![Page 1: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/1.jpg)
WORKPLACE
Modernizing
Windows
Management
with Configuration
Manager and Intune
Kent Agerlund
Peter Daalmans
![Page 2: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/2.jpg)
WORKPLACE
Kent @Agerlund
Principal Consultant @
CTGlobal
Enterprise Mobility MVP &
Microsoft Regional Director
![Page 3: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/3.jpg)
WORKPLACE
Peter Daalmans
Senior Consultant @ CTGlobal
Enterprise Mobility MVP
@pdaalmans
![Page 4: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/4.jpg)
WORKPLACE
Session Objectives • Understand the benefits of modernizing Windows
management • Immediate benefits of extending SCCM to the
cloud
• Conditional Access for SCCM managed PCs
• Modern provisioning with Intune and AutoPilot
• And more
• Learn about what’s coming
![Page 5: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/5.jpg)
WORKPLACE
More than 115M enterprise
Windows devices managed by
Configuration Manager Current
Branch
A commercial PC is
upgraded to Win10 via
ConfigMgr every
0.98s
on average
Businesses require
powerful device
management tools
![Page 6: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/6.jpg)
WORKPLACE
Changes in technology and the workplace introduce new management challenges
Users working from anywhere
Users want to choose the technology they work with
Advanced security threats
Cadence changes for Windows and Office
Cloud infrastructure opportunities
![Page 7: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/7.jpg)
WORKPLACEComplement existing tools by lighting up cloud value
Modern Provisioning
Automated Update
Simplified App
Management
Integrated Access
Control, Security, and
Compliance
Lower
Infrastructure costs
![Page 8: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/8.jpg)
WORKPLACE
Modern Provisioning
Automated Update
Simplified App
Management
Integrated Access
Control, Security, and
Compliance
Lower
Infrastructure costs
Cloud Enlightened Management Features
• Protect corporate
data - Conditional
Access for PCs
• Make any new PC
enterprise-ready via
a simple self-service
experience.
• Simplify update
deployments with
cloud insights
• Manage Store
Applications and
convert existing
applications
• Manage clients over
the internet
• Protect against
advanced threats
• Lower TCO for
single purpose
devices
• Keep Windows up
to date from the
cloud
• Conditional Access
for SCCM managed
apps
• Azure hosted
management and
identity
• Control remote PCs
with wipe, scan, and
other commands
• Troubleshoot your
employee’s PCs
anywhere
![Page 9: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/9.jpg)
WORKPLACE
Modern Provisioning
Automated Update
Simplified App
Management
Integrated Access
Control, Security, and
Compliance
Lower
Infrastructure costs
Cloud Enlightened Management Features
• Protect corporate
data - Conditional
Access for PCs
• Make any new PC
enterprise-ready via
a simple self-service
experience.
• Simplify update
deployments with
cloud insights
• Manage Store
Applications and
convert existing
applications
• Manage clients over
the internet
• Protect against
advanced threats
• Lower TCO for
single purpose
devices
• Keep Windows up
to date from the
cloud
• Conditional Access
for SCCM managed
apps
• Azure hosted
management and
identity
• Control remote PCs
with wipe, scan, and
other commands
• Troubleshoot your
employee’s PCs
anywhere
![Page 10: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/10.jpg)
WORKPLACEWORKPLACE
Integrated Access Control,
Security, and Compliance
![Page 11: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/11.jpg)
WORKPLACE
On-premise data
Control data access
App
Mobile app is managed
Mobile app reputation
SaaS app sensitivity
Other
Network location
Breach detected
Device
Managed (Intune or CM)
Compliant
Risky behavior
User
Group memberships
Auth strength (MFA)
Risky behavior
Conditional access
with EMS
![Page 12: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/12.jpg)
WORKPLACE
Roadmap
Intelligent Security – Conditional Access
based on Device Risk signals from
Defender ATP
■Currently in public preview
![Page 13: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/13.jpg)
WORKPLACE
WDATP CONSOLE
INTUNE CONSOLE
ALERT
THREAT
DETECTED
THREAT
DETECTED
CONDITIONAL
ACCESS
CONDITIONAL ACCESS
STOP O365 ACCESS
![Page 14: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/14.jpg)
WORKPLACE
ALERTCONDITIONAL
ACCESS
WDATP CONSOLE
INTUNE CONSOLE
MALWARE
DETECTED
MALWARE
DETECTED
CONDITIONAL ACCESS
EMAIL ACCESS
SECOPS OR HEXADITE REMEDIATIONCONDITIONAL
ACCESS
THREAT
REMEDIATED
THREAT
REMEDIATED
Goal: Ensure only trusted and secure Win10 devices have access to corporate data.
