Microsoft’s approach to modern endpoint management combines the capabilities of Endpoint Configuration Manager (formerly known as System Center Configuration Manager) with the cloud power of Intune. This hybrid model, known as co-management, allows you to leverage the best of both tools for your organization’s needs.

Table of Contents

Understanding Co-Management

Co-management is a technology that allows organizations to manage Windows 10-based devices through both Endpoint Configuration Manager and Microsoft Intune concurrently. With more and more organizations leveraging cloud services, co-management provides a bridge enabling organizations to smoothly transition their managed Windows 10 devices from on-premises management (with Endpoint Config Manager) to cloud management (with Intune).

Co-management in Microsoft 365 Mobility and Security brings together the best of Endpoint Config Manager and Intune’s capabilities, offering flexibility to choose which workloads to move to Intune, while keeping some on Configuration Manager. This balance is hugely beneficial, allowing a gradual transition to Intune and the cloud.

Workloads in Co-Management

A workload is a management task in Endpoint Configuration Manager like managing apps or deploying software updates. When you enable co-management, you can choose which of these workloads should be managed by Intune. The available workloads for co-management include:

  1. Compliance policies
  2. Windows Update policies
  3. Resource access policies
  4. Endpoint Protection
  5. Device configuration
  6. Office Click-to-Run apps

Once a workload is moved to Intune, Configuration Manager stops evaluating those policies for Windows 10 devices which are co-managed.

Co-Management Implementation Steps

Implementing co-management in your organization typically involves the following steps:

  1. Enable co-management in Configuration Manager: This involves configuring your environment, which includes Configuration Manager and Intune, as well as incorporating prerequisites such as Azure AD and Windows 10 devices.
  2. Configure co-management settings: Here, you specify the Configuration Manager workloads to be managed by Intune, this is also the stage where you assign pilot collections.
  3. Monitor co-management: Finally, you must set up mechanisms to audit and monitor your co-management set-up.

Co-Management Benefits

Transitioning to co-management offers several benefits:

  1. Flexibility: You can decide when and how to transition workloads while maintaining existing processes.
  2. Insight with Analytics: You can use Desktop Analytics to create an inventory of apps running in your organization, assess app compatibility with the latest Windows 10 feature updates, and create pilot groups that represent the entire application.
  3. Conditional Access Control: While the Endpoint Configuration Manager does provide compliance policies, co-management allows you to leverage Azure Active Directory and Intune’s ability to provide real-time compliance assessment and conditional access.
  4. Modern Provisioning with Windows Autopilot: With Intune and co-management, you can use Windows Autopilot to reset, repurpose, and recover devices.

To study and prepare for the MS-101 Microsoft 365 Mobility and Security exam, understanding co-management is crucial. Practical familiarity with transitioning workloads, implementing and monitoring co-management could directly benefits you and your organization.

Remember, the goal of co-management is to provide a pathway to shift towards a more cloud-oriented management approach – at your own pace, and that’s where it delivers. As you plan your transition from traditional on-premises management to cloud-based control, co-management can essentially give you the best of both worlds.

Practice Test

True or False: Co-management in Endpoint Configuration Manager allows you to simultaneously manage Windows 10 devices with both Endpoint Configuration Manager and Intune.

  • True
  • False

Answer: True

Explanation: Co-management indeed leverages both Endpoint Configuration Manager and Intune to simultaneously manage Windows 10 devices, providing the benefits of both solutions.

In a co-management setup, you must first enroll your device into Intune and then install the Configuration Manager agent.

  • True
  • False

Answer: False

Explanation: Typically, the device is first managed by Configuration Manager and subsequently enrolled into Intune.

Which of the following workloads can be managed by co-management? (Multi-select)

  • A. Windows Update policies
  • B. Resource access policies
  • C. Endpoint protection
  • D. Office Click-to-Run apps

Answer: A, B, C, D

Explanation: All of these workloads can simultaneously be managed by co-management in Endpoint Configuration Manager and Intune.

Intune and Configuration Manager are always required for co-management to function.

  • True
  • False

Answer: False

Explanation: Though Intune and Configuration Manager commonly function together in co-management, there are conditions under which you might use Intune alone, such as with Azure AD-joined devices.

True or False: You can transition multiple workloads to Intune at once when using co-management.

  • True
  • False

Answer: True

Explanation: You can indeed transition multiple workloads to Intune simultaneously in a co-management scenario.

