The end of hybrid Intune MDM and what IT needs to know
Some Microsoft Intune admins are unsure of what to do after the death of Intune hybrid MDM. IT should consider Azure or other MDM platforms to maintain key functions.
For years, Microsoft offered a hybrid mobile device management option; but as the company arranges to retire the service, IT should prepare for a succession plan.
Microsoft's hybrid mobile device management (MDM) allows IT professionals to connect Intune, a cloud-based enterprise mobility management tool, and System Center Configuration Manager (SCCM), a mobile device and desktop management service. SCCM plugged holes in some of Intune's shortcomings, such as its insufficient automation, limited access roles for administrators and lack of integration with tools such as PowerShell.
In August 2018, however, Microsoft said it would start deprecating hybrid Intune MDM and permanently end the service in September 2019. Microsoft cited the rising use of Microsoft Azure, a public cloud platform that provides a more feature-rich version of Intune, as its reason for retiring the tool.
What does IT need to do?
Organizations that need to migrate from hybrid Intune MDM have a few options to accomplish this while maintaining MDM functions.
IT professionals can opt to keep using this tool by switching to Azure's portal for Intune, a capability that Microsoft first released in June 2017. Microsoft made Azure's Intune more scalable and added some of the features missing from traditional Intune, such as automation, support for certain mobile devices and improved compliance reporting. Intune for Azure also benefits from being hosted on a cloud platform, as Microsoft can quickly release support for new devices and other features.
Organizations that want to switch over to Intune on Azure must take a few steps to ensure this transition goes smoothly. IT should ensure that all of its groups are synchronized with Azure Active Directory, should import SCCM's data with Microsoft's Data Importer tool, and should select the required objects and assignments to migrate. IT pros can then assign Intune licenses, change the MDM authority to Microsoft Intune for Azure and remove any MDM assets remaining in SCCM.
Intune for Azure also benefits from being hosted on a cloud platform, as Microsoft can quickly release support for new devices and other features.
If an organization isn't interested in using Microsoft Azure for Intune MDM, it can look to other vendors to replace Intune's hybrid MDM capabilities.
VMware, for example, offers Workspace One Unified Endpoint Management, a rebranding of AirWatch for MDM utilities. IT can deploy micro-VPNs for mobile users; deploy security policies, such as pin enforcement; and manage the OS, applications and Wi-Fi settings. IT pros must keep in mind that this tool is still a cloud-based platform, so if they want to leave Intune behind because it's on a public cloud, they would need to use VMware Unified Endpoint Management's on-premises option.
Organizations should also consider Citrix Endpoint Management, formerly XenMobile, for MDM, though it also runs on a cloud platform, Citrix Cloud. With Endpoint Management, IT can deploy policies that are specific to different device manufacturers and perform other key management functions, such as device-wide encryption and automatic device wipes or locks. Citrix offers flexible licensing on a per-user or per-device basis.
If an organization wants to continue to use Intune after hybrid Intune MDM retires, IT professionals must transition to Azure's Intune. The work doesn't stop there, however, because Microsoft's Intune service is constantly evolving.
Microsoft provides IT with a guide to keep track of the latest features, new management utilities, support for new devices and more. Microsoft updates the page with any new updates the week they come out, details the reasons for each of the new features and utilities, and includes step-by-step explanations of how to enable them. Intune MDM administrators should track this page to stay up to date.
For instance, Intune now supports fully managed Google Android devices. With this method, each user receives a corporate-owned device so IT can enforce whatever policies they need. The tool also includes new device reporting fields, renaming of old configurations and new notification settings.
