Allow SCCM to control MBAM after workload moved
MBAM has been integrated into SCCM really well. However, to enable tamper protection you need to co-manage devices with intune. As soon as you move the workload from SCCM to intune (device management) you lose the ability to use SCCM. This means you lose either the ability to pop up a pin dialogue in user mode or tamper protection in the Defender AV.
In this case the products become mutually exclusive. Please add an option to allow MBAM to be continued to be managed by SCCM so we can use both Tamper protection and the pin popup provided by MBAM.
I agree. Currently there is not enough granularity in the Endpoint Protection workload..
We would like to offload the vast majority of the EP workload to Intune (incl. but not limited to tamper protection functionality - which I understand is also coming to ConfigMgr in the future..). Especially for Hybrid AAD joined devices we would still like to have ConfigMgr in control of the Windows Encryption workload (e.g. MBAM functionality with key rotation, self-service and helpdesk options).