Managing Windows devices in modern enterprises requires balancing on-premises management and cloud-driven flexibility. Co-management enables IT teams to leverage the best of both worlds by integrating Microsoft Endpoint Manager (Intune) with existing Configuration Manager (SCCM). With Scalefusion Unified Endpoint Management (UEM), organizations can enhance Co-management for Windows device management.
Let’s have a look at the step-by-step process of enabling Co-management on Windows devices, ensuring a smooth transition to a dual management model.
How to enable Co-management in Windows
Enabling co-management in Windows allows organizations to manage devices using both Microsoft Configuration Manager and Microsoft Intune, providing flexibility and a unified approach to device management. There are a few prerequisites that need to be met:
- Supported Configuration Manager Version
- Hybrid Microsoft Entra Joined Devices
- Active Intune Subscription
- Azure AD Connect for Directory Sync
- Admin Permissions in Configuration Manager & Entra ID
Below are the steps to set up co-management for existing Configuration Manager clients:
Step 1: Configure Azure services in Configuration Manager
- Open ‘Configuration Manager Console’, go to ‘Administration’, and then ‘Cloud Attach’.
- Click ‘Configure Cloud Attach’ and sign in with an ‘Entra Global Admin’ account.
- Enable ‘Automatic Enrollment’: Choose Pilot, All, or None.
- Assign workloads to Intune: Select Pilot Intune (specific devices) or Intune (all).
- Finish the setup.
Step 2: Configure Client Settings for Entra-ID Registration
- Open ‘Default Client Settings’ in ‘Configuration Manager’.
- Navigate to ‘Cloud Services’ and enable automatic ‘Entra ID registration’.
- Save the changes.
Step 3: Monitor Co-management
- Go to ‘Monitoring’ > ‘Cloud Attach’ dashboard.
- Check enrollment status and workload assignment.
Enabling Co-management for Windows with Scalefusion UEM
Scalefusion UEM empowers IT teams to manage devices more efficiently across Windows 10 and 11 versions. By combining CSP-based Modern Management with MDM agent-based controls, organizations can achieve a balanced, secure, and flexible device management.
Use Case 1: Windows 10 and above device is enrolled via CSP-based Modern management
If you have enrolled Windows 10 and above devices via the Modern management enrollment method – browser-based enrollment, then follow the steps below to apply Scalefusion MDM Agent-based features on Windows 10 and above devices:
Step 1: Log in to your Scalefusion dashboard.
a. Enter your registered email address.
b. Insert the password and click on continue.
c. Two-factor authentication will send OTP via email to authenticate your identity.
d. Enter the OTP and log in to the dashboard.
Step 2: Finding the Scalefusion MDM Agent app
a. Navigate to ‘Application Management’.
b. Under the ‘Scalefusion Apps’ tab, change the filter to ‘Windows’.
c. Scalefusion MDM Agent app for Windows will be displayed on the screen along with other proprietary apps. Click on ‘Publish’.
d. A dialog box will slide from the right, displaying all the app details. Click on the ‘Publish’ button on the dialog box.
Step 3: Selecting the device profile
a. Select the device profile and then click on the ‘Publish’ button on the top right.
This deploys the Scalefusion MDM Agent application to the Windows device profile, ensuring it is automatically pushed to all Windows devices, device groups, and user groups associated with that profile.
| Note: Once the agent is published, admins can configure all the agent based settings in the Windows device profile and apply them to the desired Windows devices associated to that profile. |
Want to see Scalefusion’s Co-management in action?
Book a free demo today!
Use Case 2: Windows 10 and above device is enrolled via agent-based enrollment
Follow the steps below if you have enrolled your Windows devices using Scalefusion MDM Agent-based enrollment and then want to apply CSP modern management policies:
Step 1: Log in to your Scalefusion dashboard.
Step 2: Navigate to ‘Device Profiles & Policies’ > ‘Device Profiles’.
Step 3: Create a new or edit an existing device profile. Click on the ‘Edit’ button to make changes to an existing profile.
| Note: The steps here show how to apply CSP-based policies by editing an existing profile. To know how to create a new Windows device profile, click here. |
Step 4: On the ‘Create New Profile’ page, navigate to ‘Settings’ tab > ‘Scalefusion Agent Settings’ > ‘Management Settings’. Toggle on the ‘Auto Enroll to Modern Management’ setting. Lastly, click on ‘Update Profile’.
This updates the existing Windows device profile with new changes and redirects you back to the ‘Device Profiles’ page.
Step 5: Click on ‘Apply’ to push the device profile to your desired device and user groups, and individual devices.
| Note: This automatically enrolls the Agent-based enrolled Windows 10 and above devices to modern management, enabling you to apply CSP-based policies with Scalefusion MDM-based settings. |
Next steps?
Scalefusion UEM provides a comprehensive solution for managing Windows devices, supporting both legacy and modern systems. With powerful management capabilities, it ensures seamless endpoint control while securing devices and data.
Curious how Scalefusion UEM can simplify your Windows device management?
Sign up for a 14-day free trial now.
