune MDM.

This time I will walk you through how I moved the Software Updates workload from Configuration Manager to Intune MDM. Everything still based on a production environment and along the lines some additional ramblings on the topic.

Example of 2 Windows 10 update rings in Microsoft Intune

Microsoft Intune and Conditional Access in a Co-management scenario

June 5, 2018June 5, 2018 by Martin Bengtsson

Introduction

Last week I gave an example on how to leverage Microsoft Intune and Conditional Access to restrict access to Exchange Online for iOS devices. This week, I’m continuing the use of Microsoft Intune and Conditional Access, and will give an example on how to restrict access to company e-mail if not using a Windows 10 1803 device. All of this based on a computer co-managed with both Microsoft Intune and Configuration Manager.

So basically; no e-mails if not running on the latest and greatest version of Windows 10 on my co-managed device.

Flipping the switch, part 2: Moving Endpoint Protection workload to Intune MDM (Co-management with ConfigMgr)

November 12, 2019April 18, 2018 by Martin Bengtsson

Introduction

Continuing the Co-management journey from last week, where I went through the steps required to setup co-management with Configuration Manager. This week I’m moving the Endpoint Protection workloads into Intune MDM. The ability to transition the Endpoint Protection workload is brand new, and became available in Configuration Manager 1802. As of now, the endpoint protection workload consists of following features:

Windows Defender Application Guard
Windows Defender Firewall
Windows Defender SmartScreen
Windows Encryption (BitLocker)
Windows Defender Exploit Guard
Windows Defender Application Control
Windows Defender Security Center
Windows Defender Advanced Threat Protection

Following walkthrough is exactly how I moved some of the Endpoint Protection features (more specifically Exploit Guard and some modifications to the Defender Security Center) into Intune MDM for at pilot group consisting of computers.

Endpoint Protection device configuration profiles

Flipping the switch: How to enable Co-management in SCCM Current Branch (System Center Configuration Manager)

September 29, 2019April 15, 2018 by Martin Bengtsson

Introduction

Co-management! It was announced last year at Ignite in Orlando and it’s being pushed heavily these days by Microsoft. For those who don’t know the ups and downs, co-management is basically (for those using ConfigMgr already) managing computers with both a Configuration Manager client and Intune MDM.

There are different possibilities to achieve co-management. It may sound complicated, but it’s not. I will walk you through the few steps required, as well as cover the precise prerequisites and how to troubleshoot issues if any. Note: This is precisely how I have done in a production environment. Curious? Read on 🙂