HH10 - Enable Co-Management (CoMgmt) Part 2 - ConfigMgr (SCCM/MECM) Lab Tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi everyone in this video we're going to take a look at the next step in enabling co-management we've already laid the groundwork we've configured co-management and sccm so if you missed that video check out the link at the top of the screen all we need to do now is take a look at our client and see what his co-management capabilities are at the moment okay so in the config manager applet we should see that the co-management capability of one and co-management is disabled so we're going to need to fix that we're going to need to put this computer into the right collection to enable co management for this computer over into our console we'll go over to the config manager console and just check out what we've set for the uh the co management collection pilot collection that we're using so we'll just go to uh enablement and check which collection we're using so at the moment it's set to co-manage devices so let's head over to assets and compliance and check what computers are in that collection okay there's no computers on that collection at the moment but let's grab our computers and put them in that collection so this is the one i'm going to be using lucy's computer here i'm going to right click and add to device collection from here we'll choose co-manage devices and make sure that goes into the collection correctly give that a few seconds great so that's in there now got addition one additional computer in there just one and now we'll head over to our client to see how that has an effect on the computer so in the config manager applet we'll just choose action and then machine policy retrieval to make sure that policy comes down to the computer and what we're hoping to see here is that co-management will be uh set to enabled but the co-management capabilities will stay to one because we haven't switched any workloads okay great so that co-management setting is now set to enabled but as i said capabilities are still one because we haven't enabled any capabilities just yet right let's head over into the console again and make that change so back into our co-management properties here we'll go into workloads and we'll set pilot in tune for compliance and pilot in tune for windows update policies before you press apply you must go into staging and change this setting to actually specify that the collection you want to use for this so as you can see it says to continue please select a pilot collection so let's choose this and then head over to our co manage devices section collection add that in and add that in there all good okay and before we press apply i'm to point out this section here so it says make sure your pilot devices are already enrolled into intune now we haven't got that device enrolled into intune yet because it's just been switched to pilot so it's just add its uh automatic enrollment enabled for this device so we're going to just check to see how that's going and see if it's managed to enroll itself just yet we'll do that by heading into settings windows settings and then down into accounts access work or school and okay so this this is showing me that it's enrolled into intune this info button here means that the mdm has been configured for intune and here it says managed.microsoft.com so that's that's in tune there so all good i mean it hasn't uh it hasn't finished that enrollment because there's been a problem with credentials i think i'm logged in as lab admin yes i am here so i'm logged in as lab admin rather than lucy and lucy has an intune license where his lab admin doesn't so i'm going to just log out of this device and log in as the lucy tester and see how that goes okay great logged in as lucy so head over to powershell and just check that that is definitely lucy i've logged into just prove it to you i mean and then over into settings and access work or school in the account section will show us how we're doing on the mdm enrollment it is um i've never seen it laid out like that before i mean i've this looks like it's a zero d joined and the main joint which normally is is hybrid um but i've never seen it laid out like that before let's just quickly check that everything is all right yeah i mean it's it's your id and doing joined and sort of seems fine um good if anyone in the comments wants to to mention whether they've seen this before that's that's quite interesting to me uh anyway you can see it's mdm enrolled so we will click info and it's so all looks fine to me and the synchronization worked and stuff so that's good we haven't pushed any policies to it yet so i'm not expecting much from here but just check that in this section here let me reload this that was open on the session go into the conflict manager apple again and so co-management enabled capabilities one okay so now i'm happy that this device has enrolled into intune i'm going to just go into the config manager console and configure these pilot collections to be set for co-management of compliance and windows update policies choose okay and now with that enabled what we want to do is head over to our client again i'm just going to open up cmtrace and i want to take a look at the config manager co-management handler so that will be in here command handler there just open that up take a look at what we're doing so the time on this clock is 421 and at 4 14 it changed mdm enrollment to 1 which is good so yeah that's fine so let's kick this into gear and do a machine positive retrieval so it pulls down the latest policy from the conflict manager server around co-management and so yeah thought 21 is when this has started so it's got additional policies around this so take a look at what it's saying comment on capabilities is still one i'm expecting that to change to um to i think 19 or something is what we're looking for there you go yeah 19. so it's um it's now realized that it's got some additional capabilities here so yeah 19 is what we've got and that means it's windows update and compliance i'll put a link in the description of what the different capabilities mean okay device is provisioned for co-management mdn sync has been triggered so let's take a look at the applet again reload this to get the latest information in that tab okay so co-management capabilities 19 and co-management is enabled all good i mean that's that's pretty much it just head over into configurations and see our new configurations that have been applied so pilot auto enroll is set to compliant they're all set to compliant so pilot compliance policies client windows update policies