Hybrid MDM support is deprecated in SCCM. Details of this deprication is here:
If you are a Hybrid customer, Microsoft is very happy to work with you to make your migration to Intune seamless/painless. Please reach out to Microsoft support.
While Hybrid support for MDM is going away, SCCM will innovate together with Intune, and will continue to grow closer together. More capabilities and better together scenarios will be coming soon.292 votes
We want to use Conditional Access to Exchange on-premises for Intune managed devices and SCCM managed devices as well. Conditional Access with Intune managed devices works. But for a SCCM managed devices ActiveSync registrations are blocked when users want to use the Mail app on Windows 8.1 managed devices. We are looking for a solution that Conditional Access does not block ActiveSync registrations from SCCM managed devices as well. In our opinion Conditional Access should only block unmanaged devices and allow SCCM and Intune managed devices.139 votescompleted · Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This is in 1606 production
Remote-wipe feature for Windows 10 desktop managed by SCCM agent (SCCM agent / Intune MDM dual management)
Currently, it is not supported to remote-wipe Windows 10 desktop managed by SCCM agent.
Intune MDM have ability to remote-wipe Windows 10 desktop, but Intune MDM and SCCM agent dual management is not supported.
We really need supported option to remote-wipe Windows 10 managed by SCCM agent like Intune MDM and SCCM agent dual management option.133 votescompleted · Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This can now be done in #ConfigMgr 1710 with Intune and co-management.
It would be great if SCCM On Premise MDM would support Windows 10 Devices for scenarios such as settings, required application deployment, wipe and retire.64 votes
Android for Work has been actively integrated in to the web Intune Portal, I have not heard when this would make its way to the Hybrid SCCM instance so wanted to push this to uservoice since this will be very helpful in all with hybrid deployments. We are primarily iOS but having this functionality could allow companies to standardize on iOS or android devices with OS 6.0 or higher to support the work profile. Utilizing Intune with SCCM allows infinite customizability and the use of dynamically changing queries, along with multiple domains in my environment is critical in order for ease of operation along with anyone else that may be built off multiple acquisitions.
Android for Work has been actively integrated in to the web Intune Portal, I have not heard when this would make its way to the Hybrid SCCM instance so wanted to push this to uservoice since this will be very helpful in all with hybrid deployments. We are primarily iOS but having this functionality could allow companies to standardize on iOS or android devices with OS 6.0 or higher to support the work profile. Utilizing Intune with SCCM allows infinite customizability and the use of dynamically changing queries, along with multiple domains in my environment is critical in order for…33 votescompleted · Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This functionality is released with ConfigMgr 1702.
Please add more, or ALL iOS compliance policies to the SCCM console. It seems that users running in Hybrid can only deploy a fraction of the iOS restrictions/compliance options.
For example, I am unable to find any of the "Supervised Mode" compliance policies like "Allow Account Modification" in the SCCM console.
We’ve added all the IOS settings in Intune StandAlone into ConfigMgr Hybrid, in ConfigMgr 1702.
Currently, only retirement/partial wipe is supported for an Intune enrolled Windows 10 Desktop device when Intune is in a hybrid implementation with Config Manager ('Current Branch' 1602 in my testing).
In Intune standalone, full wipe is supported on Windows 10 Desktop. I'd like to request this feature makes its way to Intune Hybrid.15 votes
Good news — this functionality has been delivered in the 1606 current branch release. However, you should ensure that the device(s) you intend to wipe have at least 4GB of RAM. See this release note for more information: https://technet.microsoft.com/library/mt592024.aspx#full-wipe-disables-windows-10-devices-with-less-than-4-gb-ram
Within ConfigMgr 1606 the ability to predeclare devices was added, allowing you to import single or multiple 'company' mobile assets. Only full site admins can perform this action, this needs to be enabled as a security role or permission allowing non full site admins to complete the task.15 votes
We added permissions for the entire Corporate-owned Devices node — including Predeclared Devices — for the Asset Manager and Company Resource Access Manager roles back in the Configuration Manager 1610 Technical Preview as described here: https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1610#additional-security-role-support
We did roll this change into the Configuration Manager 1610 current branch release as well.
Does this meet your needs?
To leverage stand alone intune in custom application , it would be nice to have REST API available for Intune14 votes
This is underway. Look here for details on how to use Graph API w/ Intune:
Migration path to change authority from CM to Intune without user interruption. This is documented as a feature to be released in 1610, but has not been released.4 votes
In the console you can currently force a policy update for a Windows computer. I would like this option to be available for mobile devices.3 votes
possible for comanaged devices.
Device enrollment managers have been supported in hybrid environments since the first Configuration Manager current branch release (1511). See the documentation here: https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/enroll-devices-with-device-enrollment-manager
States in 1610 this will be a feature. Is there an update? Thank you.1 vote
Currently you can only push email profiles to andriod handsets that are knox 4.0 + capable, when in a hybrid SCCM/InTune. Having the ability to push email profiles to other andriod handsets like the new "Andriod for Work" would be great.1 vote
We added Android for Work support in Configuration Manager 1702 current branch, so you should be able to do this for Android devices that support work profiles. However, you will need to re-enroll your Android devices as Android for Work if you choose to do this.
Currently in Intune Standalone it is possible to create an external link and enable the option "Require a managed browser to open this link (Android and iOS only)". For the hybrid SCCM/Intune it is not possible yet. This feature would be nice to add to hybrid SCCM/Intune1 vote
You actually can force web apps to open in the Intune Managed Browser. There’s no checkbox in the SCCM console, but changing the protocol of the web app’s URL from “http” to “http-intunemam” or from “https” to “https-intunemam” prevents it from being opened in a non-managed browser.
This has been documented here, right near the bottom: https://technet.microsoft.com/en-us/library/mt629356.aspx
disable the web browser is possible in intune stand alone but it is not supported in hybrid. it should be supported. the gap between intune stand alone and hybrid for android management is too wide and should be closed0 votes
This setting was added in Configuration Manager current branch 1610, along with about 20 other Android settings we added in order to close the gap (or at least get really close).
- Don't see your idea?