What is the MDM Authority
Before any Microsoft Intune implementation project, a choice should be made between setting up a Microsoft Intune platform in standalone or hybrid mode (with System Center Configuration Manager). It is necessary to know the two solutions, but also the advantages and disadvantages of these solutions. Switching from one mode to another has been simplified from System Center Configuration Manager 1610. It is no longer necessary to contact Microsoft support for this. This is discussed in the next chapter.
We therefore have two modes of management:
- Device management from intune only . All operations are carried out from the Azure platform.
- Device management from SCCM. This will consist of adding an Intune connector to SCCM. This is how the management is carried out since SCCM. Replication to and from the intune platform is performed.
The mode selection is made with the configuration of the MDM authority. It is mandatory to perform this operation before any configuration. The configuration of the MDM authority from the Azure console allows you to select the Autonomous mode. Adding the connector to SCCM allows MDM authority configuration in hybrid mode.
However, there is a third mode, which can be activated with Office 365. It is possible to manage mobile phones using Office 365, but this platform offers fewer features than Microsoft Intune.
Reset MDM Authority (Intune Standalone to SCCM)
To switch from Intune in standalone mode to Intune in hybrid mode (with SCCM). It is necessary to have SCCM in version 1610 or higher to be able to reset the MDM authority.
We can see in the Intune console below that the MDM authority is currently configured for a standalone use of intune.
Before resetting the MDM authority, it is necessary to remove the Device Registration Manager. The same is true for device group mappings. Unlike the old procedure, which required the removal of equipment from the Microsoft Intune platform, this procedure has no impact on users. However, it is recommended that they be warned so that the equipment is turned on, and a connection to the Intune service is made by them.
However, it is necessary to renew the certificate of the apple push notification service (APNs). Note that creating a new certificate involves cancelling the previous registration. It is therefore necessary in this case to re-register the equipment.
The reset process will consist of the following operations:
- Added subscription to System Center Configuration Manager console.
- Configuring the Apple APNs certificate with the same certificate as the standalone Intune console.
- Configure policies, applications,… in System Center Configuration Manager.
Reset MDM Authority (SCCM to Intune Standalone)
As we have seen, it is possible to reset the MDM authority to switch from standalone to hybrid mode. The same is true for switching from hybrid to standalone mode.
Once again, since System Center Configuration Manager version 1610, it is no longer necessary to remove all devices before the reset operation. Note that it may take several hours to take into account the hybrid mode in standalone mode for items. Following the reset, the configuration for IOS equipment support is required. It is important that the user logs on to the Intune service after the reset. This will allow the existing parameters to be replaced. The configuration strategies (wifi,…) deployed using System Center Configuration Manage and Microsoft Intune are kept for 7 days. It is therefore highly recommended to configure the new platform (addition of applications, policies,…) rather quickly. Thus, the new strategies will replace those deployed by the old platform.
Please note that the display of device conformity data may take up to 7 days.
The MDM authority is reset from the SCCM console.
In the SCCM console, click Administration, then Service Cloud, and then Microsoft Intune Subscription.
Right-click on the subscription and then in the context menu click Delete.
A wizard starts, select Use Microsoft Intune as MDM Authority and click Next.
A warning message appears, click Yes.In the Microsoft Intune Subscription window, click Login.
A window appears, enter the Intune credentials and click Next. Click Next in the following windows without making any changes. MDM authority has now been reset for standalone use.