SCCM Intune Hybrid to Standalone Guide Pt 1

Dujon Walsham • 11 June 2019

Guide on how to transition before 1st September 2019

Deprecation of Hybrid MDM

The current and most common configuration at the moment is utilizing SCCM with Intune in a hybrid configuration. This usually depends the following

  • User Collection Mapping to Intune Subscription
  • Compliance Profiles within SCCM (Certificate, VPN, Wi-Fi, Email Profiles and SCEP Profiles)
These are then synchronized into the Device Management of Intune in which policies such as conditional access and enrollment policies can be applied to. As both platforms share configuration policies this is the Intune hybrid (Hybrid MDM) setup.

From 1st September 2019 this has been deprecated to only use Intune Standalone.

In the later versions of SCCM you will see that even though the Microsoft Intune Subscription option is still there, it will provide you with a warning.

Logging into your Device Management or Azure portal you should also be able to see your current MDM authority listed as SCCM.

Import SCCM Data into Intune

One of the first tasks which will need to be done during the transition is to migrate the policies over which are held in SCCM and add them to Intune.

You can choose to do this manually, but another autonomous way is to use the Intune Importer tool which can be obtained from GitHub
https://github.com/ConfigMgrTools/Intune-Data-Importer/releases/tag/1.2.4

You should be able to see a list of your policies in Assets and Compliance - Company Resource Access


All Profiles once migrated will go to the Device Configuration - Profiles section of your Device Management console portal

These need to be imported into Intune, and can be done using the import tool.

1.Run the Intune Importer Tool

2. Import your hybrid Configuration Manager data into Microsoft Intune – Click next

3. Overview: New to the Microsoft Intune Data Importer? - Click next

4. Select Data from Configuration Manager – Type in the FQDN of your site server and Site Code, Here you can select which items to import. I would do each one individually so that you can have better management on what to import

5. Collect Data – You should then see a progress bar of the discovery of your choices of objects to collect

6. Configuration items: Select configuration items to import – It will show you a list of all of the objects which you can and cannot import into Intune. For ones which you can’t you can create them manually at a later time. Click next.

7. Summary – Click next to perform the import.

8. Sign in to Intune – Click the “Sign in to Intune” button and enter your credentials. If you cannot sign in then you can click export so you can import directly into Intune at a later time.

9. Progress – You should see the progress of the import into Intune.

10. Completion - Click close to finish

Objects That Failed to Import

Configuration Items - There are some MDM policies which are not listed within Intune, so some objects may have to be recreated again in Intune.

 Certificate Profiles - You may get a notification if using Certificate profiles for Endpoint Protection stating after this certificate profile is imported to Intune, you must update the NDES URL in the certificate profile to specify the URL of the NDES server by Intune priority. In these cases you may need to setup an NDES server for them
Certificate Profiles - If using Subject Alternative Names, these are not supported in Intune and they won't be able to be imported.

Microsoft Endpoint Manager: In-Place Upgrade or Side by Side Part 4 - SQL Server Requirement Analysis

by D Walsham 13 December 2021
Looking through the current SQL Server topology and how it affects our decision

Microsoft Endpoint Manager: In-Place Upgrade or Side by Side Part 3 - Current Branch Upgrade Approaches

by D Walsham 19 November 2021
Impact of Current Branch Upgrades

Microsoft Endpoint Manager: In-Place Upgrade or Side by Side - Part 2 - Operating System Considerations

by D Walsham 29 October 2021
Introduction

Microsoft Endpoint Manager: In-Place Upgrade or Side by Side

by D Walsham 7 October 2021
Introduction

Endpoint Manager: Device Estate Cleanup

by D Walsham 6 October 2021
Introduction

Modern Workplace Management: Creating Applications Common Practices - LOB vs Win32 Package

by D Walsham 3 September 2021
Introduction

Modern Workplace Management: Build Endpoints Without SCCM Part 6

by D Walsham 12 August 2021
All the parts of the series we went into great detail about how we analyse an end to end solution and how we would design a solution in which would allow us to build endpoints without SCCM being a dependency. Whilst we did this, there is another scenario which we have not touched on yet, which is the hybrid scenarios. In a perfect world ideally you would have your Azure Active Directory within the cloud, every machine meets the recommended requirements for Windows 10, everything is imported into Intune/Autopilot and everyone is happy. But we know this isn't realistic in all cases. Many organisations cannot just simply up and go from on-premise into the cloud therefore the checkpoint here is of course getting into hybrid solutions such as; Co-Management Between Intune and SCCM Hybrid AD with Azure AD and On-Premise AD syncing together These things can play a very interesting part in how you would tackle this if you envisage the next step in the blueprint is to be in a position in which you can build and manage endpoints soley within Intune. With this final part of the series we will go in-depth in how the common hybrid setups look like and how we go about moving into the next step of being able to manage and build devices without SCCM.

Modern Workplace Management: Build Endpoints without SCCM Part 5

by D Walsham 29 July 2021
In continuation from the previous part where we had discussed how we create the "on site" piece of the solution, this was the part which would allow us to get our endpoints into a state in which they would essentially be ready to go through the Autopilot process. Which leaves our next piece of the puzzle, to begin the configuration of the actual backend side that resides within our Endpoint Management console. And you will see how everything ties up together to satisfy the full end to end process of getting an unknown (or known) device to proceed thorough the whole workflow to be finally managed by Intune without the aid of SCCM taking part in any of the prerequisites or preparation at hand.

Modern Workplace Management: Build Endpoints without SCCM Part 4

by D Walsham 15 July 2021
In this part we are now going to look into the technical step by step points on how we put everything together. In the previous part we spoke about the structure of how we would asses whether a machine was actually ready to be built with Autopilot or not with a build checklist process which would step through all areas which would cover an endpoints eligibility. Now with everything planned out we finally want to step into making things reality by putting everything together.

Endpoint Manager: Find machines not in Autopilot

by D Walsham 2 July 2021
When it comes to managing your endpoints in endpoint manager, one of the things you may be looking to do is to get all of your Intune registered machines to also be enrolled as Autopilot devices. Now we can of course just have the deployment profile deployed to all machines and then hit the "Convert targeted machines to autopilot" but this might not necessarily be feasible for every client. We may want to perform some due diligence first so we can at least understand what devices in Intune are not in Autopilot.
Show More