Microsoft EndPoint Manager Co-Management vs Co-Existence

Technical Blog: EndPoint Manager

The BIG news from Ignite '19 for System Center Configuration Manager (SCCM), is that it’s still alive and kicking! Despite fears that it would be dropped, it’s been given a new lease of life, in its new home – Microsoft End Point Manager (MEM).

What does this mean?

With a new place on the roadmap, the core message from Microsoft is that customers should continue to use SCCM as long as it’s needed. However, there are a growing number of use-cases for enhancing Desktop environments with a cloud infrastructure. 

Which Cloud you use, is an interesting debate.  Whilst the rest of the team at Marathon take a look at Azure Arc, I want to dive a bit deeper for those interested into what Microsoft mean by co-management and co-existence with cloud services, and what that means for those managing desktop environments right now.  

Co-Management 

It’s the same with all new relationships- you like each other, but you have to ask the questions about whether you can you live together?  From what I’ve seen so far, it sounds really positive.  Essentially, co-management means that SCCM and Intune are now in constant communication and have a well-defined process of who will take responsibility for workloads to avoid conflicts; With SCCM admin-controlled settings being used to determine which management authority will drive things like compliance policies, device configuration or client apps.

So, nothing changes for SCCM fans, but co-management does have some major advantages for those committed to the Microsoft Stack.  Firstly, it’s a low risk method of piloting and then adding workloads to the Microsoft Cloud. As an example, from technical preview 1906, you can now add a number of grouped devices, as a pilot, before moving these workloads to be managed by Intune.  

The other benefit is that co-management with Intune adds further management capabilities such as Autopilot provisioning, telemetry driven policies and a range of M365 full stack management tools.  One of these tools, App Assure, has been used to unblock 52.4 million devices so far by Microsoftand significantly reduced the number of support calls you would have to make, when these issues occur in the future.

If you’ve yet to have a closer look at Intune, let me know and I’ll send you my updated review in the coming weeks.

Not a Microsoft Cloud?

In the real world, many organisations will have other Cloud providers and the idea from Microsoft is to enable co-existence, for these platforms with SCCM and other tools under the Microsoft End Point Manager portfolio.  

Having two management authorities for a single device can be challenging if not properly orchestrated between the two, so as you’d expect, you don’t get a full co-management experience from this option. The aim from Microsoft here is to ensure that you avoid conflicts between workloads that are performed in the 3rdparty cloud.  Essentially, this means putting SCCM into read-only mode, for those specific processes.  

A couple of side notes before you begin planning; You have to ensure that your SCCM and Windows 10 are version 1710 or later. It’s also good to remember that a device cannot be managed by two different MDM offerings, so you’ll need a device that has never been enrolled with Intune before.  As always, feel free to check with me on specifics, as it’s easier to deal with these issues early, before you get too far down the implementation. 

Where next?

Learn more about co-management and co-existence with Microsoft VP, Brad Anderson https://www.youtube.com/watch?v=DnmnLr2NUXk&feature=emb_logo

See it live from Ignite 19 https://www.youtube.com/watch?v=q9Bc2_eJozM&t=0s

Follow me on LinkedIn or Twitter and join the conversation

 

Share this post

About Us

Marathon Professional Services is your trusted IT solutions partner. We offer a range of services including Desktop Infrastructure Solutions and Virtualisation, and we act on a white-labelled basis as an extension of your business.