IT Consultant Everyday Notes

Just some problems/solutions storage

Tag Archives: co-manageent

SCCM: Co-management setup with SCCM Client installation

I decided to set up a test lab for co-management. Here is what I have:

Azure AD tenant. In addition to Primary * I have multiple custom domains registered.

SCCM 1806 on-prem

I started from deploying CMG as demonstrated in Justin’s video: 

The only difference – I did not use internal domain name for CMG, just left it as That allowed me to avoid CNAME requirement.

after that I configured co-management as per

but unfortunately SCCM client was not installed on my test machine joined to Azure AD.

I am using enhanced HTTP on SCCM side; my internal MP operates in HTTP mode and there is no certificate installed on the the Client. I tried to be as close as possible to real BYOD scenario.

After some troubleshooting I sent the question to Technet forums 

Based on the forum discussion I replaced Intune MSI-based SCCM Client deployment to W32 App which Microsoft has currently in preview. Just as Martin recommended:

Nick provided great help with tokens troubleshooting. I found his article here:

And do not forget to Approve the Client in SCCM console (at least in my case it was a workgroup machine and auto-approval was not enabled on SCCM).

It took ~15 min after approval before the Client got policy from SCCM MP.

After all everything is working, but took some time with research and troubleshooting…