View Blog

Mar 2019
05

Long, long ago, well, actually not so long ago, there were two worlds.  There was the on-prem world and the mobile world, and the two would never become one, until of course they did one day.  Up until Windows 10 version 1607, a device could either be on premise AD or Azure AD.  This made sense at the time.  Back then, MDM enrolled machines was pretty much restricted to mobile devices as administrators wanted the extensive management control that Group Policy or SCCM provided them for enterprise desktops. Mobile devices were better served in the cloud and outside of device resets and remote wipe capabilities, there wasn’t much you could do with MDM early on.

It wasn’t thought a good idea at the time to have settings delivered from multiple sources.  In order to prevent that from happening, devices were blocked from the ability to simultaneously register with SCCM and Intune at the same time.  In fact, the activation of the SCCM client on a Windows device automatically disabled any built-in MDM capabilities.  Devices were segregated to one or the other.

If your company’s IT staff had separated SCCM administrators and mobile device administrators, then everything was fine.  But if you had to manage both desktops and tablets, you had to switch back and forth between the Configuration Manager console and the MDM console.  So Microsoft set about to integrate Configuration Manager with Intune with what was called “hybrid configuration” so that both on-prem and mobile devices could be managed from the same console.  Co-management between the two was born.  Note that Intune was the only MDM supported in this scenario.  The merging of these two platforms is illustrated below.

But as in everything, things change.  Microsoft put more focus into MDM as time went on, and as a result, more setting capabilities and features were built into Intune.  Organizations also started recognizing the value of migrating more computers to the cloud than just mobile devices.  Microsoft also began figuring out that it was in their interest to encourage customers to move to the cloud.  Because of these and other factors, the usefulness of allowing devices to co-exist in both on-prem AD and Azure AD was realized.  Starting with 1607, computers could be a part of both at the same time.  Then came 1709 in which the SCCM client could now run on a device without its MDM capabilities being disabled.  This made it possible for a computer to receive setting input from both sources.  This signaled the end of Hybrid MDM.  In August of 2018, Hybrid MDM became a deprecated feature and Microsoft began blocking the registering of new Hybrid MDM customers in November of the same year. 

Comments (0)

No Comments!