Co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Microsoft Intune. For more information about Co-management, benefits, pre-requisites, licensing, read https://docs.microsoft.com/en-us/mem/configmgr/comanage/overview
When you have windows 10 devices that are Azure AD joined, enrolled to Intune, and also co-managed, these devices would appear in Configuration Manager.
In this blog post, i will show you how to create a collection for Azure AD joined co-managed devices.
When a device is AAD joined and co-managed ( not on-prem domain joined but only the cloud), we will have the tenantID, device ID, domain or group, and other information.
we will use 2 important fields to identify if the device is AAD joined. 1) AADTenantID 2)Resource_Domain_OR_Workgr0
The device should have AADTenantID and should not be in your in domain which means it will be in a workgroup.
we don’t go with workgroup as this is something that can be customizable by the user and can change as per their needs like MyPC etc.
So we will go with the domain. Anything that is AAD and not in the corporate domain (intranet.eskonr) then they fall into the collection.
Create a collection with the following WQL Query using sub selected:
select * from SMS_R_System where SMS_R_System.AADTenantID = "4252590E-6F9B-4AA1-AA9F-D7717C111B07" and
SMS_R_System.ResourceId not in (select ResourceID from SMS_R_System where SMS_R_System.ResourceDomainORWorkgroup = "INTRANET")
INTRANET is my domain name, if you have multiple domains, you can add so.
Once you paste the query into the query designer, you can click on the play button (green color) to see the list of devices that match with this query.
I have got 1 device that is AAD joined but co-managed.
Hope this helps!