NHSmail Intune, provides a number of options for organisations who wish to manage their Windows 10/11 devices via the service. This article provides an overview of the Windows 10/11 offerings available with the aim of informing organisations on which offering is suitable for their organisation, as well as providing guidance on next steps in the form of technical pre-requisites and future provisioning activities.
Three options are available to onboard Windows 10/11 devices depending on the organisation’s requirement for access to on-premise resources. These options are detailed below.
To manage devices via any of the Windows 10/11 tracks, your organisation must be onboarded to the NHSmail Intune Service.
Organisations who have not already onboarded to the NHSmail Intune Service are required to register using the Intune Registration Form.
The below provides a high-level overview of the functionality of each track.
| CLOUD TRACK | CLOUD + Same Sign On TRACK | HYBRID TRACK | |
| On-premises resource access (AD User Authentication) | ü | ü | ü |
| On-premises resource access (AD Device Authentication) | X | X | ü |
| Cloud-Deploy/Rebuild with NHSmail Intune Autopilot | ü | ü | X |
| ‘On-premises’- Deploy/rebuild with MECM (SCCM) | ü1 | ü1 | ü |
| MECM ‘Co-manage’ device configuration with Intune | ü | ü | ü |
| Device Compliance and Conditional Access | ü2 | ü2 | ü2 |
| Intune App Deployment | ü | ü | ü3 |
1 Requires additional Microsoft Endpoint Configuration Manager (MECM) configuration task sequences
2 Requires ‘Co-management workloads’ aligned to MECM OR Intune
3 Requires Hybrid Device ‘co-management’
‘Co-management’ is the configuration of an organisation’s Microsoft Endpoint Configuration Manager (MECM) or System Center Configuration Manager (SCCM) site to connect with the Enterprise Management and Security Intune service to share configuration workloads between Cloud and on-premises sources.
| Last Reviewed Date | 10/01/2023 |
