Co-management Series “Merging the Perimeter” – Part 7: Co-management Capabilities

January 15, 2021 / By / 6 Comments

In this part of the series we will look at Co-management capabilities and discuss what they are, how they work and what the numerical representation indicates.

What are Capabilities?

What are Capabilities?

A “capability” is a numerical value associated with a co-management workload. You can see the capability value in the:-

  • Client registry (HKLM\Software\Microsoft\CCM\CoManagementFlags)
  • Client WMI
  • Client CoManagementHandler.log
  • SQL Database (SQL View v_ClientCoManagementState)
  • Client Control Panel Applet
Capabilities (MDM Workloads) in the SQL View v_ClientCoManagementState
Capabilities (CoManagementFlags) in the Client Registry HKLM\Software\Microsoft\CCM\CoManagementFlags
Capabilities in the Control Panel Applet and CoManagementHandler.log

The capabilities for each Co-management workload can be found in the table below:-

CapabilityWorkload
1All Workloads with SCCM
2Compliance Policies
4Resource access Policies
8Device Configuration
16Windows Updates Policies
32Endpoint Protection
64Client Apps
128Office Click-to-Run Apps

How Capabilities Work

As we add clients to our workload collections or move the co-management workloads fully to Intune, the capability value on the client is merged and re-calculated.

For example, as we observed during the labs in Part 6, moving client workloads for Compliance Polices and Client Apps will give the client a new co-management capability of 67. But how do we get to this number? 67

Co-Management Configured (1) + Compliance Policies (2) + Client Apps (64) = 67
We have to add 1 to any merged workload (Co-management Configured)

When the client receives new capabilities a “merge” is performed on the workload flags to get the new capabilities value. The SCCM Client and Intune Agent are now aware of what workloads they can/can’t apply and an immediate Intune MDM Sync is performed to apply any applicable policies from Intune.

Capabilities Merged and Intune MDM Sync Triggered

What are the numerical representations?

As we start to merge capabilities, we end up with quite a large number of possible workload combinations. The possible values are 1 (Co-management Configured) to 255 (All workloads migrated to Intune). All possible merged capabilities, for SCCM 1906, can be found in this handy table below:-

