Windows Intune Mobile Device Management Authority

Posted on Updated on

I’ve known for quite some time that once you set System Center Configuration Manager (ConfigMgr) as the management authority for Mobile Device Management (MDM) that you would have to call Microsoft Support if you wanted to revert to MS Intune as the Management Authority. You need to retire all of your managed devices, remove certificates, policies, applications etc. It can take up to five days to reset the tenant back to the defaults.

You will lose all of your customizations and will need to re-enroll all of your devices. There is no way to save and reapply the customizations at this time.

But what about the reverse. You’ve started using Intune for MDM and now for whatever reason want to add the subscription to your ConfigMgr site and make it the MDM management authority? Since I work primarily with on premise ConfigMgr environments or hybrid implementations, I’ve never tested connecting ConfigMgr to a subscription that had Intune as the MDM management authority. The documentation says it shouldn’t work but what will you see in the ConfigMgr console?

First of all, this is not made very clear when you run the Create Microsoft Intune Subscription Wizard. When running the wizard you will be prompted to sign in to your Intune subscription. Even though the Next button is available you won’t be able to do anything until you sing in.

Clicking Sign In will display the Set the Mobile Device Management Authority dialogue. In my opinion this where a better explanation is required. Especially since this isn’t something you would normally do more than once. You won’t have past experience to rely on.

Once you check the I understand box you will be prompted to sign in to your Intune subscription with administrative credentials. If your subscription already has a management authority you will get the generic error below that doesn’t tell you what went wrong.

If thing the subscription does nto have a MDM management authority set (new un-configured subscription or rest tenant) then you will be returned to the previous screen with the Sign In button greyed out and the ability to continue through the wizard.

WARNING:  Cancelling the wizard at this point is possible but all you will accomplish is not having a configured Intune connector in ConfigMgr. You will have already changed the Management Authority in Intune.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s