ConfigMgr Admins Let’s start learning Intune. In this post, I will cover Intune Learning for ConfigMgr Admins. Microsoft Intune and ConfigMgr are part of the Endpoint Manager Product group. Both are part of modern device management solutions from Microsoft.
My recommendation to the SCCM admin is to start learning Microsoft Intune. This is because the Configuration Manager is tightly integrated with Intune and Azure. Tenant attach is one of the features within SCCM. This feature helps admins to manage devices managed by on-prem ConfigMgr servers from the Intune console.
I have a series of posts to explain the difference between SCCM and Intune administration and architecture. Check out those posts:
- Microsoft Intune for SCCM Admins Part 1 (the video post here)
- Microsoft Intune for SCCM Admins Part 2
Introduction to Microsoft Intune for Beginners
I don’t think SCCM will go away for another 5-6 years. Instead, the difference between Intune and ConfigMgr will be blurred more, and more in the coming years with the features like tenant attach.
This is why Brad Anderson mentioned that the truth is really simple: MEM means ConfigMgr has eternal life.
i’ve been asked a couple times today if Microsoft Endpoint Manager means the death of #ConfigMgr —
honestly, the truth is really simple: MEM means ConfigMgr has eternal life!#MSIgnite pic.twitter.com/AeMp5eGxa7— Brad Anderson (@Anderson) November 4, 2019
This post would be useful for Intune newbies. The latest Intune posts are available https://www.anoopcnair.com/intune/
What is Microsoft Intune and How is it different?
Intune is an enterprise mobility management (EMM) solution from Microsoft. The EMM provider helps to manage mobile devices, network settings, and other mobile services and settings.
Microsoft Intune is nothing but a combination of Device, Application, Information Protection, Endpoint Protection (antivirus software), and Security/Configuration policy management solution (SaaS) facilitated by Microsoft in Cloud.
Take Free Intune Subscription
Let’s check the Quickstart: Try Microsoft Intune for free
What are the Management Options in Intune?
Intune can manage macOS, Android, iOS, and Windows devices via MDM (Mobile Device Management) channel. The different Microsoft Intune Enrollment options are explained in the following post.
What is Modern Workplace OSD Replacement (Windows AutoPilot)?
Not really 🙂 But Autopilot is the enrollment service provided by Microsoft from the cloud. We have more posts related to Windows Autopilot in the following link.
https://www.anoopcnair.com/windows-autopilot/
How to Start Using Intune Portal?
Intune portal (console) is part of the Microsoft Endpoint Manager. Let’s learn more about EndPoint Portal – Intune Admin Related Activities.
What are the Intune Team Roles & Responsibilities?
In a high-level following are the roles and responsibilities of Intune team. Some parts of it have the involvement of Azure AD and other teams of the organization.
Understanding the roles and responsibilities will help the IT Pros to understand, How Intune works? And How Intune will be deployed within the organization? More details are available in my previous post “Intune Team’s Roles and Responsibilities.”
Setting up a team is also part of Learn Microsoft Intune process.
User Management Application Creation and Deployment/Assignment Service Administration Mobile Application Management Device/Profile Management Conditional Access Company Resource Access Software Update Management
What is MDM Authority?
Setting up a mobile device management authority is an important first step before starting working with Intune. The Mobile Device Management (MDM) authority determines where you will perform mobile device management tasks.
Monthly or Weekly Updates Of Intune
Let’s find more details about 📌Intune Monthly or Weekly Updates 📌Intune Features in Development 📌Intune Case Studies 📌Devices Node 📌Different Platforms – Windows, Android, iOS, and macOS.
Mobile App Mgmt without Enrollment (MAM)
Microsoft Intune supports MAM without enrollment (MAM WE) and Conditional Access policies for Android devices. There are two types of management options for Windows, Android, and iOS devices with Intune.
The first one is the traditional way of MDM management and the second method of management is the light management of apps that are installed on Android, iOS, and Windows devices via Intune.
BYOD devices are suitable for MAM WE type of Intune management. Intune can also have Conditional Access policies assigned to MAM users.
For example, if a consultant’s device has already enrolled in a 3rd part EMM solution, but he wanted to have access to the client’s corporate email access on his mobile device for a very short period then, The “MAM WE” is the best option for that consultant.
I have a post about MAM WE “How to Enable Intune MAM without Enrollment along with Conditional Access.”
Updated List of Microsoft Intune MAM protected apps – https://docs.microsoft.com/en-us/intune/apps-supported-intune-apps
Intune and macOS Device Management
Intune natively supports Mac Device management. But, the Intune Mac device support is improved a lot. More details What happens if you install the Company Portal app and enroll your macOS device in Intune?
Jamf is the one third-party solution that Microsoft advised all the organizations to look into if they are looking for more deep-level management of Mac Devices with Intune.
Learn to Troubleshoot Intune Issues
Intune troubleshooting is made easy in the MEM portal. It’s recommended to start with the “Microsoft Intune – Help and support” page in the MEM Admin center portal whenever you face any issue with Intune.
I have a post where I discussed “Start Troubleshooting Intune Policy Deployment Issues from Intune“. More details in the Video experience here.
Intune Training Playlist
Intune Training Courses
Let’s check the Microsoft learn courses Simplify device management with Microsoft Endpoint Manager & Introduction to Microsoft 365 unified endpoint management.
Learn about modern device management and the Microsoft Endpoint Manager (Intune + SCCM/ConfigMgr) and how the business management tools in Microsoft 365 can simplify the management of all your devices.
Learning objectives
Upon completion of this module, the learner will be able to:
- Explain modern device and application management concepts
- Explain the value of the Microsoft Endpoint Manager (MEM) including Microsoft Intune and ConfigMgr
- Describe how Autopilot can help streamline new device acquisition and setup
Resources
- MDT Deployment for Windows 10 OS Deployment Scenario by Jitesh Kumar HTMD Weekend
- HTMD12 SCCM Configuration Item Baseline Remediation Explained by Deepak Rai | ConfigMgr
- ConfigMgr SSRS Report Creation Process Explained by Kannan CS SQL Query Tips Tricks for Admins | Video
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…
Hello,
I would like to clarify following topics as I’m still not sure what is possible only by using SCCM and what is possible by using Autopilot.
– SCCM allows usage of customized OS deployment images assigned to users or computers
– Autopilot just customize and add domain connectivity for already installed OS or not?
I’m asking because I need to ship computers for new hired users working from day one at HO and want to know what Autopilot can do. Is it just settings configuration (language, input locale, keyboard), join the computer into AAD domain or is it capable to deploy customized OS image to the machine without need to be done in the office with corporate network connectivity.
I saw some articles for Autopilot articles which mentioned that user will power the computer, connects it to network (ethernet or WiFi) and join with AAD credentials and than Domain Controler connectivity is needed to start Autopilot enrollment process.
My question is how this can be achieved when user get standard OS deployed by manufacturer and without any VPN SW when not sitting in corporate office?
Thank you for answering and/or explaining me possible solutions.
With best regards
Martin
I think the best option with modern management is the Azure AD Joined + Autopilot scenario. With that scenario, end-users can just unbox the device and go through enrollment process without any help from IT team.
If you are looking for Hybrid Azure AD joined scenario, then it would be difficult without the VPN connection back to on-prem. More details https://www.anoopcnair.com/windows-autopilot-hybrid-domain-join-guide/