Closed drewcifur closed 4 years ago
Thanks @drewcifur for the feedback. I'm looking into this.
I have some updates to make to this article and the licensing FAQ to help clarify, but still waiting to clarify one bit. But here's some info that should help answer your questions.
AAD pricing levels. P1/P3 both include conditional access, and device registration
M365 E3 includes AADP1.
One of the Autopilot license requirements is AADP1 and a full Intune license.
MDM auto-enrollment, which is a co-management prereq, requires AADP1. Other optional features of co-management, such as Conditional Access, also requires AADP1.
If you first manage the device with ConfigMgr, and then co-manage, you don’t need an Intune license even if you just have a ConfigMgr CAL. This point is the co-management licensing change we made at Ignite 2019. AADP1 is still required.
If you first manage the device with Intune, and then co-manage (deploy the ConfigMgr client from Intune), you do need an Intune license.
Thanks @aczechowski this break down helps make a little more sense of it all. :)
I have a change for this issue in review, I hope it will publish in the next several days. This issue should auto-close when the change merges, at which time it will publish within one business day.
On this page it says "you gain the following immediate value....Modern provisioning with Windows Autopilot" which contradicts what is on https://docs.microsoft.com/en-us/configmgr/core/understand/product-and-licensing-faq#bkmk_mem. The Product and Licensing FAQ says "Devices managed by Configuration Manager and enrolled into co-management have almost the same rights as an Intune standalone-managed PC. However, after resetting they can't be re-provisioned by using AutopIlot."
To add to my confusion, we were on a call with an Intune Principal Program Manager who said that for Windows Intune devices you would need a Device License in order to take advantage of things like Conditional Access and Autopilot.
So what does the "new license" for co-management actually mean? Does that really just get you registration in Intune and some telemetry data? Are we licensed to push Intune policies to our co-managed devices that do not have a user tied to them?
For what it's worth, we are M365 E3 which gets us User licenses for Intune but not Device licenses.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.