Co-Management shows compliant config task, but not shown in Intune

Robert Panick 156 Reputation points

The saga with trying to get Co-management continues. We just discovered that 70% of our computers didn't join Azure AD like they were supposed to with the GPO. We think we know how to fix that. Our problem is that on the test machine we are working on after we enable AAD, the device does not enroll in Intune. But if you look at the Configurations for in our case Pilot, it shows as compliant. Looking at the report shows no errors. Unfortunately the CoManagementHandler.log doesn't shine any light on it either since it reports that "Machine is already enrolled with MDM".

I don't know who decided to make these configuration policies hidden in SCCM, but its been an absolute PITA. If I knew what the configuration policy was doing I could go look at what it was doing for detection and maybe do something. As near as I can tell there is no way to unenroll in co-management either.

So far Co-Management has been a lot more trouble than its worth.

From the CoManagentHandler.log

Microsoft Configuration Manager
{count} votes

Accepted answer
  1. Robert Panick 156 Reputation points

    Looks like after some more research that the customer setup a large majority of their computers without using Secure Boot, TPM, Bitlocker, etc. As a result Co-Management is tripping up on the AzureAdPrt value which is set to NO.

    0 comments No comments

0 additional answers

Sort by: Most helpful