The latest update for SCCM Current Branch is now available and includes the announced co-management feature.

The co-management feature allows you to manage your devices with Intune and SCCM without having to setup an Intune subscription on SCCM. Especially in scenarios where Windows 10 Azure AD Joined device needs to use the SCCM agent.

Once you have installed the SCCM update (as usual you can force it by using the PowerShell script available here https://gallery.technet.microsoft.com/ConfigMgr-1710-Enable-1313c6d2) you will see the Co-Management option in the SCCM console within the Administration workspace.

Before starting it important to note that your MDM authority must be set to Intune

 

SCCM Co-Management Configuration

image

To enable it, just click the Configure co-management button and follow the wizard

First you have to sign in to your Intune tenant using a global administrator account

image

The authentication process supports the new modern sign in experience

image

Once authenticated you will need to define the automatic enrollment mode between none (no enrollment in Intune), Pilot or All. No need to explain the difference here Smile

image

You will also need to copy the SCCM client commands just below to create an app in Intune to automatically onboard device already registered in Intune

Next, you need to define who (SCCM, Intune) will be responsible to manage management workloads; you can select Pilot Intune to get pilot devices being managed by Intune for the specified workload while other device continue to be managed by their current system (SCCM or Intune)

image

If you want to Pilot you then have to define the pilot group (SCCM collection); if you want to have all device on boarded, just skip this step

image

Finally you got the summary of the configuration going to be implemented

image

Once all completed, the co-managed Intune tenant is now displayed and available in the console

image

If you need to change the configuration (for example switching from Pilot to Production to get all devices co-managed), just open the Properties and change the setting(s) you want to modify

image

 

Intune App to Deploy SCCM Client

Once you have setup the co-management feature, you will need to create an app in Intune to deploy the SCCM client,

This is when you will use the value from the Wizard first step. Don’t worry if you did not copy it you can it back using the SCCM console and accessing the co-management properties (see just above)

As Intune deploys only MSI package, you will need to grab the client.msi file from your SCCM server (remember to use the latest SCCM client version available in C:\Program Files\Microsoft Configuration Manager\Client and then the corresponding hardware (x86 or x64))

imageimage
Connect to your Intune tenant (preferably use the Azure ARM portal to access you Intune management) and access the Mobile apps blade

image

Then create the app to deploy the SCCM client by accessing the Apps blade and Add a new application

image

Then select Line of Business app and upload the SCCM client MSI package

imageimage

Then edit the App Information to define the mandatory fields ‘Description’ and Published, as well as to include the command line options; you can also take the opportunity to def
ine additional settings like a logo picture, information or privacy URL

image

Then you need to wait for your package to be completely uploaded

image

Once it is done you can then publish (deploy) the application to your Intune client by accessing the Assignment blade

imageimage

And as result when opening the Company Portal app, end-users are notified to use SCCM Software Center to get the applications

image