Today we posted a service change announcement in the Office Message Center to customers using Hybrid Mobile Device Management (MDM). The message we posted is shared below. Following the announcement, we’ve included answers to frequently asked questions. If you’ve got any additional questions, reach out to us through your Microsoft Account representative, FastTrack for Microsoft 365 or EMS, Microsoft Partner, or contact us directly through comments on this post. We will continue to update this blog post as needed.
MC146431 - Plan for Change: Move to Intune on Azure for your Mobile Device Management
Since launching on Azure over a year ago, Intune has added hundreds of new customer-requested and market-leading service capabilities, and now offers far more capabilities than those offered through hybrid Mobile Device Management (MDM). Intune on Azure provides a more integrated, streamlined administrative experience for your enterprise mobility needs.
As a result, we see that most Enterprise Mobility + Security (EMS) customers choose Intune on Azure over hybrid MDM. The number of customers using hybrid MDM continues to decrease as more customers move to the cloud. Therefore, on September 1, 2019, we will retire the hybrid MDM service offering. Please plan your migration to Intune on Azure for your MDM needs. We have tools, case studies, and other resources to help with this migration.
Note: This change does not affect on-premises System Center Configuration Manager (ConfigMgr) or co-management for Windows 10 devices. If you are unsure whether you are using hybrid MDM, go to the Administration workspace of the ConfigMgr console, expand Cloud Services, and click Microsoft Intune Subscriptions. If you have a Microsoft Intune subscription setup, your tenant is configured for hybrid MDM.
How does this affect me?
- Microsoft will support your hybrid MDM usage for the next year. We will continue to release major bug fixes and ensure existing functionality is supported on OS versions, such as enrollment on iOS 12. We will not invest in new features for hybrid MDM.
- We do not expect any end user impact to this change, provided you migrate to Intune on Azure before the end of the hybrid MDM offering.
- Licensing remains as is; Intune on Azure licenses are included with hybrid MDM.
- We will begin to block the onboarding of new hybrid MDM customers starting in November 2018.
- On September 1, 2019, any remaining hybrid MDM devices will no longer receive policy, apps, or security updates.
What do I need to do to prepare for this change?
- Start planning your migration for MDM from the ConfigMgr console to Azure. Many customers, including Microsoft IT, have gone through this process. Read this case study sharing best practices and lessons learned from Microsoft’s own migration.
- Review tools and documentation we’ve created to simplify the process of moving from hybrid MDM to Intune on Azure. Many customers, including some of our largest and smallest, have successfully used these tools and guidance to migrate.
- Contact your partner of record or FastTrack for assistance. FastTrack for Microsoft 365 or EMS can assist in your migration from hybrid MDM to Intune on Azure. More information on how to open this specific type of FastTrack ticket is included in the Additional Information link.
The additional information link in the message center post points to this blog post for more information. As shared in this post’s introduction, we’re including answers to some frequently asked questions.
Q: What is Hybrid MDM?
A: Hybrid MDM was originally created to utilize the capabilities of the ConfigMgr console while managing mobile devices with Microsoft Intune. Hybrid MDM uses Intune as the delivery channel for policies, profiles, and applications to devices and uses ConfigMgr on-premises infrastructure to administer content and manage the devices.
Q: How do I know if I’m using hybrid MDM?
A: Go to the Administration workspace of the ConfigMgr console, expand Cloud Services, and click Microsoft Intune Subscriptions. If you have a Microsoft Intune subscription setup, your tenant is configured for hybrid MDM.
Q: Are hybrid MDM and co-management the same thing?
A: Nope! The key difference is that hybrid is for mobile devices and has been an alternative solution to Intune in the cloud, whereas co-management is for Windows 10 devices where the ConfigMgr and Intune consoles can be used simultaneously to manage different workloads for the same devices.
Q: Does this affect co-management?
A: Not at all. Co-management enables you to concurrently manage Windows 10 devices by using both ConfigMgr and Intune. Co-management is where we see growth of customers wanting both on premise and cloud-based management.
Q: Is ConfigMgr going away?
A: A resounding no! This change does not affect our interest or investments in ConfigMgr as a solution for on-premises device management. We will continue to fully support our customers in this area.
Q: What do I do if I’ve done a bunch of customizations with hybrid MDM?
A: Contact us through your Microsoft Account representative, FastTrack, Microsoft Partner or us directly through this post if you have migration blockers.
Q: I use mixed authority. Do I need to migrate?
A: Yes! This service announcement will affect customers with mixed authority.
Q: What’s behind this strategy shift?
A: The end user expectation is changing the role of IT. Remember years ago, when you could hold off adopting a new operating system for months or even years? Now, day zero support is expected by your end users. They have a brand-new phone with the latest operating system, and their creativity and teamwork depend on O365 access. Your job is not just to manage that device – you deliver user empowerment, management, and security. As Unified Endpoint Management, Identity and Access Management, and Endpoint Protection all come together, the hybrid MDM solution is not meeting that need nor is it reacting quickly enough to the changes in the MDM marketplace.
Q: Can my Microsoft Partner provide support?
A: If you have a Microsoft partner that provides ongoing managed services, please reach out to them directly for additional support.
Q: How do I request assistance from FastTrack?
A: To request assistance from FastTrack, get started by going to FastTrack for Microsoft 365 or EMS. Click on the “Sign In” prompt, and enter your org ID. Go to the dashboard, and from there follow the prompts to access the Request for Assistance form. Your submission will be reviewed and routed to the appropriate team that will address your specific needs and eligibility. You can also find best practices, tools, and resources from the experts to help make your experience with the Microsoft Cloud a great one. Screen shots of this workflow are also provided in this linked support blog.
Q: Does this affect Conditional Access (CA) or On-premises MDM with ConfigMgr?
A: These features are not deprecated. We are working on a solution to allow these features to work without hybrid MDM.
8/27/18: Updated with information about CA and On-prem MDM with ConfigMgr