How to identify if the device is an Autopilot or Comanaged from Client's Device?

Shivani Baraskar 20 Reputation points
2023-12-14T10:41:36.1966667+00:00

How can we identify if the machine is an Autopilot Machine or a Hybrid machine from client's machine end/

Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
471 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,377 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,226 questions
Microsoft Configuration Manager
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,204 questions
0 comments No comments
{count} votes

Accepted answer
  1. Akshay-MSFT 17,876 Reputation points Microsoft Employee
    2023-12-14T12:55:10.6333333+00:00

    @Shivani Baraskar

    Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are trying to validate if devices is Co-managed or Enrolled as Autopilot from device properties.

    Please do correct me if this is not the case by responding in the comments section:

    • A device could be both co-managed and Autopilot enrolled at the same time.
    • Also, a device could be both Hybrid enrolled via co-management or Hybrid auto enrolled via GPO.

    In each of the case consider validating if device is holding CCM client. If CCM client is installed, then validate if %WinDir%\CCM\logs have CoManagementHandler.log, presence of CCM folder would confirm client ever had CCM agent on it or not. Post this validate the handler logs an if they look like something below then consider device as Co-managed:

    This file logs the processing of the configuration and the MDM information related to the device.

    Sample log snippet:

    Processing GET for assignment (ScopeId_<scope ID>/ConfigurationPolicy_<policy ID>)
    Getting/Merging value for setting 'CoManagementSettings_AutoEnroll'
    Merged value for setting 'CoManagementSettings_AutoEnroll' is 'true'

    Getting/Merging value for setting 'CoManagementSettings_Capabilities'
    Merged value for setting 'CoManagementSettings_Capabilities' is '7'
    Getting/Merging value for setting 'CoManagementSettings_Allow'
    Merged value for setting 'CoManagementSettings_Allow' is 'true'
    State ID and report detail hash are not changed. No need to resend. Machine is already enrolled with MDM

    • To validate if a device is both hybrid AD joined enrolled to Intune, run dsregcmd /status from the command line:

    You can confirm that the device is properly hybrid-joined if both AzureAdJoined and DomainJoined are set to YES.

    Auto-enrollment device status result.

    Additionally, verify that the SSO State section displays AzureAdPrt as YES.

    Auto-enrollment Microsoft Entra prt verification.

    • For Autopilot devices kindly validate if the following registry path is present, if yes then device has been enrolled as autopilot: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\Autopilot

    Thanks,

    Akshay Kaushik

    Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Pavel yannara Mirochnitchenko 12,611 Reputation points MVP
    2023-12-16T09:16:27.3766667+00:00

    If you used Autopilot AD Join (not hybrid), I guess you didn't have to install CM agent on it. Hybrid Co-managed device always has CM agent. In legacy Control Panel, you can identify quickly, do you have CM agent installed or not.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.