A way to Modern device management: why should you use co-management with Microsoft Intune?


When it comes to managing devices, many IT professionals still prefer the traditional on-premises approach. This involves a corporate-owned device, which is issued to the employees, and only these are permitted to join the corporate network for access to corporate applications.


But today there are more and more companies that are opting for adopting the modern device strategy – a Microsoft-invented term that describes cloud-based device management. One of the biggest triggers for this switch is remote work. Many organizations adopted the BYOD policy because employees want to perform their tasks at home. This trend requires additional actions to ensure the security of the company data on these devices. FYI, regardless of the company’s official "bring your own device" policy, 67% of people use their devices for work purposes. As a result of all these trends, modern device management solutions are quickly becoming the norm.


In this blog, we’re going to discuss modern management, co-management and what is its role in the modern device management strategy.


What is Modern Management?

Microsoft introduced the concept of modern device management to describe the shift from traditional on-premises infrastructure to modern cloud device management. With modern management, devices are managed in a consistent and unified way with a focus on the security of endpoints. The “modern” element of this strategy basically means “cloud-based”. And Modern management is Microsoft’s vision for the future of device management. With modern management, Microsoft wants to turn every endpoint into a modern, always up to date and secure device.


Companies have been slowly moving to the cloud implementing a modern management strategy: based on Microsoft data, by the end of 2022, 50 per cent of Windows 10 devices will be managed from the Cloud.


What is co-management and why do you need it?

Moving from traditional to modern management is not a quick journey - it’s a long and complex process. For this reason, Microsoft introduced co-management as a bridge between traditional and modern management. Co-management allows users to manage their endpoints using both ConfigMgr and Intune.



Co-management enables organizations to benefit from the features and capabilities of Microsoft’s cloud solution while allowing each to move at their own pace to modern management. When you enroll Configuration Manager-managed endpoints in co-management, you gain the following immediate value:

  • Conditional access with device compliance - if a device meets the security requirements of your organization

  • Intune-based remote actions, for example, restart, remote control, or factory reset

  • Centralized visibility of device health

  • Link users, devices, and apps with Azure Active Directory (Azure AD)

  • Modern provisioning with Windows Autopilot.

With co-management, you can determine which workloads can be moved from traditional to modern management. ConfigMgr provides a simple interface to slide over workloads to modern management for:

  • Compliance policies

  • Resource access policies

  • Windows Updates policies

  • Endpoint Protection

  • Device configuration

  • Office Click-to-Run apps

  • Client apps

To be able to take advantage of co-management you need to follow these requirements:

  • ConfigMgr 1710 or later

  • Windows 10 version 1709 (Fall Creators Update) or later

  • Azure AD Premium (with clients joined to both AD and AAD)

  • Intune subscription (MDM authority in Intune set to Intune).

Read more about how to get started with Microsoft Intune in this blog series.


Never miss an update on Scappman