grandeduc - Fotolia


Prepare for the death of Intune's hybrid MDM

Microsoft is making some changes that could affect mobile device management with Intune. Here's how admins can stay prepared and reap the benefits of the stand-alone service.

In August 2018, Microsoft deprecated hybrid Intune mobile device management, and the company will retire the service entirely in September 2019, so admins should prepare for the upcoming changes.

Microsoft will move Intune to a new cloud-based platform in Microsoft Azure. Microsoft frequently updates Intune to improve upon the service.

All about Intune

Microsoft created the Intune service in 2011 to perform desktop management from the cloud, and it later added mobile device management (MDM) capabilities to manage Windows, Android and iOS devices.

Microsoft added the option to connect Intune with System Center Configuration Manager (SCCM), a desktop and mobile device management service, to manage mobile devices with SCCM. This configuration, known as hybrid MDM, allowed customers to automate and access advanced reporting options.

Microsoft encouraged customers to adopt the hybrid MDM approach, which was the best approach for many IT admins due to the limitations of the Intune service. For example, the stand-alone Intune service only has two access roles for admins: full access and read-only access. It also does not integrate with external tools such as PowerShell.

Admins that adopted hybrid MDM, however, often experienced a steep learning curve. Reporting and automation options for hybrid Intune are also limited.

Key features of Microsoft Intune

Benefits of stand-alone Intune

When admins move the Microsoft Intune service to the new Azure platform, there will be no need to use a hybrid MDM Intune setup. Admins can perform automation via the Microsoft Graph API and reporting via Power BI and the Microsoft Graph API.

Microsoft will move Intune to a new cloud-based platform in Microsoft Azure.

In addition, Intune on the Azure portal is more scalable and supports more mobile devices than the hybrid Intune service.

With this cloud-based service, Microsoft can adopt new features more quickly to stay competitive. For example, Microsoft can support new device models at the time of their release. Typically, admins don't need to upgrade the service to take advantage of the support.

How to migrate to stand-alone Intune

Admins need to follow these steps to migrate to the stand-alone Intune service:

  1. Review all the collections used for hybrid Intune and ensure that all the groups are synchronized to Azure Active Directory.
  2. Import SCCM data in Intune with the Data Importer tool.
  3. Prepare Intune for the migration by checking the objects and assignments that you will migrate, such as the Network Device Enrollment Service.
  4. Assign Intune licenses to the users that need to migrate. Hybrid Intune assigns licenses by default via SCCM.
  5. Change the MDM authority to Microsoft Intune.
  6. Remove the MDM assets in SCCM.

Is SCCM going away?

Microsoft stated that SCCM will be available as long as customers require it. Every year, Microsoft releases three current branch versions and 11 technical previews of SCCM.

SCCM uses a cloud-attach approach. For example, Microsoft offers co-management for Windows 10 devices with both Intune and SCCM.

To be able to use co-management, admins must remove hybrid Intune because co-management does not support Intune tenants that have their MDM authority set to Configuration Manager.

Dig Deeper on Mobile management

Unified Communications