Introduction

Continuing the Co-management journey from last week, where I went through the steps required to setup co-management with Configuration Manager. This week I’m moving the Endpoint Protection workloads into Intune MDM. The ability to transition the Endpoint Protection workloads is brand new, and became available in Configuration Manager 1802. As of now, the endpoint protection workloads consists of following features:

Windows Defender Application Guard
Windows Defender Firewall
Windows Defender SmartScreen
Windows Encryption (BitLocker)
Windows Defender Exploit Guard
Windows Defender Application Control
Windows Defender Security Center
Windows Defender Advanced Threat Protection

Following walkthrough is exactly how I moved some of the Endpoint Protection features (more specifically Exploit Guard and some modifications to the Defender Security Center) into Intune MDM for at pilot group consisting of computers.

Endpoint Protection device configuration profiles

Introduction

Co-management! It was announced last year at Ignite in Orlando and it’s being pushed heavily these days by Microsoft. For those who don’t know the ups and downs, co-management is basically (for those using ConfigMgr already) managing computers with both a Configuration Manager client and Intune MDM.

There are different possibilities to achieve co-management. It may sound complicated, but it’s not. I will walk you through the few steps required, as well as cover the precise prerequisites and how to troubleshoot issues if any. Note: This is precisely how I have done in a production environment. Curious? Read on 🙂

My 2 devices being co-managed

Flipping the switch, part 2: Moving Endpoint Protection workload to Intune MDM (Co-management with SCCM)

Introduction

Flipping the switch: How to enable Co-management in SCCM Current Branch (System Center Configuration Manager)

Introduction