| ms.subservice | co-management |
|---|---|
| ms.topic | include |
| ms.date | 10/05/2021 |
When you're enabling co-management, you can use the Azure public cloud, Azure Government cloud, or Azure China 21Vianet cloud (added in version 2006). To enable co-management, follow these instructions:
-
In the Configuration Manager console, go to the Administration workspace, expand Cloud Services, and select the Cloud Attach node. Select Configure Cloud Attach on the ribbon to open the Cloud Attach Configuration Wizard.
For version 2103 and earlier, expand Cloud Services and select the Co-management node. Select Configure co-management on the ribbon to open the Co-management Configuration Wizard.
-
On the onboarding page of the wizard, for Azure environment, choose one of the following environments:
-
Azure public cloud
-
Azure Government cloud
-
Azure China cloud (added in version 2006)
[!NOTE] Update the Configuration Manager client to the latest version on your devices before you onboard to the Azure China cloud.
When you select the Azure China cloud or Azure Government cloud, the Upload to Microsoft Endpoint Manager admin center option for tenant attach is disabled.
-
-
Select Sign In. Sign in as a Microsoft Entra Global Administrator, and then select Next. You sign in this one time for the purposes of this wizard. The credentials aren't stored or reused elsewhere.
[!IMPORTANT] [!INCLUDE global-administrator]
-
On the Enablement page, choose the following settings:
-
Automatic enrollment in Intune: Enables automatic client enrollment in Intune for existing Configuration Manager clients. This option allows you to enable co-management on a subset of clients to initially test co-management and then roll out co-management by using a phased approach. If the user unenrolls a device, the device will be re-enrolled on the next evaluation of the policy.
- Pilot: Only the Configuration Manager clients that are members of the Intune Auto Enrollment collection are automatically enrolled in Intune.
- All: Enable automatic enrollment for all clients running supported Windows versions.
- None: Disable automatic enrollment for all clients.
-
Intune Auto Enrollment: This collection should contain all of the clients that you want to onboard into co-management. It's essentially a superset of all the other staging collections.
Automatic enrollment isn't immediate for all clients. This behavior helps enrollment scale better for large environments. Configuration Manager randomizes enrollment based on the number of clients. For example, if your environment has 100,000 clients, when you enable this setting, enrollment occurs over several days.
A new co-managed device is now automatically enrolled in the Microsoft Intune service based on its Microsoft Entra device token. It doesn't need to wait for a user to sign in to the device for automatic enrollment to start. This change helps to reduce the number of devices with the enrollment status Pending user sign in. To support this behavior, the device needs to be running supported Windows versions. For more information, see Co-management enrollment status.
If you already have devices enrolled in co-management, new devices are now enrolled immediately after they meet the prerequisites.
-
-
For internet-based devices that are already enrolled in Intune, copy and save the command on the Enablement page. You'll use this command to install the Configuration Manager client as an app in Intune for internet-based devices. If you don't save this command now, you can review the co-management configuration at any time to get this command.
[!TIP] The command appears only if you've met all of the prerequisites, such as setting up a cloud management gateway.
-
On the Workloads page, for each workload, choose which device group to move over for management with Intune. For more information, see Workloads.
If you only want to enable co-management, you don't need to switch workloads now. You can switch workloads later. For more information, see How to switch workloads.
- Pilot Intune: Switches the associated workload only for the devices in the pilot collections that you'll specify on the Staging page. Each workload can have a different pilot collection.
- Intune: Switches the associated workload for all co-managed Windows devices.
[!Important] Before you switch any workloads, make sure that you properly configure and deploy the corresponding workload in Intune. Make sure that workloads are always managed by one of the management tools for your devices.
-
On the Staging page, specify the pilot collection for each of the workloads that are set to Pilot Intune.
-
To enable co-management, complete the wizard.
