SCCM/Intune Hybrid - Allow transfer of Intune SC_Online_Issuing Certificate
With a SCCM/Intune Hybrid environment you cannot move SCCM Primary Site to a new server using the standard maintenance backup \ restore process.
The Intune certificate (SCOnlineIssuing) is tied to the individual host.
In a DR situation or if the SCCM server breaks and SCCM is migrated to a new server, you have to remove the Intune Subscription and reinstall it to get the new Certificate. This will un-enrol all the mobile devices, and they will need to be re-enrolled. Microsoft needs to be able to cater for this as currently I believe this is a fundamental floor in the SCCM / Hybrid configuration.
As described to me by Microsoft:
the Intune Subscription Connector is setup on the SCCM Site Server as the primary communication portal between Intune and SCCM. At the time of setup, Intune establishes a trust relationship between our service and that specific server. In the event this server does encounter any issues, a full restore on that server would allow SCCM to continue communicating with the Intune Service.
If you are attempting to establish the connection on a separate server, you will not be able to use the existing Intune Subscription Connector. This is because the new server is running not only a different OS but because the trust was not established between the Intune service and this new server. If you would like to use the new server, you will have to re-setup the Intune Subscription Connector. This will establish the trust with the new server. This will also mean that you will have to re-enrol all devices connected to the old connector as well.
Thank you for your suggestion for Hybrid Mobile Device Management (MDM) with Intune and Configuration Manager.
As of August 14, 2018, we have announced that on September 1, 2019, we will retire the hybrid MDM service offering, so we are declining any suggestions specifically for hybrid scenarios.
We still support co-management, which enables you to concurrently manage Windows 10 devices by using both ConfigMgr and Intune.
We encourage you to start planning your migration for MDM from the ConfigMgr console to Azure and to shift your UserVoice votes to MDM features for Intune. For more information, see https://aka.ms/hybrid_notification
Thank you for your feedback, and thank you for using Intune and Configuration Manager!