How can I enable co-management in System Center Configuration Manager


Microsoft has just released System Center Configuration Manager Technical Preview 1709, and that Technical Preview release allows you to configure co-management. Microsoft announced co-management at Microsoft Ignite (September 2017) and now with this release you can begin testing that scenario (however you still need the yet to be released Windows 10 Fall creators update edition, aka Windows 10 version 1709), so for now you’ll need to test with a Windows Insider preview release.

But what is co-management ? according to Microsoft it is…

Co-management is a solution where Windows 10 devices can be concurrently managed by Configuration Manager and Intune, as well as joined to Active Directory (AD) and Azure Active Directory (Azure AD) to provide a way for you to modernize over time. It’s a solution to provide a bridge from traditional to modern management and provides you with a path to make the transition using a phased approach.

The graphic below shows you that scenario.


The following are general prerequisites for you to enable co-management:

Additional prerequisites for existing Configuration Manager clients

  • Windows 10, version 1709 (Fall Creators Update) and later
  • Hybrid Azure AD joined (joined to AD and Azure AD)

Additional prerequisites for new Windows 10 devices

Create some collections

In SCCM Assets and Compliance, select Device Collections and create a device collection, called Pilot co-managed devices, and alternatively one called Production co-managed devices, populate them with some devices.

Enabling co-management

To configure Co-Management, select Administration, Cloud Services, and click on Co-Management. Enter the credentials of your Standalone MDM Intune tenant and click Sign In.

Create a Pilot co-management policy

To being with, you’ll want to do a Pilot configuration of Co-Management.

Select your Pilot group of co-managed devices by clicking on Browse and selecting the Pilot co-managed devices collection created above.

On the Configure Enablement screen, set the drop down to Pilot

Click on Copy to copy that line of text

The text will be something like this:


You can use that to create your Intune app to install the ConfigMgr client agent.

Next, you can configure the workloads (on or off, there is no middle ground here)

and continue the wizard through to completion.

Create a Production co-management policy

After creating the above policy, and once you’ve completed your pilot, create a new  Production policy (Pilot will be greyed out).

Now, the drop down can choose All (or none).

and again configure workloads…

The created policies are shown here.

Recommended reading

To get more info about this topic, please review the following blog posts from Microsoft.

This entry was posted in 1709, co-management. Bookmark the permalink.

One Response to How can I enable co-management in System Center Configuration Manager

  1. rkast says:

    I have a question I hope you can answer. If we have on-prem AD joined Windows 10 device and have setup co-management do we have to configure (1) “hybrid Azure Active Directory joined devices” or (2) configure the GPO “Enroll a Windows 10 device automatically using Group Policy” or (3) does the ConfigMgr client do this and registers the device?

    Secondly when we have on-prem AD joined Windows 10 device and have setup full co-management with client management gateway and cloud distribution point, and the device is off network for more than 30 days does the computer account/password expire or is this mitigated by the management gateway/internet facing?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.