![Page 15: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/15.jpg)
WORKPLACE How Microsoft Delivers Integrated Access
Control, Security, and Compliance
Protect corporate data - Conditional Access for PCs Intune, AAD, O365
Protect against advanced threats Intune, ATP
![Page 16: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/16.jpg)
WORKPLACEWORKPLACE
Modern Provisioning with
Intune and AutoPilot
![Page 17: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/17.jpg)
WORKPLACE
Traditional PC provisioning
S E T T I N G S P O L I C I E S
O F F I C E &A P P S D R I V E R S
Time
Money
+ =
![Page 18: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/18.jpg)
WORKPLACE
Modern PC provisioning
![Page 19: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/19.jpg)
WORKPLACEWORKPLACE
Vision
![Page 20: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/20.jpg)
WORKPLACE
Brad, your new Surface Laptop has arrived.
It’s time for unboxing…
![Page 21: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/21.jpg)
WORKPLACEOOBE Challenges
• Non-trivial decision making (Personal vs Org Owned disambig,
Privacy Settings, OEM Registration) generates Helpdesk calls
• Time for configs and apps to install. Block access, show progress
• OOB account is always Admin – majority of enterprises want
standard accounts on corp-owned devices
ANNA [email protected]
OEM/Reseller
Ship
Off-the-shelf and Shrink-wrapped Devices Employee unboxes device, self-deploys
Deliver direct to Employee
![Page 22: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/22.jpg)
WORKPLACE
OEM/Reseller
Harvest Device IDs
Microsoft Intune with AutoPilot
Upload
Device IDs
Configure AutoPilot Profile
Employee unboxes device, self-deploys
Ship Deliver direct to Employee
Self
Deploy
IT Admin
Existing Devices
Device IDs
WINDOWS AUTOPILOT
![Page 23: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/23.jpg)
WORKPLACE
OEM
Microsoft Intune with AutoPilot
Upload
Device IDs
Configure AutoPilot Profile
Employee unboxes device, self-deploys
Ship Deliver direct to Employee
Self
Deploy
IT Admin
Device IDs
WINDOWS AUTOPILOT
![Page 24: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/24.jpg)
WORKPLACE
OEM
Upload
Device IDs
Configure AutoPilot Profile
Employee unboxes device, self-deploys
Ship Deliver direct to Employee
Sync
IT Admin
WINDOWS AUTOPILOT
AutoPilot Service
Intune Service
Self
Deploy
Harvest Device IDs
Existing Enrolled Devices
![Page 25: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/25.jpg)
WORKPLACE
OEM support for Windows Autopilot
![Page 26: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/26.jpg)
WORKPLACEWORKPLACE
1803 aka RS4 aka build 17134
aka latest Windows 10
experience
![Page 27: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/27.jpg)
WORKPLACE
![Page 28: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/28.jpg)
WORKPLACE
United Arab Emirates
United Kingdom
United States
Let’s start with region. Is this right?
YesYesYes
![Page 29: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/29.jpg)
WORKPLACE
Is this the right keyboard layout?
US
United States-Dvorak for left hand DVORAK L
United States-Dvorak for right hand DVORAK R
United States-International QWERTY
Albanian QWERTZ
YesYesYes
![Page 30: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/30.jpg)
WORKPLACE
SkipAdd layout
Want to add a second keyboard layout?
