With modern device management relying heavily on co-management,
administrators often need insights into how workloads are being distributed
between SCCM and Intune. Whether you're troubleshooting,
auditing, or planning transitions, having visibility into co-management state
is crucial.
In this post, we’ll explore three effective methods to
view co-management workload details:
- Using
SQL Query in SCCM
- Using
PowerShell with Microsoft Graph
- Using
the Intune Admin Console
1️⃣ Method 1: View Co-Management Workloads Using
SQL Query in SCCM
If you're using SQL Server Reporting Services (SSRS) or
the SQL Management Studio, you can run the following query to fetch
device-level co-management details:
sql
CopyEdit
SELECT
s.Netbios_Name0 AS
[Computer Name],
s.Is_Virtual_Machine0,
s.Client0,
s.User_Name0,
c.MDMEnrolled,
c.MDMWorkloads,
c.HybridAADJoined,
c.MDMProvisioned
FROM
v_R_System s
JOIN
v_ClientCoManagementState c ON c.ResourceID = s.ResourceID
FULL JOIN
v_FullCollectionMembership fcm ON s.ResourceID = fcm.ResourceID
WHERE
fcm.CollectionID = 'collectionID'
This query returns details such as:
- Whether
the device is enrolled in MDM
- Hybrid
Azure AD Join status
- Which
co-management workloads are offloaded to Intune
📌 Reference
Workload Values:
For interpreting the MDMWorkloads values, refer to this SystemCenterDudes reference. Each workload corresponds to a
specific bitwise value (e.g., 1 = Compliance Policies, 2 = Resource Access,
etc.).
2️⃣ Method 2: View Co-Management Status via
PowerShell & Microsoft Graph
You can also use PowerShell with Microsoft Graph API to
pull co-management details from Intune directly.
🔧
Prerequisites:
- Azure
AD App registration with Graph permissions
- Certificate-based
authentication
📜
PowerShell Script:
powershell
CopyEdit
# Connect to Microsoft Graph
Connect-MgGraph -ClientId '<Client_ID>' -TenantId
'<Tenant_ID>' -CertificateThumbprint '<Cert_Thumbprint>'
# Get workload status
$workloadStatus = Invoke-MgGraphRequest -Method GET -Uri
'https://graph.microsoft.com/v1.0/deviceManagement/managedDevices'
# Display relevant details
$workloadStatus | Select-Object id, deviceName,
operatingSystem, complianceState
This will return:
- Device
name
- OS
version
- Compliance
state
- Managed
status (Hybrid, MDM, etc.)
This is useful when you want real-time data or wish to automate
reports via scripts.
3️⃣ Method 3: Use Intune Admin Console – Cloud
Attach Detail Report
If you prefer a visual interface, Microsoft Intune
provides built-in reporting for co-management.
📍 Steps:
- Go
to the Intune Admin Center: https://intune.microsoft.com
- Navigate
to:
Reports ➡️ Cloud Attach ➡️ Cloud Attach Detail Preview - Filter
by Co-Managed Workloads
This report gives you a snapshot of which workloads are
managed by Intune or ConfigMgr for each device.
SCCM Remediation Script – Fix WMI, Client, and
Trigger Workloads
When devices are not reporting co-management workload
changes, it's often due to WMI corruption or failed client components. This
PowerShell script can be deployed as a SCCM Remediation Script or run
manually to fix common issues.
📜 Full
PowerShell Script
<#
Script Name: Remediate - StateMsg WMI Status
Description: Fixes WMI issues, repairs SCCM client, and
triggers co-management workload baselines.
#>
# Step 1: Validate StateMsg WMI namespace
$wmiObject = Get-WmiObject -Namespace root\ccm\StateMsg -Query
"SELECT * FROM CCM_StateMsg WHERE TopicType='401'"
if ($wmiObject) {
Write-Host "✅ StateMsg is working"
} else {
try {
Start-Process
-FilePath "C:\windows\ccm\ccmrepair.exe" -Wait
Write-Host
"⚙️ StateMsg not working, ran
ccmrepair.exe"
} catch {
Write-Host
"❌ StateMsg not working,
ccmrepair.exe failed"
}
}
# Step 2: Define function to trigger baseline evaluation
function Invoke-CoMgmtBaselineEvaluation {
param (
[string]$BaselineName
)
Write-Host "🔎 Looking for baseline:
$BaselineName"
$instance =
Get-WmiObject -Namespace root\ccm\dcm -Query "SELECT * FROM
SMS_DesiredConfiguration WHERE DisplayName = '$BaselineName'"
if ($instance) {
Write-Host
"🚀 Triggering evaluation
for: $BaselineName"
Invoke-CimMethod
-Namespace root\ccm\dcm -ClassName SMS_DesiredConfiguration -MethodName
TriggerEvaluation -Arguments @{
"Name" =
$instance.Name
"Version" =
$instance.Version
"PolicyType" = $instance.PolicyType
}
} else {
Write-Warning
"⚠️ Baseline '$BaselineName' not
found. Ensure it's deployed to this client."
}
}
# Step 3: Trigger standard client actions
$triggerSchedules = @{
"Machine Policy
Retrieval & Evaluation Cycle" =
"{00000000-0000-0000-0000-000000000021}"
"Application
Deployment Evaluation Cycle" =
"{00000000-0000-0000-0000-000000000113}"
"Software
Updates Deployment Evaluation"
= "{00000000-0000-0000-0000-000000000114}"
"Software
Update Scan Cycle"
= "{00000000-0000-0000-0000-000000000026}"
"State Message
Refresh Cycle" =
"{00000000-0000-0000-0000-000000000121}"
}
foreach ($cycle in $triggerSchedules.GetEnumerator()) {
Write-Host "⏳ Triggering
$($cycle.Key)..."
Invoke-WmiMethod
-Namespace root\ccm -Class sms_client -Name TriggerSchedule -ArgumentList
$cycle.Value
Start-Sleep -Seconds
10
}
# Step 4: Evaluate co-management workload baselines
$baselineList = @(
"CoMgmtSettingsPilotWUP",
"CoMgmtSettingsPilotO365",
"CoMgmtSettingsPilotCApp",
"CoMgmtSettingsPilotCP",
"CoMgmtSettingsPilotDC",
"CoMgmtSettingsPilotDiskEncryption",
"CoMgmtSettingsPilotEP",
"CoMgmtSettingsPilotRAP"
)
foreach ($baseline in $baselineList) {
Invoke-CoMgmtBaselineEvaluation -BaselineName $baseline
}
💡 How to
Use:
- Deploy
via SCCM Remediation Script for proactive healing
- Use
as a manual fix tool during support scenarios
- Schedule
it via Configuration Baseline or Task Scheduler on problematic
systems
🧠 Final
Thoughts
With hybrid environments becoming the norm, keeping your
co-managed devices healthy and correctly reporting is more important than ever.
Combine visibility (via SQL, Graph, and Console) with proactive
remediation (via PowerShell) to stay ahead of issues.
✅ SQL =
Detailed backend insight
✅ PowerShell =
Scripting/automation flexibility
✅ Intune Console = Simple, visual
reporting
✅ Remediation Script = Fixes it
all!
No comments:
Post a Comment