Forum Discussion

TheodorBrander's avatar
TheodorBrander
Copper Contributor
Nov 01, 2021

Settings catalog not applicable for co-managed devices?

Hello,

 

I have some co-managed (Hybrid) windows 10 devices (version 21H2) which have their workloads set to "Intune" in SCCM. These devices have several device configuration policies set to them, which works fine. But the "Settings catalog" items are "Not applicable". When I create the same policy using the "Device Configuration" and "Administrative Template" it works though.

 

For my Intune managed device (AAD only) this works without any problem. 

 

To my understanding, using catalog settings with co-managed devices should work just fine, or am I missing something? 

 

Also, I have configured the CSP MDMWinsOverGP setting.

 

Please advise,

BR Theodor

  • Hi,

    I read the question before... but it sounds kinda weird as the Settings catalog is controlled by the device configuration workload. So if you moved that slider, you normally are good to go.

    Could you show us the contents of the settings catalog itself? Could you try to create a simple new one and taking a look at the devicemanagement-enterprise-diagnotics-provider event log when syncing the device?

    https://call4cloud.nl/2021/10/what-if-chrome-policies-are-failing/

    I would love to take a look at this event log and the intune management log file itself from the programdata to know what is breaking..
    • TheodorBrander's avatar
      TheodorBrander
      Copper Contributor

      Hi Rudy_Ooms_MVP,

       

      Thank you for your reply. The organization are following CIS best practices (specifically CIS_Microsoft_Intune_for_Windows_10_Release_2004_Benchmark_v1.0.1) and the configuration profiles are based on these controls. One example in this framework is control 18.1.1, which prevents enabling camera under lock screen (see attached image). As you can see, the category is even under Administrative template. And what bothers me is that when I configure the same settings using Administrative templates, for the same device, it does work ☹

      Anyway, uploading event viewer logs to a public forum might be difficult for the organization to agree with, but I have asked RM and waiting for reply. But, I did investigate it and didn’t find anything interesting. From what I could tell, there are no related errors. Is there something specific you are looking for?

       

      FYI, we do have a Microsoft support case running in parallel.  

      BR

      Theodor

      • Rudy_Ooms_MVP's avatar
        Rudy_Ooms_MVP
        MVP
        Hi,

        i know the feeling about sending the event logs to a public forum (doesn't feel quite right) of course you could send them by email. Because troubleshooting it will start by examining those logs... i guess Microsoft will also ask for them if they haven't a 100% fitting answer 🙂

Resources