SkipSkip
![Page 31: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/31.jpg)
WORKPLACE
Now let's get you connected to a network. That way you get updates, apps and cat videos as soon as possible. How about the first one on the list? Want to use that one?
Skip for now
Let’s connect you to a network
Network4
Contoso Corp
ContosoMNGuestWiFi
Connect
Contoso Corp 2
Connect automatically
![Page 32: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/32.jpg)
WORKPLACE
Now let's get you connected to a network. That way you get updates, apps and cat videos as soon as possible. How about the first one on the list? Want to use that one?
Skip for now
Let’s connect you to a network
Network4
Contoso Corp
ContosoMNGuestWiFi
Connect
Contoso Corp 2
Connect automatically
![Page 33: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/33.jpg)
WORKPLACE
Agree & Connect
Welcome to our Guest Wi-Fi
By clicking on the connect button you agree to our Terms
of Service and have reviewed the Contoso Privacy Policy.
![Page 34: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/34.jpg)
WORKPLACE
Agree & Connect
Welcome to our Guest Wi-Fi
By clicking on the connect button you agree to our Terms
of Service and have reviewed the Contoso Privacy Policy.
![Page 35: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/35.jpg)
WORKPLACE
Just a moment…
![Page 36: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/36.jpg)
WORKPLACE
Now we can go look for any updates
![Page 37: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/37.jpg)
WORKPLACE
Next
Welcome to ContosoMN!Enter your ContosoMN email
Change account
Need help?
Please sign in with your ContosoMN email address
Privacy & Cookies Terms of Use
![Page 38: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/38.jpg)
WORKPLACE
Next
Welcome to ContosoMN!Enter your ContosoMN email
Change account
Need help?
Welcome to ContosoMN
Privacy & Cookies Terms of Use Next
![Page 39: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/39.jpg)
WORKPLACE
Next
Welcome to ContosoMN!Enter your ContosoMN password
Change account
Need help?
Welcome to ContosoMN
Privacy & Cookies Terms of Use
……….
Next
![Page 40: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/40.jpg)
WORKPLACE
Setting up your device for workThis could take a while and your device may need to reboot.
Device setup
Device preparation Show details
Show details
![Page 41: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/41.jpg)
WORKPLACE
Setting up your device for workThis could take a while and your device may need to reboot.
Device setup
Device preparation Show details
Show details
![Page 42: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/42.jpg)
WORKPLACE
Setting up your device for workThis could take a while and your device may need to reboot.
Device setup
Device preparation Show details
Show details
![Page 43: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/43.jpg)
WORKPLACE
We’re getting everything ready for you
![Page 44: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/44.jpg)
WORKPLACE
This will just take a moment
![Page 45: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/45.jpg)
WORKPLACE
Leave everything to us
![Page 46: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/46.jpg)
WORKPLACE
Almost there
![Page 47: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/47.jpg)
WORKPLACE
Setting up your device for workThis could take a while and your device may need to reboot.
Device setup
Account setup
Device preparation Show details
Show details
Show details
![Page 48: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/48.jpg)
WORKPLACE
Setting up your device for workThis could take a while and your device may need to reboot.
Device setup
Account setup
Device preparation Show details
Show details
Show details
![Page 49: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/49.jpg)
WORKPLACE
Setting up your device for workThis could take a while and your device may need to reboot.
Device setup
Account setup
Device preparation Show details
Show details
Show details
![Page 50: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/50.jpg)
WORKPLACE
We’re getting everything ready for you.
![Page 51: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/51.jpg)
WORKPLACE
This might take several minutes.
![Page 52: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/52.jpg)
WORKPLACE
We want everything to be ready for you.
![Page 53: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/53.jpg)
WORKPLACE
Let’s Start!
