How do we remove Co-Management

Robert Panick 156 Reputation points
2021-01-27T16:30:33.003+00:00

My customer is getting very close to saying enough with Co-Management. They keep running into cases where the SCCM agent breaks. We traced some of it down to Azure AD Hybrid Join. But they are seeing more and more problems where the execmgr.log is showing:

Failed to GetDeviceManagementConfigInfo, honor MEM authority. Error (0x00000000).

When this happens they can't deliver packages with the SCCM agent. The fix has been to run DSREGCMD /Leave, but you have to do that from an elevated command prompt.

Looking through all the documentation, I don't see any way to back out of Co-Management. They are using the Pilot collections because there are some machines that they can't do Co-management with (no Internet connection). So would removing computers from the Pilot collection remove Co-management? Or do we have to do something else.

I'm hoping someone has an answer, otherwise we'll probably start trying to just remove some computers from the collection and see what happens.

Overall, so far I've not been impressed with co-management. The tools and documentation for it simply aren't ready for production IMHO.

Microsoft Configuration Manager
Accepted answer
  1. Jason Sandys 31,151 Reputation points Microsoft Employee
    2021-01-27T17:28:41.747+00:00

    Failed to GetDeviceManagementConfigInfo, honor MEM authority. Error (0x00000000).

    This is a benign statement in the log and not the source of or reflection of any issues or errors.

    Without some actual hands on investigation and troubleshooting, not much additional can be said though.

    Hybrid Azure AD Domain join is a potentially fragile beast particularly in the current work from home environment as line of sight to a domain controller is still required.

    As for removing co-management from a device, there are two steps: remove from any collection assigned for co-management enablement and unenroll device from Intune. I'd encourage you or them to open a support case to help diagnose and identify issues you may be experiencing though as we have plenty of customers and devices successfully using co-management without issues.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. PhP59300 76 Reputation points
    2021-04-01T13:55:45.277+00:00

    Hi Robert, did you ever manage to ditch SCCM and move fully to InTune?

    I've two customers wanting to do the exact same thing. One customer didn't setup co-management cloud services within SCCM and they've been able to enrol all their devices into Intune by simply uninstalling the CM agent. The other customer had co-management in place for a while and then removed it. They now have a problem whereby all their Win10 devices report as MDM = Co-Managed within the Intune portal. Even if we uninstall the CM agent, retired the device from Intune and delete the device from AAD, they report back as MDM = Co=Managed as soon as they re-enrol into Intune.

  2. Stars75238 1 Reputation point
    2022-12-12T15:16:14.087+00:00

    PhP59300,

    I checked one of the machines and was able to remove the \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DeviceManageabilityCSP key, the other key was not present. I'll let you know after a bit if that worked on the one machine or if I have to move to the more drastic steps..

    Thank you for the info to try

    0 comments