Windows Intune: SCCM Connector
The big thing in the Microsoft and SCCM world right now is Intune and how it functions with the System Center Suite, specifically SCCM. Connecting Intune to SCCM gives administrators a good amount of control over BYOD devices and ability to keep corporate data secure. Some features include wiping devices, configuring compliance settings, deploy LOB applications, and collecting software and hardware inventory.
There is an entire series of blog posts at https://windowsmanagementexperts.com/blog to get you started in Intune. This post will detail the steps required to tie your Intune subscription into SCCM to give you a signal pane of glass with which to manage your devices.
Intune Prerequisites
The first prerequisite for tying Intune to SCCM is obviously an Intune subscription. You must have this, or at least a trial set up first. You must also have your Azure AD set up and synced with your corporate directory. Finally, you need to have a DNS alias set up to point enterpriseenrollment.<company domain name>.com to manage.microsoft.com. This alias is used in the enrollment process. For more details about these steps, see this TechNet article: https://technet.microsoft.com/en-us/library/jj884158.aspx.
Enabling Intune for SCCM
After the prerequisites are complete, you can install the Intune connection site system role. This role pushes settings and applications to the Intune service. This is done by setting up the subscription under the Administration>Cloud Services tab in your SCCM console. Go through the wizard and sign into your Intune account. One important thing to notice here is that you will only be able to manage mobile devices by using the SCCM console. If you are managing computers, that will have to be done natively through SCCM.
Once you select SCCM has your management authority, it CANNOT be changed back to Intune.
You will be asked to specify a collection that contains the users who are able to enroll mobile devices. I would suggest creating a collection that will serve ONLY this purpose. You will also be asked to provide your SCCM site code. You will also be asked to configure some additional options about the devices that you wish to manage. After this, the wizard is complete.
Intune Site System Role
After the subscription has been added to SCCM, an option to install the Intune site system role will be available. This can be installed like any other system role, though it is only available on central administration or stand-alone primary sites. This role can be installed on any site server.
Setup Mobile Device Enrollment
Setting the system up for the enrollment of devices is different for each platform. For Windows Phone 8 devices, you must get a Symantec certificate and code-sign your company portal. For Windows Phone 8.1 and Windows RT, you must use a sideloading key and all LOB apps must be code signed. For iOS, you need an Apple Push Notification certificate, and nothing is required for Android. After these various certificates are in place, you are ready to begin enrolling and managing devices with SCCM and Intune.