![Page 54: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/54.jpg)
WORKPLACE
AutoPilot
Customize OOBE
Remove Admins
Pre-MDM Settings
Azure Active Directory
Azure AD AuthN
Azure AD Join
Intune/SCCM
Auto-enroll into Intune
Configure Policies, Settings
Install SCCM agent for Co-Mgmt
Office, SfB, WUfB
Install Office 365
SfB Apps
Configure Updates
Business Ready
Self-driven deployment
Windows Activation
Step Up from Windows Pro to
Windows Enterprise
Modern Provisioning –phases & components
![Page 55: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/55.jpg)
WORKPLACE
What’s coming• Autopilot Self-Deploying mode
• Autopilot Reset
• AutoPilot into Hybrid AADJ
• Win7 -> Win10 “rip and reuse”
• Forced enrollment
• Remove OEM bloatware
• Auto-register enrolled devices into AutoPilot
• Block personal devices
• Device renaming w/out reboot
• User personalization
![Page 56: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/56.jpg)
WORKPLACEWORKPLACE
co-management
![Page 57: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/57.jpg)
WORKPLACE Co-management requirements & Benefits
Requirements
• Devices joined to AD and
Azure AD.
• Enable automatic MDM
enrollment for Windows 10
• Intune Standalone
Out of the box benefits
• Remote actions
• Factory reset
• Selective wipe
• Delete devices
• Restart device
Controlled workloads
• Compliance policies
• Resource access policies
• Windows Update policies
• Endpoint Protection
![Page 58: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/58.jpg)
WORKPLACE Cloud Management Gateway Requirements & Benefits
Requirements• Azure subscription
• Certificate(s) depends on your choice
• Internal PKI, Public provider, AAD auth
• Install Win10 clients• AAD (and most likely AD) User
discovery
• Azure service for ConfigMgr
• Client settings
Benefits• Support for Road Warriors
• Support Windows Autopilot
Features supported• Software updates and
endpoint definition
• Inventory
• client activity
• Compliance settings
• Software distribution
• Windows 10 in-place upgrade task sequence
![Page 59: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/59.jpg)
WORKPLACE
ConfigMgr client cmdCCMSETUPCMD=
/noCRLCheck
/mp:https://VIA166CMG.CLOUDAPP.NET/CCM_Proxy_MutualA
uth/72057594037927965
CCMHTTPState=31
CCMHOSTNAME=VIA166CMG.CLOUDAPP.NET/CCM_Proxy_M
utualAuth/72057594037927965
SMSSiteCode=PS1
SMSMP=https://CM02.CORP.VIAMONSTRA.COM
AADTENANTID=5172DCF5-EEC5-4E5A-A1A6-499A0EAA9759
AADCLIENTAPPID=a0107f2f-99a6-47ef-ac36-65acb47214e7
AADRESOURCEURI=https://ConfigMgrService
• https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-prepare#command-line-to-install-configuration-manager-client
• https://docs.microsoft.com/en-us/sccm/core/clients/deploy/about-client-installation-properties
Useful SQL views• vProxy_Roles (MutualAuthPath)
• ProxyServiceName
• RoleServerName
• vSMS_AAD_Application_Ex• AppclientID
• AADRESOURCEURI
Client registry keys• Computer\HKEY_LOCAL_MACHINE\SOFTW
ARE\Microsoft\SMS\Client\Internet Facing
• Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM
![Page 60: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/60.jpg)
WORKPLACE
Co-Management Roadmap
Enable all workloads: • Device settings
• Modern Apps
• Office
• End User Portal
Settings baseline exceptions
![Page 61: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/61.jpg)
WORKPLACEDo you want to gain more
knowledge about Microsoft
technology?
The Future Ready Skills program
offers online courseware, online
labs, live Q&A’s and expert
sessions, so you can acquire
your official Microsoft Certificate
in the most efficient way.
For more information:
aka.ms/frsblog
FUTURE READY
SKILLS
![Page 62: Modernizing Windows Management with Configuration Manager ... · Intune/SCCM Auto-enroll into Intune Configure Policies, Settings Install SCCM agent for Co-Mgmt Office, SfB, WUfB](https://reader033.vdocument.in/reader033/viewer/2022050605/5fac4851767acc347642045d/html5/thumbnails/62.jpg)
WORKPLACE