| 5 min read |

Migrating from SCCM to Intune

For years, Microsoft System Center Configuration Manager (SCCM) was the backbone of endpoint management. It still works, but it was built for a different era: domain-joined devices, corporate networks, and tightly controlled perimeters.

That’s not how people work anymore.

Microsoft Intune represents a shift to cloud-native management. It’s identity-driven, internet-based, and designed for mobility, security, and scale. Moving from SCCM to Intune isn’t just a tooling change. It’s a transformation in how you manage devices, applications, and security.

This guide covers how to migrate from SCCM to Intune, including architecture decisions, co-management, application migration, and common pitfalls to avoid.

Start with strategy

A successful SCCM to Intune migration strategy begins with clarity:

  • Are you moving to full cloud-native or co-management long term?

  • What workloads will move first (compliance, apps, updates)?

  • What dependencies still exist on-prem (GPOs, file shares, legacy apps)?

Too many teams jump straight into “how to connect SCCM to Intune” without defining the end state. That leads to hybrid sprawl that never gets simplified.

Best practice: Define your target operating model first, then design the migration path backward from there.

Step 1: Connect SCCM to Intune (co-management)

The safest and most common starting point is co-management.

This is where you:

  • Connect Microsoft Endpoint Configuration Manager to Intune

  • Allow devices to be managed by both platforms

  • Gradually shift workloads from SCCM to Intune

How to set up Intune with SCCM

At a high level:

  • 1

    Add Intune subscription to SCCM

  • 2

    Configure Azure AD integration

  • 3

    Enable co-management

  • 4

    Enroll devices into Intune (automatic MDM enrollment)

  • 5

    Assign pilot collections

This answers several common questions:

  • How to connect SCCM to Intune? → via co-management setup in MECM
  • How to integrate Windows Intune with SCCM 2012? → upgrade is typically required; legacy versions aren’t ideal
  • How to allow Intune and SCCM to both manage devices? → co-management workloads

Reality check: If you’re still on older builds (like SCCM 2012), plan an upgrade or acceleration path. Don’t anchor your future architecture to legacy constraints.

Step 2: Move workloads intentionally

Co-management gives you flexibility, but that doesn’t mean moving everything at once.

Recommended workload order:

  • 1

    Compliance policies

  • 2

    Conditional access integration

  • 3

    Endpoint protection (Defender)

  • 4

    Windows Update policies

  • 5

    Applications

  • 6

    Device configuration (GPO replacement)

Each workload you shift reduces your dependency on SCCM.

Sync and reporting considerations

During transition:

  • You can sync compliance status from SCCM to Intune

  • Use reporting across both platforms (though fragmented)

Common question:

  • How to report on Intune users in SCCM? → limited visibility; better to transition reporting to Intune-native tools over time

Step 3: Migrate applications from SCCM to Intune

This is where most SCCM to Intune migration issues show up.

SCCM apps are often:

  • Built for LAN delivery

  • Dependent on task sequences

  • Designed without user context

Intune apps are:

  • Cloud-delivered

  • Identity-aware

  • User or device assigned

How to migrate SCCM apps to Intune

There is no “lift and shift.” You need to repackage and modernize.

Typical approach:

  • Inventory SCCM applications
  • Rationalize (remove unused or redundant apps)
  • Convert installers:
    • MSI → Win32 app (IntuneWin)
    • Scripts → PowerShell deployment
  • Define detection rules
  • Rebuild dependencies and supersedence

This addresses:

  • Convert SCCM package to Intune
  • Convert SCCM application to Intune
  • Migrate apps from SCCM to Intune

Best practice: Don’t migrate everything. Use this moment to clean house.

Step 4: Modernize provisioning (Autopilot vs PXE)

A key shift in moving from SCCM to Intune is how devices are provisioned.

Old model (SCCM)

  • PXE boot

  • Imaging

  • Task sequences

New model (Intune)

  • Windows Autopilot

  • Zero-touch deployment

  • Identity-based configuration

Common questions

  • How to configure PXE boot between Intune and SCCM?
    → You don’t “switch” PXE to Intune. Intune replaces imaging with Autopilot.
  • How to configure to boot to Intune instead of SCCM?
    → Not applicable. Intune is not a boot system—it’s a management plane post-enrollment.
  • Switch PXE boot from Intune to SCCM?
    → This reflects a misunderstanding. PXE remains SCCM-based; Intune eliminates the need.

Bottom line: If you’re still thinking in PXE terms, you’re not designing for cloud-native yet.

Step 5: Transition identity and security

Modern management is identity-driven.

This includes:

  • Azure AD join (or Entra ID join)

  • Conditional Access

  • Compliance policies enforced at login

You’ll also want to:

  • Migrate BitLocker management from SCCM to Intune

  • Replace GPOs with Intune configuration profiles

  • Align with Zero Trust principles

Common questions

  • How to configure PXE boot between Intune and SCCM?
    → You don’t “switch” PXE to Intune. Intune replaces imaging with Autopilot.
  • How to configure to boot to Intune instead of SCCM?
    → Not applicable. Intune is not a boot system—it’s a management plane post-enrollment.
  • Switch PXE boot from Intune to SCCM?
    → This reflects a misunderstanding. PXE remains SCCM-based; Intune eliminates the need.

Bottom line: If you’re still thinking in PXE terms, you’re not designing for cloud-native yet.

Step 6: Decommission SCCM (when ready)

You don’t need to rush this, but you should plan for it.

You’re ready to retire SCCM when:

  • All workloads are moved to Intune

  • No task sequences are required

  • No on-prem dependencies remain

  • Reporting and compliance are Intune-native

This is the final step in a SCCM migration to Intune journey.

Common SCCM to Intune migration issues

Here’s where most projects struggle:

  • 1

    Trying to replicate SCCM in Intune

    Different architecture. Different mindset.

  • 2

    Overlooking application complexity

    Apps take longer than expected, plan for it.

  • 3

    Poor device segmentation

    Pilot groups are critical. Avoid “big bang.”

  • 4

    Legacy dependencies

    File shares, VPNs, and domain join slow you down.

  • 5

    Reporting gaps during transition

    Expect temporary fragmentation.

This is the final step in a SCCM migration to Intune journey.

Best practices summary

A strong SCCM to Intune migration plan follows these principles:

  • Start with the end-state vision

  • Use co-management as a bridge, not a destination

  • Move workloads in a deliberate sequence

  • Modernize apps, don’t just migrate them

  • Replace imaging with Autopilot

  • Align everything to identity and cloud-first security

  • Plan early for SCCM decommissioning

Conclusion

The real question isn’t “how to migrate SCCM to Intune step by step.”

It’s whether you’re ready to leave behind:

  • Network-based trust

  • Device-centric management

  • Legacy operational overhead

Organizations that get this right don’t just “connect SCCM to Intune.”
They simplify, modernize, and reduce risk, all while giving users a better experience.

That’s the outcome worth aiming for.

Discover How much value are your business is getting from your M365 licenses compared to your peers.

Discover:

  • Overlapping security tools can you retire

  • Business processes can you automate

  • IT functions can you modernize

Apply for the Capability & Capacity Assessment 

Andrew Reade

Andrew Reade

Andrew is our Digital Marketing Manager and oversees web-based marketing strategies and content creation for the organization. As a marketing veteran, Andrew has worked with organizations of all sizes in a diverse group of industries, from Risk Management to Transportation. Joining the organization in 2021, Andrew is based in Mobile Mentor’s Nashville, TN office.