What is an MDM authority (and how do I set it up in Intune?)
Before you go about adding your first device to Intune, you have to choose your MDM authority for your tenant. The mobile device management authority determines where you will perform mobile device management tasks. In a domain joined network, the authority would be either Group Policy or SCCM for instance. There are three options to configure the tenant-level MDM authority.
- Intune MDM Authority
- Configuration Manager MDM Authority
Intune MDM Authority used to be known as Intune Standalone. This is a better name descriptor in that using this option, all mobile device management tasks will take place within Intune exclusively. The second option, Configuration Manager MDM Authority was once known as Hybrid MDM. Using this option means that devices are managed through a combination of Intune and SCCM Configuration Manager. You should know that this hybrid ability will be depreciated as of Sept. 1, 2019. On that date, Microsoft will stop delivering "policy, apps or security updates" to hybrid MDM users. You can interpret this as strong encouragement by Microsoft to transition to Intune on Azure. Really, Hybrid Intune was only meant to be a transition state for companies to begin their migrations to the cloud.
Configuring the MDM Authority for your tenant couldn’t be easier. If you are configuring your MDM Authority for the first time, you can simply logon to the Intune administrator console. If you are currently running in Hybrid MDM or Configuration Manager MDM Authority, you can either access the Intune administrator console or the Configuration Manager console of your SCCM server to initiate the process. In this case, I will use the example of assigning the MDM Authority for the very first time. Once you are logged on, simply go to Device enrollment.
Then you will see the option “Choose MDM Authority.” Note that if you have assigned your MDM Authority already, this option will not be visible.
Note that you can only transition from Configuration Manager MDM Authority to Intune MDM Authority and not vise versa. Also know that while it was true at one time that you had to contact Microsoft support to change from hybrid to stand alone, that requirement is now null and void. The entire MDM Authority selection process is self serve and simple. Keep in mind that there may be a transition time involved when changing between the two types of authority modes. Once the MDM Authority assignment process is complete, you can begin the process of enrolling devices.