Co-Management is only possible if the Windows 10 devices are in Azure Active Directory.

  • True
  • False

Answer: True

Explanation: Co-Management requires devices to be registered or joined to Azure Active Directory.

In which of the following scenarios would you choose to manage a workload with Endpoint Configuration Manager?

  • A. When the workload is only compatible with Configuration Manager.
  • B. When Intune doesn’t support the workload.
  • C. Because of licensing limitations.

Answer: A, B, C

Explanation: All these situations may necessitate workload management with Endpoint Configuration Manager.

The Pilot Intune is used for testing before moving the production workload to Intune.

  • True
  • False

Answer: True

Explanation: The Pilot Intune phase is indeed meant for testing and troubleshooting before full-scale production workload transition to Intune.

Co-management is supported on which operating systems?

  • A. Windows 7 and later
  • B. Windows 10 and later
  • C. Windows 1 and later

Answer: B

Explanation: Co-management only supports Windows 10 and later.

Can you use co-management to manage mobile devices?

  • True
  • False

Answer: False

Explanation: Co-management is specifically designed for managing Windows 10 devices. Mobile devices are managed through other solutions.

Endpoint Configuration Manager and Intune provide a built-in way to monitor co-management deployment.

  • True
  • False

Answer: True

Explanation: Both Endpoint Configuration Manager and Intune offer built-in dashboards that allow you to monitor the deployment and status of co-managed devices.

Intune enrollment is not a prerequisite for co-management.

  • True
  • False

Answer: False

Explanation: For a device to be co-managed, it must be enrolled into Intune and managed by Configuration Manager.

If a workload is managed by both Configuration Manager and Intune, Intune policies have priority.

  • True
  • False

Answer: True

Explanation: In case of policy conflict in co-management, Intune policies have precedence over Configuration Manager policies.

Co-management requires SCCM to be at least version

  • True
  • False

Answer: True

Explanation: To enable Co-management in SCCM, it has to be at least version 1710 or later.

Co-management enables you to cloud-attach your existing investment in Endpoint Configuration Manager.

  • True
  • False

Answer: True

Explanation: Co-management is a way to cloud-attach your on-premises Configuration Manager infrastructure and manage devices through the Configuration Manager and Microsoft Intune.

Interview Questions

1. What is co-management in the context of Microsoft Endpoint Configuration Manager and Intune?

Co-management is a feature in Microsoft 365 that enables organizations to concurrently manage Windows 10 devices by using both Configuration Manager and Intune.

2. What are the benefits of implementing co-management between Endpoint Configuration Manager and Intune?

Some benefits of co-management include a simplified management experience, improved security, and the ability to leverage the strengths of both Configuration Manager and Intune.

3. How does co-management help in transitioning from Configuration Manager to Intune?

Co-management allows organizations to gradually transition workloads from Configuration Manager to Intune, enabling a smooth and controlled migration process.

4. What are the system requirements for implementing co-management between Endpoint Configuration Manager and Intune?

In order to enable co-management, organizations must have devices running Windows 10, version 1709 or later, with Azure AD joined or hybrid Azure AD joined.

5. What is required from a licensing perspective to utilize co-management between Endpoint Configuration Manager and Intune?

To use co-management, organizations must have the appropriate licensing for Microsoft 365, which includes licenses for Configuration Manager and Intune.

6. How does Endpoint Configuration Manager work in tandem with Intune in a co-management scenario?

In a co-management scenario, Endpoint Configuration Manager and Intune work together to manage device configurations, applications, and compliance policies, providing a comprehensive management solution.

7. What is the role of Intune in a co-management setup?

Intune plays a significant role in a co-management setup by providing cloud-based management capabilities such as device compliance, conditional access, and application deployment.

8. How does co-management handle policy conflicts between Endpoint Configuration Manager and Intune?

Policy conflicts in a co-management scenario are resolved based on the workload priority settings configured by the organization, ensuring that policies are applied consistently across devices.

9. Can organizations switch workloads between Endpoint Configuration Manager and Intune in a co-management setup?

Yes, organizations can switch workloads between Configuration Manager and Intune based on their requirements and priorities, allowing for flexibility in management strategies.

10. How does co-management improve device security in an organization?

Co-management enhances device security by enabling organizations to enforce compliance policies, manage updates, and monitor device health more effectively through a unified management approach.

Leave a Reply

Your email address will not be published. Required fields are marked *