cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Settings catalog not applicable for co-managed devices?

TheodorBrander
Copper Contributor

‎Nov 01 2021 02:22 AM

‎Nov 01 2021 02:22 AM

Settings catalog not applicable for co-managed devices?

Hello,

 

I have some co-managed (Hybrid) windows 10 devices (version 21H2) which have their workloads set to "Intune" in SCCM. These devices have several device configuration policies set to them, which works fine. But the "Settings catalog" items are "Not applicable". When I create the same policy using the "Device Configuration" and "Administrative Template" it works though.

 

For my Intune managed device (AAD only) this works without any problem. 

 

To my understanding, using catalog settings with co-managed devices should work just fine, or am I missing something? 

 

Also, I have configured the CSP MDMWinsOverGP setting.

 

Please advise,

BR Theodor

Preview file
88 KB
Preview file
6 KB
Preview file
78 KB
8,191 Views
0 Likes
22 Replies
Reply
22 Replies
Jan Bakker

‎Nov 03 2021 01:38 AM

‎Nov 03 2021 01:38 AM

Re: Settings catalog not applicable for co-managed devices?

Looping in @Rudy_Ooms_MVP . Any thoughts? 

1 Like
Reply
Rudy_Ooms_MVP

‎Nov 03 2021 01:48 AM

‎Nov 03 2021 01:48 AM

Re: Settings catalog not applicable for co-managed devices?

Hi,

I read the question before... but it sounds kinda weird as the Settings catalog is controlled by the device configuration workload. So if you moved that slider, you normally are good to go.

Could you show us the contents of the settings catalog itself? Could you try to create a simple new one and taking a look at the devicemanagement-enterprise-diagnotics-provider event log when syncing the device?

https://call4cloud.nl/2021/10/what-if-chrome-policies-are-failing/

I would love to take a look at this event log and the intune management log file itself from the programdata to know what is breaking..
0 Likes
Reply
TheodorBrander

‎Nov 03 2021 02:10 AM

‎Nov 03 2021 02:10 AM

Re: Settings catalog not applicable for co-managed devices?

Hi @Rudy_Ooms_MVP,

 

Thank you for your reply. The organization are following CIS best practices (specifically CIS_Microsoft_Intune_for_Windows_10_Release_2004_Benchmark_v1.0.1) and the configuration profiles are based on these controls. One example in this framework is control 18.1.1, which prevents enabling camera under lock screen (see attached image). As you can see, the category is even under Administrative template. And what bothers me is that when I configure the same settings using Administrative templates, for the same device, it does work ☹

Anyway, uploading event viewer logs to a public forum might be difficult for the organization to agree with, but I have asked RM and waiting for reply. But, I did investigate it and didn’t find anything interesting. From what I could tell, there are no related errors. Is there something specific you are looking for?

 

FYI, we do have a Microsoft support case running in parallel.  

BR

Theodor

Preview file
23 KB
0 Likes
Reply
Rudy_Ooms_MVP

‎Nov 03 2021 03:27 AM

‎Nov 03 2021 03:27 AM

Re: Settings catalog not applicable for co-managed devices?

Hi,

i know the feeling about sending the event logs to a public forum (doesn't feel quite right) of course you could send them by email. Because troubleshooting it will start by examining those logs... i guess Microsoft will also ask for them if they haven't a 100% fitting answer :)
0 Likes
Reply
TheodorBrander

‎Nov 03 2021 03:28 AM - edited ‎Nov 03 2021 03:29 AM

‎Nov 03 2021 03:28 AM - edited ‎Nov 03 2021 03:29 AM

Re: Settings catalog not applicable for co-managed devices?

@Rudy_Ooms_MVP 

 

Got it approved :) Please find attached event logs :) 

devicemanagement-operational.zip
0 Likes
Reply
Rudy_Ooms_MVP

‎Nov 03 2021 03:30 AM

‎Nov 03 2021 03:30 AM

Re: Settings catalog not applicable for co-managed devices?

Hi,

nice, where could i find them? You could send them to info@call4cloud.nl
0 Likes
Reply
TheodorBrander

‎Nov 03 2021 03:34 AM

‎Nov 03 2021 03:34 AM

Re: Settings catalog not applicable for co-managed devices?

Should be in the post as a zip file? If you can't see I'll send an email :)
0 Likes
Reply
Rudy_Ooms_MVP

‎Nov 03 2021 03:37 AM

‎Nov 03 2021 03:37 AM

Re: Settings catalog not applicable for co-managed devices?

Hi, Took some time I guess.. but I can see them know attached to the reply
0 Likes
Reply
Rudy_Ooms_MVP

‎Nov 03 2021 03:57 AM - edited ‎Nov 03 2021 04:00 AM

‎Nov 03 2021 03:57 AM - edited ‎Nov 03 2021 04:00 AM

Re: Settings catalog not applicable for co-managed devices?

