Close Menu
    Facebook X (Twitter) Instagram
    Friday, May 16
    X (Twitter) LinkedIn
    All about Endpoint Management
    • Home
    All about Endpoint Management
    Home»ConfigMgr (SCCM)»Efficiently Identify Co-Managed Devices: Techniques and Tools

    Efficiently Identify Co-Managed Devices: Techniques and Tools

    Eswar KonetiBy Eswar KonetiJanuary 17, 8:37 pm5 Mins Read ConfigMgr (SCCM) 2,602 Views
    Share
    Facebook Twitter LinkedIn Reddit

    Co-management is a feature that allows organizations to manage their devices using both Microsoft Intune and System Center Configuration Manager (ConfigMgr). This enables organizations to take advantage of the latest security features and cloud capabilities, such as conditional access and device compliance policies, while also being able to manage certain client actions without the need for access to the ConfigMgr console.

    Some of the key benefits of co-management are:

    Seamless transition: Co-management allows organizations to gradually transition from traditional management methods to modern management methods without disrupting their current workflow.

    Increased security: Co-management enables organizations to take advantage of the latest security features, such as conditional access and device compliance policies, to protect their devices and data.

    Improved management capabilities: Co-management gives organizations the ability to manage both Windows and mobile devices from a single console, making it easier to deploy apps, updates, and security policies.

    Better end-user experience: Co-management allows organizations to provide their users with a better experience by giving them access to the latest features and apps.

    Cost-effective: Co-management allows organizations to take advantage of existing ConfigMgr infrastructure, thus reducing the need for additional infrastructure and costs.

    Better insights: With co-management, organizations can gain better insights into the health and security status of their devices, which can help them make more informed decisions about device management.

    To enable co-management, you can go through Microsoft's documentation at https://learn.microsoft.com/en-us/mem/configmgr/comanage/tutorial-co-manage-clients

    In this blog post, we will look at different methods for identifying devices with co-management status, specifically devices that are not co-managed for further troubleshooting.

    1. Using Microsoft Intune portal

    2. Using Endpoint Configuration Manager console (SCCM)

    3. Using SQL report in Configuration Manager

    4.Using PowerShell or Graph API. (not covered in this blog post,may be future post).

    1. Using Microsoft Intune portal

    Login to Endpoint Manager portal click on devices, click on Monitor.

    Under the enrollment section, you will find Cloud attached devices (preview). This is still in preview at the time of writing this blog post.

    image

    In the summary page, you will find the co-management summary along with the workloads assigned to the device.

    image

    In the same section, click on reports

    you will find 2 reports available. Click on Co-Management Eligibility

    image

    Click on the filer section and select the status.

    image

    For devices that are not co-managed, i have selected the following in the filer section.

    click on Generate report.

    image

    It will take few seconds before you can download the data into csv for troubleshooting purpose.

    image

    This method generate the list of devices from the tenant irrespective of the region or country etc.

    If you are scoped to manage the devices with co-management at different regions but not all ,then you will need to sort the devices based on the hostname or so. Lets review other methods.

    2. Using Configuration Manager console

    Using Configuration Manager console, we will create a collection or use built-in co-management status

    Collection for devices that are not co-managed. Make sure the limiting collection is all workstation (create a custom) or update the following WQL query to exclude server endpoints.

    select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System join sms_combineddeviceresources on sms_combineddeviceresources.resourceid = sms_r_system.resourceid where sms_combineddeviceresources.CoManaged=0 and sms_combineddeviceresources.IsClient=1

    image

    This collection method is more controlled and we can apply a fix to the devices using scripts or package deployment etc.

    If you want do a quick search in the console, to find the devices that are not co-managed, we can add filter criteria and search.

    image

    Using admin console, we can check the co-management status using monitoring node, co-management tab.

    For more information about this chart, refer https://learn.microsoft.com/en-us/mem/configmgr/comanage/how-to-monitor

    image

    By clicking on the count on the enrollment error, we can see the list of devices that are failed to do co-management.

    3. Using SQL report in Configuration Manager:

    This is the last method in this blog post with SQL report.

    Since there is huge data available in the SQL database about the client inventory and it helps us to create multiple reports based on the requirement.

    For this post, the criteria is to get list of all workstations that are not co-managed.

    image

    As you can see above, from the specific collection, we got about 90 co-managed devices and 21 not co-managed devices. The 21 not co-managed devices are listed in the report for troubleshoot purpose.

    This report has client information data along with last logon, HW scan, device last online and is the device ONLINE right now.

    You can download the report from Github repository, upload to your reports and change the data source.

    you can edit the report for more customizations at your risk.

    The following are some of the troubleshooting guides that can you help to fix the issues.

    Troubleshoot auto-enrolling existing Configuration Manager devices in Intune - Intune | Microsoft Learn

    Troubleshoot Configuration Management bootstrap with modern provisioning - Intune | Microsoft Learn

    Troubleshooting Intune and Configuration Manager co-management workloads - Intune | Microsoft Learn

    SCCM Right click tools for co-managed workloads

    Thank you for reading the post.

    Cloud cloud attached co-management Collection configmgr intune SCCM SQL tenant attach troubleshooting workloads WQL
    Share. Twitter LinkedIn Email Facebook Reddit

    Related Posts

    Optimize Your Intune Workflow with a Powerful Browser Extension

    March 22, 10:39 am

    Troubleshooting Windows Hello for Business PIN Reset Issues – Something went wrong

    March 06, 9:48 pm

    Migrate Microsoft 365 Updates from SCCM/MECM to Intune for Co-Managed Devices

    February 11, 9:50 pm

    Leave a ReplyCancel reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Sign Up

    Get email notifications for new posts.

    Author

    I’m Eswar Koneti ,a tech enthusiast, security advocate, and your guide to Microsoft Intune and Modern Device Management. My goal? To turn complex tech into actionable insights for a streamlined management experience. Let’s navigate this journey together!

    Support

    Awards

    Archives

    © Copyright 2009-2024 Eswar Koneti, All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.