Tuesday, May 24, 2016

Difference between Intune Standalone and ConfigMgr hybrid mode (part 4)

Recently I did some blogposts about the difference using Intune Standalone or ConfigMgr hybrid mode.
You can find them here: part 1 / part 2 / part 3

For ConfigMgr hybrid mode I mentioned the following:
As for ConfigMgr hybrid mode, this must be done in Configuration items and baselines, where not sure when they arrive. Monitoring - deployments is not the right place also, given a 'Unknown' status most of times. Did a lot of compliance checks and reboots on mobile devices, but nothing seems to happen..

Trick is, you need to do some additional configuration. When policies in Intune are working immediately, they are in ConfigMgr not.
When creating configuration items in ConfigMgr, "Remediate noncompliant settings" is turned on by default.
When creating and deploying configuration baselines, this is not the case. "Remediate noncompliant rules when supported" is not turned on by default. Trick is, you need to enable this for making them active.

In the baseline deployment properties "Remediate noncompliant rules when supported" must be selected. I did change the schedule for 7 days to 5 minutes too. After that configuration was starting on mobile devices right away.

Why this isn't configured by default is the question? Without this setting you can wait forever for policies to come through..

No comments:

Post a Comment