MDM and SCCM co-existence overview

MaaS360® introduces co-existence for customers who are managing devices using Client Management Tools such as Microsoft System Center Configuration Management (SCCM) to facilitate management of an endpoint through modern management. With the modern management model, IT administrators can use various MDM functions such as simplifying the onboarding of devices, enrolling devices, and delivering real-time policies and updates from the cloud to endpoints.

An endpoint that co-exists in MDM and Client Management Tools such as SCCM uses a server-side connection with SCCM for some core CMT-based workflows and another connection with the MaaS360 server that allows modern management of Windows 10+ . Customers can migrate their existing Windows devices that are managed from SCCM to secure cloud-hosted modern management enabled by MaaS360.

With co-existence, MaaS360 provides the following benefits:

  • Easy management of devices from a cloud-hosted and modern management enabled solution.
  • Management and control of devices in real-time even if the devices are on the intranet or internet.
  • Simplified deployment of operating systems that use newer services such as Windows Autopilot.
SCCM and MDM co-existence

Comparing Client Management Tools and SCCM co-existence features

Feature Client Management Tool SCCM co-existence with MaaS360
Main capabilities
  • On-Premise AD
    • GPO policies
  • Device collections or inventory
  • Application distribution
    • MSI, EXE, Scripts, Docs
  • Exhaustive and lightweight MDM policies for security and configuration of OTA
    • Policy push, real-time actions such as Locate, Wipe, and Message.
  • Integration with AD and Azure AD
    • Easy to roll out Office 365 and Azure AD
    • Azure AD conditional access based application distribution (UWP, EXE, MSI, Scripts, Docs)
OS management
  • Image-based OS deployment
  • Complex process
  • Autopilot and Azure AD based OS management
Basic support
  • Support for Windows 7, Windows 8.1, Windows 10+
  • Agent-based management
  • Distributed architecture and heavyweight infrastructure
  • Support for Windows 7, Windows 8.1, Windows 10+
  • Scalable, cloud-hosted, and modern management based
  • Immediate access to all the benefits of modern management
Patch management Support for cumulative and express files Update management enabled patch management on the same console
Other features  
  • Secure Browser
  • Modern App Catalog
  • End-user portal

Use cases for SCCM and MDM co-existence

  • Supports BYOD (Bring Your Own Device) and secure management of Windows 10+ devices over-the-air (OTA).
  • Roll out Azure AD and Office 365 based online services.
  • Move from image-based OS management to Autopilot-based OS management.
  • Take real-time actions on devices that are connected to the intranet or the internet.

Getting started with co-existence

To create MDM and SCCM co-existence by enrolling SCCM registered devices in MaaS360, follow these steps:
  1. Deploy the bulk enrollment executable to endpoint devices that are ported from a Client Management Tool to MDM.
  2. Migrate existing Group Policy Objects policies by using the MaaS360 SCCM Migration Tool and then create equivalent MDM policies in MaaS360.
  3. Override the Group Policy Objects policies with the MDM policy to resolve conflicts.