Is it possible for you to also send the intune mgt from the program data folder to info@call4cloud.nl?

And if its possible create a new settings catalog policy and e make sure you sync the device first :) so I am sure if there are warning in it its in there :)


And could you show me how you assigned it?

0 Likes
Reply
TheodorBrander

‎Nov 03 2021 04:24 AM

‎Nov 03 2021 04:24 AM

Re: Settings catalog not applicable for co-managed devices?

 

Hi @Rudy_Ooms_MVP ,

 

"Is it possible for you to also send the Intune mgt from the program data folder to info@call4cloud.nl?" - Yes, I have sent it to you.

 

And if its possible create a new settings catalog policy and e make sure you sync the device first :) so I am sure if there are warning in it its in there :) - I created a new policy and synced as per request.

 

And could you show me how you assigned it? - The assignment is based on a security group, with membership type “Assigned”. Members are only devices, both Intune managed (AAD only, which works) and our co-managed devices (hybrid, which are "not applicable").

 

BR

Theodor

0 Likes
Reply
Rudy_Ooms_MVP

‎Nov 03 2021 04:42 AM

‎Nov 03 2021 04:42 AM

Re: Settings catalog not applicable for co-managed devices?

Hi,

Just wondering but could you test a new policy by assigning it to a user instead of a device?
0 Likes
Reply
TheodorBrander

‎Nov 03 2021 04:54 AM

‎Nov 03 2021 04:54 AM

Re: Settings catalog not applicable for co-managed devices?

@Rudy_Ooms_MVP ,

Sadly I have the same issue. Works for intune managed, not for co-managed (same user). 

Preview file
9 KB
Preview file
7 KB
0 Likes
Reply
Rudy_Ooms_MVP

‎Nov 03 2021 07:01 AM

‎Nov 03 2021 07:01 AM

Re: Settings catalog not applicable for co-managed devices?

It's weird as I am seeying no error popping up except this one Failed to open registry key 'Software\Microsoft\IntuneManagementExtension\Policies\00000000-0000-0000-0000-

So it looks like at the intune side it determines the device and user is not applicable to receive those policies... But that is weird as you where mentioning you changed the slider of the device configuration profiles to intune

Anything in the "%WinDir%\CCM\logs\CoManagementHandler.log"?
0 Likes
Reply
TheodorBrander

‎Nov 03 2021 07:11 AM

‎Nov 03 2021 07:11 AM

Re: Settings catalog not applicable for co-managed devices?

@Rudy_Ooms_MVP,

 

Well, I am 100% certain that the workloads are set to Intune, since I can see that other Device configurations are applied successfully for the same VM. Nothin interesting in the CoManagementHandler.log file

0 Likes
Reply
Rudy_Ooms_MVP

‎Nov 03 2021 07:17 AM - edited ‎Nov 03 2021 07:19 AM

‎Nov 03 2021 07:17 AM - edited ‎Nov 03 2021 07:19 AM

Re: Settings catalog not applicable for co-managed devices?

If you have twitter, you could send out a tweet "asking" and tagging the intunesupportteam and mikedanaski (knows it all about the settings catalog). As again switching that flip to intune should have done it... so it looks like something didn't succeeded when doing that

Does the log mention something like : CoManagementSettings_Capabilities ?

 

And how does the report looks like when you run it from the info settings in the account

Rudy_Ooms_0-1635949126007.png

 

0 Likes
Reply
TheodorBrander

‎Nov 03 2021 07:31 AM

‎Nov 03 2021 07:31 AM

Re: Settings catalog not applicable for co-managed devices?

Hi again,
I have done my best to stay away from twitter for so long ;) If I get very desperate I will create a new twitter account, but for now I'll wait reply on my Intune support ticket. I'll update this post with our findings.

Many thanks for the help so far,
I'll keep you posted.
BR
Theodor
0 Likes
Reply
Rudy_Ooms_MVP

‎Nov 03 2021 08:03 AM

‎Nov 03 2021 08:03 AM

Re: Settings catalog not applicable for co-managed devices?

Please let me know if you hear something.. I am curious about what is broken... :)
In the meantime I keep searching what could have happen..
0 Likes
Reply
TheodorBrander

‎Nov 23 2021 01:42 AM

‎Nov 23 2021 01:42 AM

Re: Settings catalog not applicable for co-managed devices?

Just letting you know that the case is still on-going and MS support have informed me that "my patience is appreciated" the last 3 weeks :)
0 Likes
Reply
Rudy_Ooms_MVP

‎Nov 23 2021 01:46 AM

‎Nov 23 2021 01:46 AM

Re: Settings catalog not applicable for co-managed devices?

Always nice to hear ... :( ..... hopefully we can get a good answer soon
0 Likes
Reply