Co-Management and Azure AD
Start course

In this course, I will take you through the features provided by Microsoft 365 that allow you to monitor, protect, and manage devices across an organization. 

Learning Objectives

  • The differences and benefits of both the Configuration Manager and Microsoft Intune
  • What co-management is and what benefits it provides
  • The capabilities and differences between the MDM solutions provided within Microsoft 365, which are Basic Mobility and Security and Microsoft Intune
  • How other Microsoft tools integrate with MDM solutions to provide better security for organizations

Intended Audience

  • Users looking to learn about Managing Devices with Microsoft 365


  • Have a basic understanding of Microsoft 365

Co-Management does have the requirement of having an Azure AD premium license in order to be enabled. So, let's quickly go over Azure AD. Azure Active Directory is a Microsoft cloud-based identity and access management solution. It combines directory services, application access management, and even identity protection into a single easy-to-use solution while providing the benefits of each tool. There are technically three options of Azure AD Licenses: Azure AD free, Azure AD Premium P1, and Azure AD Premium P2. 

Azure AD free is provided to any organization that is subscribed to Microsoft online business service. It enables things like single sign-on and user and group management. Azure AD Premium P1 provides everything the free version did and adds advanced administration and the Microsoft Identity Manager. Azure AD Premium P2 builds even further on top of that and throws in Azure AD Identity Protection and Privileged Identity Management. To enable co-management, organizations must have one of the premium Azure AD licenses. If organizations already have an on-premises Active directory domain service, then they must integrate with Azure Active Directory through either an Azure AD P1 or P2 license. 

This requirement is known as a Hybrid Azure AD Joined scenario that is specifically for organizations that have an on-premises AD DS connected to Azure AD. This integration is possible through something called Azure AD Connect which effectively creates a connection between the on-prem domain service and Azure AD. This allows Azure Active Directory to utilize the existing identities in the on-premises directory and provides the benefits of the cloud. The other option for meeting the Azure AD requirement is the stand-alone Azure AD Joined scenario. This model is for organizations only utilizing Azure AD without the need for an on-premises AD DS. 

Now, Azure AD provides a bunch of different benefits for not only administrators, but also end users. It improves overall user experience by reducing the need for repetitive identity verification through logging in and creates a unified experience across all Windows devices a user logs into with a feature known as Enterprise State Roaming. This, coupled with additional security options and deployment options like Windows Autopilot, makes Azure AD a powerful tool that organizations can use to keep their devices and their workforce safe and secure. It is important to remember that co-management and Azure AD are two separate services that work together with one another. Co-management is for device management, while Azure AD is for identity management.


About the Author
Learning Paths

Lee has spent most of his professional career learning as much as he could about PC hardware and software while working as a PC technician with Microsoft. Once covid hit, he moved into a customer training role with the goal to get as many people prepared for remote work as possible using Microsoft 365. Being both Microsoft 365 certified and a self-proclaimed Microsoft Teams expert, Lee continues to expand his knowledge by working through the wide range of Microsoft certifications.