Configuring Co-Management on Devices Currently Managed by Configure


Hi All,

Hi professionals, can you help me with what is wrong ?….. I need to set co-management on my devices, and I have only managed by ConfigMgr 🙁

Posted by  Michal Malý  in HTMD FB Group


Answers ( 5 )


    I was in the same boat—solely ConfigMgr vibes. First, ensure your devices meet prerequisites, and check that your ConfigMgr version supports co-management. Also, dive into docs for step-by-step. It’ll click!

  1. Replied by Michall Courville

    In Entra, the device object for the machine will have the Join Type as “hybrid joined” — not “registered.” Or, from the device, administrative command prompt, type DSREGCMD /STATUS – it should have a Yes for both “AzureADJoined” and “DomainJoined.”
    If the machine is hybrid joined, then you need to check event viewer logs for errors during the Intune enrollment.

    Replied by Michal Maly

    MichÆl Courville
    | Device State |
    AzureAdJoined: NO
    EnterpriseJoined: YES
    DomainJoined: YES
    DomainName: test
    Device Name:
    | Device Details |
    DeviceId: 2ew293-76wc-4w91-af32-8b6d0562d9c1
    Thumbprint: wwE7C3583DEF37B4F
    DeviceCertificateValidity : [ 2018-05-14 14:38:13.000 UTC — 2028-05-11 14:48:13.000 UTC ]
    KeyContainerId: 72550-1206-48w11b-875c-b739c6973f6f
    KeyProvider: Microsoft Platform Crypto Provider
    TpmProtected: YES
    DeviceAuthStatus: FAILED. Error: 0xd00000d0
    | User State |
    NgcSet: NO
    WorkplaceJoined: YES
    WorkAccountCount: 1
    WamDefaultSet: YES
    WamDefaultAuthority: organizations
    WamDefaultGUID : {B1755DA8520} (AzureAd)
    | SSO State |
    AzureAdPrt: NO
    AzureAdPrtAuthority :
    EnterprisePrt: NO
    EnterprisePrtAuthority :
    | Work Account 1 |
    WorkplaceDeviceId: 132-8af8222d08b4
    WorkplaceTenantName: Secret. cz
    WorkplaceMdmUrl :
    WorkplaceSettingsUrl :
    NgcSet: NO
    | Diagnostic Data |
    AadRecoveryEnabled: NO
    Executing Account Name : testtest.tester, testertest,cz
    KeySignTest: PASSED
    DisplayNameUpdated: NO
    OsVersionUpdated: NO
    HostNameUpdated: NO
    Last HostName Update: NONE
    | IE Proxy Config for Current User |
    Auto Detect Settings: NO
    Auto-Configuration URL :
    Proxy Server List :
    Proxy Bypass List :
    | WinHttp Default Proxy Config |
    Access Type: DIRECT
    | Ngc Prerequisite Check |
    IsDeviceJoined: YES
    IsUserAzureAD: NO
    PolicyEnabled: NO
    PostLogonEnabled: YES
    DeviceEligible: YES
    SessionIsNotRemote : NO
    CertEnrollment: none
    PreReqResult: WillNotProvision

    Replied by MichÆl Courville

    Also, make sure your devices are Entra Hybrid joined

  2. Replied by Michal Malý

    MichÆl Courville no

    Replied by MichÆl Courville

    Michal Malý Are the users assigned an Intune license? Are the devices Entra hybrid joined?

    Replied by Michal Malý

    Licence yes, hybrid joined- how to check it?

  3. Replied by Michall Courville

    Typically on these settings, you choose “Pilot Intune” on the Workloads tab and choose the Intune collection on the Staging tab.

    Replied by Michal Malý

    MichÆl Courville set, but no changed on intunes

    Replied by MichÆl Courville

    In your ConfigMgr console, add the column header for “co-managed” and see if it says “yes” or “no.”

Leave an answer

Sorry, you do not have permission to answer to this question .