My customer is getting very close to saying enough with Co-Management. They keep running into cases where the SCCM agent breaks. We traced some of it down to Azure AD Hybrid Join. But they are seeing more and more problems where the execmgr.log is showing:
Failed to GetDeviceManagementConfigInfo, honor MEM authority. Error (0x00000000).
When this happens they can't deliver packages with the SCCM agent. The fix has been to run DSREGCMD /Leave, but you have to do that from an elevated command prompt.
Looking through all the documentation, I don't see any way to back out of Co-Management. They are using the Pilot collections because there are some machines that they can't do Co-management with (no Internet connection). So would removing computers from the Pilot collection remove Co-management? Or do we have to do something else.
I'm hoping someone has an answer, otherwise we'll probably start trying to just remove some computers from the collection and see what happens.
Overall, so far I've not been impressed with co-management. The tools and documentation for it simply aren't ready for production IMHO.