Even though the CDP isn't required to use co-management, it is useful in most environments. For example, if your environment has 100,000 clients, when you enable this setting, enrollment occurs over several days. If you only want to enable co-management, you don't need to switch workloads now. Automation, Pro-Activeness, and Self service are the other 3 trigger points for modern IT. These devices might have been provisioned through Windows Autopilot or are direct from your hardware OEM. If you don't save this command line now, you can review the co-management configuration at any time to get this command line. I hope Airbnb and Uber stories will give you more thought points about You set up hybrid Azure AD, and enroll them into Intune. In this tutorial, you set up co-management of Windows 10 devices in an environment where you use both Azure Active Directory (AD) and an on-premises AD but don't have a hybrid Azure Active Directory (AD). You don't directly create the service in Azure. Select All services > Azure Active Directory > App registrations, and then: Go to API Permissions > select Grant admin consent for , and then select Yes. Version 1810 also introduces a simpler command line for internet-based installation of the Configuration Manager client. Like the Web app, these credentials aren't saved and don't require permissions in Configuration Manager. Export the CMG server authentication certificate from your server. On TechNet I read, ‘When you have Windows 10 devices that are Configuration Manager clients, you can enroll these devices and enable co-management from the Configuration Manager console. I did more detailed analysis of IT industry in the post called Future of SCCM ConfigMgr Intune Admin Jobs. Select OK to close the Create Client Application dialog and return to the App Properties page. Configure settings that enable on-premises management points and clients to use the cloud management gateway. The requirement is only for reporting purpose(to run queries and reports like s/w and h/w inventory for intune managed devices). Starting in version 1906, this tab is called Communication Security. Before you switch any workloads, make sure you properly configure and deploy the corresponding workload in Intune. For app type, select Line-of-business app under Other. If a device is unenrolled by the user, on the next evaluation of the policy, it will re-enroll. For Resource Group, use an existing resource group or create a group with a friendly name that uses no spaces, like CofigMgrCloudServices. 3 comments. The client app only provides user and device authentication for clients that use the CMG service.