How to Manage Windows 10 Devices with Co-Management Using Intune and Configuration Manager

By /
Managing Windows 10 Devices with Co-Management: Intune and Configuration Manager Integration

When managing Windows 10 devices in a hybrid environment, IT administrators often face a common challenge — maintaining control across both on-premises and cloud environments. With Microsoft System Center Configuration Manager (SCCM) and Microsoft Intune, Microsoft provides a seamless solution through co-management, allowing both platforms to manage the same device simultaneously.

In this guide, we’ll look at how to bring a new Windows 10 device (Device1) under co-management using Configuration Manager and Intune, explain why adding it to the pilot collection matters, and what happens after enrollment.

Understanding the Environment

Your network setup includes:

  • An on-premises Active Directory (AD) domain: contoso.com
  • Synchronization to Microsoft Entra ID (formerly Azure Active Directory)
  • Windows 10 devices managed by Configuration Manager (Current Branch)

You’ve already configured a pilot co-management setup — a test phase that allows selected devices to be managed by both SCCM and Intune before a full rollout. This hybrid setup gives administrators flexibility to test workloads, troubleshoot, and gradually shift to modern management.

Adding a New Device to Co-Management

Let’s say you add a new domain-joined device named Device1 and install the Configuration Manager client. At this point, Device1 is only managed by SCCM. To enable co-management, you need the device to auto-enroll into Microsoft Intune.

This is achieved through a Configuration Manager device collection — a group of devices targeted for co-management testing or rollout.

Here’s how it works:

  1. Define a Co-Management Pilot Collection
    In SCCM, you create or select a device collection to act as your pilot. This collection determines which devices are automatically enrolled in Intune for co-management.
  2. Add Device1 to the Collection
    By adding Device1 to the pilot collection, you authorize SCCM to initiate Intune auto-enrollment for that device. During this process, the Configuration Manager client communicates with Microsoft Entra ID and Intune to register the device in the cloud.
  3. Intune Enrollment Completes Automatically
    Once Device1 is successfully added, it becomes visible in both the Configuration Manager console and the Intune admin center (Microsoft Endpoint Manager). From this point on, it can receive policies, configurations, and updates from either or both platforms.

What Happens After Enrollment

Once co-management is active, Device1 is effectively managed by two authorities:

1. Configuration Manager (SCCM)

  • Manages traditional IT tasks such as application deployment, OS upgrades, and local patch management.
  • Provides deep visibility into on-premises infrastructure and hardware inventory.
  • Retains the Configuration Manager client for communication with the on-prem site server.

2. Microsoft Intune

  • Delivers cloud-based management, ideal for remote or hybrid work environments.
  • Handles compliance policies, Windows Update for Business, Endpoint Protection, and device configuration profiles.
  • Integrates tightly with Microsoft Entra Conditional Access to control resource access based on device health and compliance.

Benefits of Using a Pilot Collection

The pilot collection plays a crucial role during the transition to co-management. Instead of enabling co-management for every device immediately, administrators can:

  • Test policy conflicts and evaluate results before scaling.
  • Gradually migrate workloads such as compliance or endpoint protection.
  • Ensure minimal disruption for end users.
  • Validate communication between SCCM and Intune in real-world conditions.

This controlled deployment approach helps organizations avoid misconfigurations and ensures that the co-management setup behaves as expected.

Verifying Successful Co-Management

Once Device1 is added to the pilot collection:

  1. Open the Intune admin center and verify the device appears under Devices → Windows.
  2. Check the Co-management status in Configuration Manager — it should display as “Co-managed.”
  3. Validate that workloads (such as compliance or endpoint protection) are assigned correctly under Co-management Configuration Properties.

If all checks are successful, you can now manage Device1 using both SCCM and Intune.

Key Takeaways

  • Co-management bridges on-premises and cloud-based device management.
  • The Configuration Manager client is required for communication with SCCM.
  • Devices must be auto-enrolled in Intune to participate in co-management.
  • The pilot collection determines which devices are included in the initial phase.
  • Once configured, Device1 can receive workloads from either SCCM or Intune, offering administrators full flexibility.

Final Thoughts

Adding a new Windows 10 device like Device1 to your co-management pilot collection is a critical step in transitioning toward modern device management. It ensures that the device is automatically enrolled in Microsoft Intune while remaining under Configuration Manager supervision. This hybrid control model provides the best of both worlds — centralized on-prem management with the scalability and security of the cloud.

For a step-by-step guide on enabling co-management and configuring workloads, refer to Microsoft’s official documentation:
🔗 Enable co-management for Configuration Manager clients

LinkedInCopyPinterestRedditTelegram

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by
Scroll to Top