CapabilitiesWorkload
1Co-management Configured
3Compliance Policies
5Resource access Policies
7Resource access Policies
Compliance Policies
9Device Configuration
11Device Configuration
Compliance Policies
13Device Configuration
Resource access Policies
15Device Configuration
Resource access Policies
Compliance Policies
17Windows Updates Policies
19Windows Updates Policies
Compliance Policies
21Windows Updates Policies
Resource access Policies
23Windows Updates Policies
Resource access Policies
Compliance Policies
25Device Configuration
Windows Updates Policies
27Device Configuration
Windows Updates Policies
Compliance Policies
29Device Configuration
Windows Updates Policies
Resource access Policies
31Device Configuration
Windows Updates Policies
Resource access Policies
Compliance Policies
33Endpoint Protection
35Compliance Policies
Endpoint Protection
37Resource access Policies
Endpoint Protection
39Resource access Policies
Compliance Policies
Endpoint Protection
41Device Configuration
Endpoint Protection
43Device Configuration
Compliance Policies
Endpoint Protection
45Device Configuration
Resource access Policies
Endpoint Protection
47Device Configuration
Resource access Policies
Compliance Policies
Endpoint Protection
49Windows Updates Policies
Endpoint Protection
51Windows Updates Policies
Compliance Policies
Endpoint Protection
53Windows Updates Policies
Resource access Policies
Endpoint Protection
55Windows Updates Policies
Resource access Policies
Compliance Policies
Endpoint Protection
57Device Configuration
Windows Updates Policies
Endpoint Protection
59Device Configuration
Windows Updates Policies
Compliance Policies
Endpoint Protection
61Device Configuration
Windows Updates Policies
Resource access Policies
Endpoint Protection
63Device Configuration
Windows Updates Policies
Resource access Policies
Compliance Policies
Endpoint Protection
65Client Apps
67Client Apps
Compliance Policies
69Client Apps
Resource access Policies
71Client Apps
Resource access Policies
Compliance Policies
73Client Apps
Device Configuration
75Client Apps
Device Configuration
Compliance Policies
77Client Apps
Device Configuration
Resource access Policies
79Client Apps
Device Configuration
Resource access Policies
Compliance Policies
81Client Apps
Windows Updates Policies
83Client Apps
Windows Updates Policies
Compliance Policies
85Client Apps
Windows Updates Policies
Resource access Policies
87Client Apps
Windows Updates Policies
Resource access Policies
Compliance Policies
89Client Apps
Device Configuration
Windows Updates Policies
91Client Apps
Device Configuration
Windows Updates Policies
Compliance Policies
93Client Apps
Device Configuration
Windows Updates Policies
Resource access Policies
95Client Apps
Device Configuration
Windows Updates Policies
Resource access Policies
Compliance Policies
97Client Apps
Endpoint Protection
99Client Apps
Compliance Policies
Endpoint Protection
101Client Apps
Resource access Policies
Endpoint Protection
103Client Apps
Resource access Policies
Compliance Policies
Endpoint Protection
105Client Apps
Device Configuration
Endpoint Protection
107Client Apps
Device Configuration
Compliance Policies
Endpoint Protection
109Client Apps
Device Configuration
Resource access Policies
Endpoint Protection
111Client Apps
Device Configuration
Resource access Policies
Compliance Policies
Endpoint Protection
113Client Apps
Windows Updates Policies
Endpoint Protection
115Client Apps
Windows Updates Policies
Compliance Policies
Endpoint Protection
117Client Apps
Windows Updates Policies
Resource access Policies
Endpoint Protection
119Client Apps
Windows Updates Policies
Resource access Policies
Compliance Policies
Endpoint Protection
121Client Apps
Device Configuration
Windows Updates Policies
Endpoint Protection
123Client Apps
Device Configuration
Windows Updates Policies
Compliance Policies
Endpoint Protection
125Client Apps
Device Configuration
Windows Updates Policies
Resource access Policies
Endpoint Protection
127Client Apps
Device Configuration
Windows Updates Policies
Resource access Policies
Compliance Policies
Endpoint Protection
129Office Click-to-Run Apps
131Office Click-to-Run Apps
Compliance Policies
133Office Click-to-Run Apps
Resource access Policies
135Office Click-to-Run Apps
Resource access Policies
Compliance Policies
137Device Configuration
Office Click-to-Run Apps
139Device Configuration
Office Click-to-Run Apps
Compliance Policies
141Device Configuration
Office Click-to-Run Apps
Resource access Policies
143Device Configuration
Office Click-to-Run Apps
Resource access Policies
Compliance Policies
145Office Click-to-Run Apps
Windows Updates Policies
147Office Click-to-Run Apps
Windows Updates Policies
Compliance Policies
149Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
151Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
Compliance Policies
153Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
155Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Compliance Policies
157Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
159Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
Compliance Policies
161Office Click-to-Run Apps
Endpoint Protection
163Office Click-to-Run Apps
Compliance Policies
Endpoint Protection
165Office Click-to-Run Apps
Resource access Policies
Endpoint Protection
167Office Click-to-Run Apps
Resource access Policies
Compliance Policies
Endpoint Protection
169Device Configuration
Office Click-to-Run Apps
Endpoint Protection
171Device Configuration
Office Click-to-Run Apps
Compliance Policies
Endpoint Protection
173Device Configuration
Office Click-to-Run Apps
Resource access Policies
Endpoint Protection
175Device Configuration
Office Click-to-Run Apps
Resource access Policies
Compliance Policies
Endpoint Protection
177Office Click-to-Run Apps
Windows Updates Policies
Endpoint Protection
179Office Click-to-Run Apps
Windows Updates Policies
Compliance Policies
Endpoint Protection
181Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
Endpoint Protection
183Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
Compliance Policies
Endpoint Protection
185Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Endpoint Protection
187Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Compliance Policies
Endpoint Protection
189Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
Endpoint Protection
191Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
Compliance Policies
Endpoint Protection
193Client Apps
Office Click-to-Run Apps
195Client Apps
Office Click-to-Run Apps
Compliance Policies
197Client Apps
Office Click-to-Run Apps
Resource access Policies
199Client Apps
Office Click-to-Run Apps
Resource access Policies
Compliance Policies
201Client Apps
Device Configuration
Office Click-to-Run Apps
203Client Apps
Device Configuration
Office Click-to-Run Apps
Compliance Policies
205Client Apps
Device Configuration
Office Click-to-Run Apps
Resource access Policies
207Client Apps
Device Configuration
Office Click-to-Run Apps
Resource access Policies
Compliance Policies
209Client Apps
Office Click-to-Run Apps
Windows Updates Policies
211Client Apps
Office Click-to-Run Apps
Windows Updates Policies
Compliance Policies
213Client Apps
Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
215Client Apps
Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
Compliance Policies
217Client Apps
Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
219Client Apps
Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Compliance Policies
221Client Apps
Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
223Client Apps
Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
Compliance Policies
225Client Apps
Office Click-to-Run Apps
Endpoint Protection
227Client Apps
Office Click-to-Run Apps
Compliance Policies
Endpoint Protection
229Client Apps
Office Click-to-Run Apps
Resource access Policies
Endpoint Protection
231Client Apps
Office Click-to-Run Apps
Resource access Policies
Compliance Policies
Endpoint Protection
233Client Apps
Device Configuration
Office Click-to-Run Apps
Endpoint Protection
235Client Apps
Device Configuration
Office Click-to-Run Apps
Compliance Policies
Endpoint Protection
237Client Apps
Device Configuration
Office Click-to-Run Apps
Resource access Policies
Endpoint Protection
239Client Apps
Device Configuration
Office Click-to-Run Apps
Resource access Policies
Compliance Policies
Endpoint Protection
241Client Apps
Office Click-to-Run Apps
Windows Updates Policies
Endpoint Protection
243Client Apps
Office Click-to-Run Apps
Windows Updates Policies
Compliance Policies
Endpoint Protection
245Client Apps
Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
Endpoint Protection
247Client Apps
Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
Compliance Policies
Endpoint Protection
249Client Apps
Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Endpoint Protection
251Client Apps
Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Compliance Policies
Endpoint Protection
253Client Apps
Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
Endpoint Protection
255Client Apps
Device Configuration
Office Click-to-Run Apps
Windows Updates Policies
Resource access Policies
Compliance Policies
Endpoint Protection

Summary

In this part of the series we looked at the possible co-management capability values and how the values are calculated. In the final part of our series we will discuss Monitoring Co-management

4/5 - (1 vote)

6 thoughts on “Co-management Series “Merging the Perimeter” – Part 7: Co-management Capabilities”

  1. Pingback: Co-management Series "Merging the perimeter" - Part 1: What is Co-management?

  2. Pingback: Co-management Series "Merging the Perimeter" - Part 2: Paths to Co-management

  3. Pingback: Co-management Series "Merging the Perimeter" – Part 3: Co-management Prerequisites

  4. Pingback: Co-management Series “Merging the Perimeter” – Part 4: Configuring Hybrid Azure AD

  5. Pingback: Co-management Series “Merging the Perimeter” – Part 5: Enabling Co-management

  6. Pingback: Co-management Series “Merging the Perimeter” – Part 6: Switching Workloads to Intune

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.