Intune with Kace SMA
I'm currently working on our deployment for Windows 11 prior to our refresh cycle. Has anyone used the SMA appliance and Intune in tandem (hybrid -joined computers)? It seems that Intune has some policies that are missing from our on-prem GPOs.
Answers (2)
I use the SMA to pick up where Intune fails (and it fails a lot).
Intune pushes are like using your mouth to blow on a sail.
After Intune actions MS take 0 to infinity minutes to push the action, change groups and note compliance, device checking/sync, actually make the change on the device, and then report back. Some actions can take a day or more to be sure of some configuration policy.
Kace lets me check a registry key, set something, push an application or setting and see it all in [mostly] real time.
Intune Configuration Profiles and GPOs will battle.
I found it easier to give up on GPOs for workstation/user devices and use the Intune Configuration Profiles.
MS has a tool to push your GPOs through and get feedback and settings to clear up which will work, which will not and how you can best replicate your settings. After that, there is a lot of tricking the OS with OMA-URI and picking up the slack with Kace. Drive mapping was a fun one to get. https://learn.microsoft.com/en-us/mem/intune/configuration/group-policy-analytics
If you go all AAD and leave the hybrid, you will lose the GPOs....as that is the "trend" it might be best to focus on the Intune side. Printers have been an issue, but we use a third party program PaperCut which has a print deploy software for pushing drivers. I could have handled it all with Intune/Kace and powershell but who wants that much work.
I set up the initial software with Intune but I do not really keep those so up to date. I use version checking scripts of a version or higher to note the software is there but then I use Kace to update it.
I usually do my software installs and updates with Kace first and then add them to Intune when I get around to it.
Re-reading your question, you are asking about hybrid computers to which I thought you meant Hybrid-joined AD/AAD...but if you mean comanaged, then I have not done that. I do not use Kace MDM just the SMA.
Why not just use proactive remediations for a lot of things that you are needing? We script almost everything we need into remediations unless it's just needed one time and then we bundle the script into a win32 app and run it that way. Intune is a great system but does take a lot of work to build it out.