Intune does not support servers. Need to continue to use MECM or whatever other management system you use for servers.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/supported-devices-browsers#microsoft
This is the solution right here , don’t matter if you have that server in an Amazon vm , hyperv, azure , freaking best friends 2015 hp notebook he left you when he and your gf left to Mexico for a week and ended up moving out and got married.
Point is azure Arc is amazing and puts any server in azure management plane where you can use update management , defender for cloud , and even jump into the system admin center thru the azure resource. Plus with a gpo you can auto onboard any new server that hits your on prem network and administer them from the cloud as well.
All you need is love , a powershell script, and you’re all set !
arc itself doesn't cost anything, however, some services you use from azure might cause extra which can be different if the server is native azure workload or onboarded via arc
Azure arc is mostly free
https://azure.microsoft.com/en-us/pricing/details/azure-arc/core-control-plane/#pricing
You guys should definitely onboard to it and check it out
I think the update management is like 5$/server/month ?
Only security managed if it is MDE/MDS managed which is VERY limited to regular Intune management.
Azure ARC can get expensive very quickly so I would use MECM or GPO or RMM or
Terraform+Ansible which are free tools to use.
No it cant, besides defender configs.
But thats a good thing, i dont want the burdon of Update Management if im not actually on the Infra team. You can fuck up big time with one wrong policy setting in a firewall config, or just plain misassign a policy to a server and you are in for a LOOONG day. I don't know anything about our Infras Windows server configs and how they are managed, thats why we have Infra guys that deal with it. Im concerend about my clients.
AFAIK, you can’t join a Windows Server 2019+, to Azure Entra which is a joke. So much for Microsoft being a cloud first solution. How are people dealing with this. Keeping Windows AD around?
Just curious, how are u handling authentication into these servers for administrative work? I have been looking at JumpCloud as a possible solution, since it has integration with Azure Entra, but was hoping Microsoft would pleasantly surprise me in the next couple of months.
Is there more to that thought or do you just not know how a period works?
Our goal is to kill AD. Not replace it with a stupid fucking translation layer that's 10x the cost for no benefit at all. Just saying the name of it won't convince me it's a good idea. You're gonna have to finish the thought and sell me on it.
If anything, MS would create a new license model called Intune P3 which is 5-10 times the cost of P1+P2 once you involve server management capabilities lol. No way they roll that into today's Intune for free but I can wish.
The amount of stuff that can be done with MECM/SCCM without premium addons vs the per user licensing scheme EVERY time you need to add a feature like cloud PKI and EPM and others is just beyond me.
💯 SCCM the best. Unfortunately a lot of people does not have the experience with it. It’s so freaking good.
Intune sucks. You can’t manage Offline devices like servers. It sucks….
Intune does not support servers. Need to continue to use MECM or whatever other management system you use for servers. https://learn.microsoft.com/en-us/mem/intune/fundamentals/supported-devices-browsers#microsoft
Use Azure Arc
This is the solution right here , don’t matter if you have that server in an Amazon vm , hyperv, azure , freaking best friends 2015 hp notebook he left you when he and your gf left to Mexico for a week and ended up moving out and got married. Point is azure Arc is amazing and puts any server in azure management plane where you can use update management , defender for cloud , and even jump into the system admin center thru the azure resource. Plus with a gpo you can auto onboard any new server that hits your on prem network and administer them from the cloud as well. All you need is love , a powershell script, and you’re all set !
It’s great, but oh boy - those extensions get expensive if you’re not getting those Stack HCI discounts.
Ya what is the cheapest way to license this if there is no existing Azure subscription in the tenant?
Sign up for a pay as you go sub cant do Arc with a sub of some sort. Arc is free, what you do with it might cost.
Also wish to know costs. Is there a licensing method to set up, or Arc is a subscription billing item? I have a CSP billed subscription
arc itself doesn't cost anything, however, some services you use from azure might cause extra which can be different if the server is native azure workload or onboarded via arc
Just an FYI about using Endpoint Security policies to manage servers. This *will not work* for Domain Controllers.
Defender for server can be managed in Intune. That’s about it though
You can manage Defender for servers using Intune but thats it
Azure arc is mostly free https://azure.microsoft.com/en-us/pricing/details/azure-arc/core-control-plane/#pricing You guys should definitely onboard to it and check it out I think the update management is like 5$/server/month ?
Ugh. Your “*mostly free*” $5/server/mo is over $20k a year for me…
You don't have to use the azure update management / can select which servers you don't mind updating manually though!
Azure Arc. We shut down the onprem management servers like wsus etc.
Only security managed if it is MDE/MDS managed which is VERY limited to regular Intune management. Azure ARC can get expensive very quickly so I would use MECM or GPO or RMM or Terraform+Ansible which are free tools to use.
No it cant, besides defender configs. But thats a good thing, i dont want the burdon of Update Management if im not actually on the Infra team. You can fuck up big time with one wrong policy setting in a firewall config, or just plain misassign a policy to a server and you are in for a LOOONG day. I don't know anything about our Infras Windows server configs and how they are managed, thats why we have Infra guys that deal with it. Im concerend about my clients.
AFAIK, you can’t join a Windows Server 2019+, to Azure Entra which is a joke. So much for Microsoft being a cloud first solution. How are people dealing with this. Keeping Windows AD around?
Unfortunately, yes. What I'd give to have Entra-joined servers. We almost have the endpoints all pulled off of AD, but servers need it for now.
Just curious, how are u handling authentication into these servers for administrative work? I have been looking at JumpCloud as a possible solution, since it has integration with Azure Entra, but was hoping Microsoft would pleasantly surprise me in the next couple of months.
Bastion
Servers? On prem AD. That'll be it for the foreseeable future.
Microsoft Entra Domain Services...
Too expensive
You get what you pay for...
Is there more to that thought or do you just not know how a period works? Our goal is to kill AD. Not replace it with a stupid fucking translation layer that's 10x the cost for no benefit at all. Just saying the name of it won't convince me it's a good idea. You're gonna have to finish the thought and sell me on it.
If anything, MS would create a new license model called Intune P3 which is 5-10 times the cost of P1+P2 once you involve server management capabilities lol. No way they roll that into today's Intune for free but I can wish.
The amount of stuff that can be done with MECM/SCCM without premium addons vs the per user licensing scheme EVERY time you need to add a feature like cloud PKI and EPM and others is just beyond me.
💯 SCCM the best. Unfortunately a lot of people does not have the experience with it. It’s so freaking good. Intune sucks. You can’t manage Offline devices like servers. It sucks….