Introduction
With the release of Configuration Manager 1710, Microsoft now supports co-management, so Windows 10 clients can be managed by both SCCM and Intune at the same time.
There are a few pre-requirements that need to be completed if you want to use co-management, and the most important one is that you need have your MDM authority in Intune set to Intune.
The following are general prerequisites for you to enable co-management:
- Configuration Manager version 1710 or later
- Azure AD
- EMS or Intune license for all users
- Azure AD automatic enrollment enabled
- Intune subscription (MDM authority in Intune set to Intune)
See all the requirements here: https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-overview
Some customers might have “user less devices” that needs to be migrated, and this blog post will explain how to migrate these devices without user affinity, from being manage by Intune hybrid scenario, to Intune standalone.
Migrate devices without user affinity
Devices enrolled by using a device enrollment manager and devices without user affinity are not automatically migrated to the new MDM authority. To solve this, Microsoft has released a new PowerShell Cmdlet (Switch-MdmDeviceAuthority), that you can use to switch between Configuration Manager and Intune management authority.
Import the module
The Switch-MdmDeviceAuthority Powershell Cmdlet is part of the Microsoft Intune Data Importer v1.1, that can be downloaded from github:
https://github.com/ConfigMgrTools/Intune-Data-Importer/releases
Download the self-extracting, import the Cmdlet by running the following command to import the new module (Make sure you download the latest version, otherwise you won’t have this module available):
Import-Module .\MicrosoftIntuneDataImporter.Commands.dll
Get the Device ID
When you run the PowerShell Cmdlet, you need to use the SMSID (Device ID) as the device identifier. You can get the Device ID in the SCCM Console, or by running the following PowerShell command:
Get-CMDevice -Name <Name of the device> | Select Name, SMSID
Switch MDM Authority for the Device
The cmdlet switches the management authority of MDM devices without user affinity (For example, bulk-enrolled devices). The cmdlet switches between Intune and Configuration Manager management authorities for the specified devices based on their management authorities when you run the cmdlet.
Switch-MdmDeviceAuthority -DeviceIds $deviceId
You can verify that the Device has been successfully migrated by checking in the Intune Portal. Notice that since this is a user less device you don’t have a user assigned to the device.
More Information
- Migrate devices without user affinity: https://docs.microsoft.com/da-dk/sccm/mdm/deploy-use/migrate-mixed-authority#migrate-devices-without-user-affinity
- Microsoft Intune Data Importer: https://github.com/ConfigMgrTools/Intune-Data-Importer/releases
- Co-management for Windows 10 devices: https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-overview
/Enjoy
1 Comment
Hi Ronni Pedersen,
Thank you very much for the great tutorial. Unfortunately the Microsoft Intune Data Importer is no more available to use. What are the alternative ways in 2024 to Switch MDM Authority for the Device?
Your kind reply will be highly appreciated.
Thanks in advance.