Manage Patching with SCCM/Intune Hybrid model
Integrating SCCM with Intune, we lose the capability to manage patches on devices which is a huge downside for corporate owned devices (tablets, laptops & desktops). In the hybrid model, the only control we have is patch installation day/time, but not what patches can be deployed. Both SCCM & Intune as standalone products, give this capability to select what patches can be installed on a device, but when we integrate them together, this feature is gone. This also makes the devices more vulnarable to issues that can arise due to a patch that was never supposed to be deployed. Can we please get this feature in a hybrid model? This will be a huge win for MDM. Else, I don't see a very good reason to chose a hybrid model even though it's possible.
Thank you for your suggestion for Hybrid Mobile Device Management (MDM) with Intune and Configuration Manager.
As of August 14, 2018, we have announced that on September 1, 2019, we will retire the hybrid MDM service offering, so we are declining any suggestions specifically for hybrid scenarios.
We still support co-management, which enables you to concurrently manage Windows 10 devices by using both ConfigMgr and Intune.
We encourage you to start planning your migration for MDM from the ConfigMgr console to Azure and to shift your UserVoice votes to MDM features for Intune. For more information, see https://aka.ms/hybrid_notification
Thank you for your feedback, and thank you for using Intune and Configuration Manager!