How to remove SCCM Co-Management in favour of Intune
A lot of companies are finding that they’re losing or have lost their System Center Config Manager (SCCM) skills and/or that the upkeep for what is predominantly an On-Premises system is holding them back from going cloud only/cloud first.
We’re seeing many people jump/skip/bypass/remove the Co-Management/Tenant Attach connection between SCCM and Intune, opting to go pure cloud managed. So how do you get from a Co-Managed estate to an Intune manage estate?
In short, after completing all the infrastructure prerequisites, removing the Configuration Manager client from the device should really be enough to trigger the change to the Management authority, severing all ties with SCCM and enabling pure Intune MDM management. However, this doesn’t always work (does it ever work?).
Recently I decommissioned an ageing SCCM platform from an environment in which the client went fully cloud managed. The process for this was as follows;
- Move all SCCM workloads to Intune
- Disable any GPO’s internally that would push the SCCM client
- Disable the internal SCCM option to push the client
- Deploy a PowerShell script via Intune to initiate the uninstallation of the SCCM client (actually I used a Proactive Remediation so that I could perform conditional testing and gather feedback from the devices, a basic “if the SCCM client exists”, remediate by uninstalling)
- Remove all roles within SCCM, from all Servers
- Delete All Site Systems
- Shutdown the SCCM servers
- Review and Remove any objects from the System Management container in AD
At this point, I had assumed removing the client would suffice, however, when testing not all devices switched from Co-Managed to Intune managed, so I had to unpick why this was. It turns out this is quite common, and after a quick Google and read of Moving to full Intune – Devices still showing as “Co-Managed” – Microsoft Q&A I found reference to some registry entries that remained. In testing, when these were deleted, the device(s) switched over to Intune managed, so I concluded that I needed to perform a more complete removal of the client. Which is where, within the same article linked above, I stumbled across the Remove-MCMClient.ps1 script from Chad Simmons.
I ended up pushing the Remove-MCMClient.ps1 script as a remediation action, if we detected that the device still had the registry entries described in the script present.
This was then deployed as required in the environment and the estate was gradually migrated from on-premises SCCM management, to pure Intune management.
Leave a Reply