and co-management settings prod all set compliant uh master value evaluated a few minutes ago so i think yeah that's pretty much it good okay great okay so one of the workloads we moved to pilot inching was compliance so let's take a look at how that has affected our computer in the intune console in my endpoint.microsoft.com portal we're going to go to devices and then find that device that we're referring to it ended in uh 4 6 v as you can see this is not been reloaded since we made that change still says c config manager for compliance i'm hoping when i click refresh it will update it didn't so let's check uh check again still says key c company manager for compliance okay so it's still says c config manager i'm just going to check the the last check in time for this device on in tune uh okay hasn't quite checked in yet so um let's go ahead and make it do that go over to the client and then choose our sync section here sync could not be initiated okay let me give this machine a quick reboot okay so we've rebooted we're gonna head over to uh the settings section again access work for school and then just see if we can synchronize these settings okay so sync still can't be initiated here i'm just going to go over and head into the azure portal and check everything okay with the device and the user that we've got so head over into uh i'll check the user first so it's lucy so that looks all right license is looking for into oh well okay there's no license let's add in um let's add in uh in tune which is here great save that license assignment failed okay good so let's just check that we've got everything set up with this user we haven't got a usage location set so i'll need to do that you can imagine if this was a a real environment a production environment you probably have the usage location set automatically when you've done that configuration so this is my lab being an issue here i think so just tick that and save okay we've got that license now give that a few more minutes and then we'll retry the synchronization okay so after a reboot you can see i've signed in and it says sync is successful so let's take a look at the console uh devices all devices and just check so it's this okay we've got we've got two so one is the config manager device and one is co-managed with a last check in time of um local time a few minutes uh 10 minutes ago so if i just check out the config manager one and just okay so it's not found so i'm going to delete it i don't think i need it uh so i'll delete that device and then we've got the the real one here which is co-managed and take a look at that should be full of in-tune related stuff there you go so we've got a lot of um we got a lot of additional capabilities via the intune enrollment there and it's co-managed and stuff so let's take a look at the check-in time is is recently the ad script okay okay so the reason we were looking in the intune portal in the first place was to check out the compliance date because that should be pilot managed via intune so at the moment it still says see config manager we've had the in this state for maybe 15 minutes now max and if we look in the co-management section you can see that the uh the config manager agent state is healthy and the last check in time for config manager was about uh 20 minutes ago according to the to local time and the entry managed workload section is completely blank so we're going to need to wait a little while longer do a few more checking maybe a reboot to see how this is going to go on the on the console side okay so it's been about five minutes giving the machine a reboot and logged back in waited a few more minutes for the synchronizations to take place so we'll head into all devices on our endpoint manager console i've still got this um this old device that i did delete but it's still hanging around but then the new co-managed one is uh is just there still a check-in time hasn't changed but see what we say see what we see in endpoint manager so okay so compliance is now not evaluated which is better than c config manager because at least it's it's changed and our managed workloads for intune are compliance policy great and windows update for business so yeah we've we've made a change there that that makes sense so the compliance hasn't been evaluated yet let's take a quick look and that is true so the built-in device compliance policy hasn't been evaluated we haven't created a specific device compliance policy within tune yet that's part of a later video but for now this one should evaluate at the moment it hasn't so that's that's something to take a look at later on so for now let's take a quick look at this uh this device portal here so as you can see we've got the standard intune um options at the top here the standard capabilities you get from in tune looks a little bit different on the left hand side here because you have this these additional preview capabilities from co-management so we've got resource explorer client details timeline collections applications cm pivot scripts device diagnostics these are all additional capabilities because co-management is now configured within config manager we'll go into each of these in a later video because i want to keep the videos quite short to make them quite easy to digest for now that's that's pretty much all i want to go through we've enabled co-management we've configured co-management for a couple of workloads on a pilot basis within tune and we've taken a look at how that affects the client from a log perspective and then how that makes changes to the intune portal when you look at the device itself hopefully you've liked this video if you have please click the like button click subscribe and perhaps leave a comment to let me know what you think the next episode is going to cover windows update for business and enabling that on in tune managed devices and co-managed devices look out for that video on tuesday i'll see you then

Info

Channel: CloudManagement.Community

Views: 357

Rating: undefined out of 5

Keywords: CM, Co Management, Co Mgmt, Co-Management, Co-managed, CoManagement, CoMgmt, ConfigMgr, Configuration Manager, Intune, MECM, MEM, MEMCM, comanaged, microsoft intune, msintune, step by step, step-by-step, stepbystep, Training, Lab, Intune lab, sccm, system center configuration manager, MSIntune, Endpoint Manager, Endpoint, system center, hybrid, on-premise, lab, microsoft intune tutorial, sccm training, sccm tutorial, mecm training, mecm tutorial, memcm training, https, ehttp, e-http, intune training

Id: rTMZp9DGK0M

Channel Id: undefined

Length: 15min 45sec (945 seconds)

Published: Tue Jun 22 2021