Managing Windows devices has never been straightforward. As organizations transition from on-premise infrastructures to modern cloud-based solutions, IT admins face a crucial challenge—how to manage modern Windows devices via both on-prem agent based and modern CSP policies.
Microsoft’s Co-management for Windows attempts to bridge this gap, allowing organizations to manage devices using both Configuration Manager (SCCM) and Intune. While this hybrid model offers flexibility, it also introduces some complexities.
For IT teams looking for a truly seamless co-management experience, these limitations raise an important question: Is there a better way to unify Windows device management?
Yes, ‘Co-Management’. But what is it?’
Let’s understand the concept of ‘Co-management’, and explore the challenges of Microsoft’s Co-management model and learn Scalefusion’s take on Co-management.
What is Co-Management for Windows?
Microsoft defines Co-management as the bridge between traditional on-premise management (via Microsoft Configuration Manager, formerly SCCM) and modern cloud-based management (via Microsoft Intune). It allows IT admins to simultaneously manage Windows 10 and later devices using both Configuration Manager and Intune, enabling a phased transition to cloud management while maintaining control over existing on-prem workloads.
With Windows Co-management, organizations can decide which workloads (such as compliance policies, Windows updates, or endpoint protection) are managed by Intune while keeping other workloads under Configuration Manager.
Drawbacks of Microsoft’s Co-Management for Windows
a. Complex setup and configuration: Enabling co-management requires extensive prerequisites, including proper licensing, hybrid Azure AD configuration, and a functional Microsoft Endpoint Manager (Intune + SCCM) setup, which can be time-consuming and complex.
d. Dependency on Azure AD and Intune: Co-management requires devices to be Azure AD-joined or hybrid Azure AD-joined and enrolled in Intune, limiting flexibility for organizations using alternative directory services or endpoint management solutions.
e. Limited workload transition options: While co-management allows gradual migration, not all SCCM workloads can be fully transferred to Intune such as imaging-based OS deployment, patching controls, and task sequences. This requires businesses to maintain SCCM for certain management tasks.
f. Potential performance issues: Organizations with large device fleets may experience performance issues due to the additional processing overhead of managing devices through both SCCM and Intune.
g. Cost considerations: Co-management requires licensing for both SCCM and Intune (Microsoft Endpoint Manager), which can increase costs, especially for enterprises looking to shift completely to cloud management.
Understanding Co-Management with Scalefusion UEM
Co-management with Scalefusion UEM empowers IT admins to enforce both Microsoft’s Configuration Service Provider (CSP) policies and Scalefusion’s MDM agent features on Windows 10 and 11 devices from a single, unified dashboard.
Why is this beneficial?
Microsoft’s CSP lets IT admins read, set, modify, or delete configuration settings on Windows 10 and later devices, providing them with modern management. However, since CSP policies don’t cover every feature, Scalefusion UEM supplements them with additional capabilities via its MDM agent to address specific business use cases.
This means:
- Suppose a modern Windows device is enrolled via Modern Management (CSP-based) enrollment. In that case, admins can still enforce MDM agent-based features alongside CSP policies by deploying the Scalefusion MDM Agent later.
- Similarly, for modern Windows devices that are enrolled via the MDM agent-based method, admins can later still apply Microsoft’s CSP-based policies, ensuring that the CSP-based Modern Management features are applied.
The outcome?
This integrated approach allows IT teams to achieve granular device management, harnessing the strengths of both CSP and Scalefusion’s MDM agent to manage Windows 10 and 11 devices effectively.
Key benefits of Co-management for Windows devices with Scalefusion UEM
- Dual policy enforcement – Unlike Microsoft’s co-management, Scalefusion UEM allows both CSP-based modern management policies and agent-based features to coexist, ensuring IT admins never have to choose between security and functionality.
- Stronger security and compliance— By enforcing modern security controls and extending agent-based policies to modern Windows systems, organizations can eliminate security gaps while staying compliant with industry regulations.
- One pane, one agent – Microsoft’s Co-management requires IT admins to buy additional licenses of Intune. With Scalefusion, you lower the operational costs. IT admins can configure, monitor, and secure modern Windows devices by using Scalefusion UEM itself. This eliminates the need to buy additional software.
Scalefusion UEM’s Windows Co-management model isn’t just about compatibility—it’s about empowering IT teams with unified management, security, and flexibility across all Windows devices, ensuring holistic device management and security.
Elevate Windows device management with Scalefusion UEM
Managing modern Windows devices—while ensuring security, compliance, and seamless operations—can be a challenge. While Microsoft’s Co-management offers a hybrid approach, it comes with complexities, rigid dependencies, and no support for legacy devices.
Scalefusion UEM eliminates these barriers with its refined Co-management model. It enables IT admins to enforce both CSP-based policies and agent-based features from a single dashboard, bridging the gap between modern cloud-based and traditional on-prem management.
With Scalefusion UEM, organizations can future-proof their Windows device management strategy, simplify policy enforcement, and co-manage modern Windows devices—all while reducing operational overhead.
Want to explore how Scalefusion can simplify Windows device management? Start a free 14-day trial or book a demo to see it in action.
