Shifting gears from managing to co-managing your Windows devices

Aiden Gonzales

Dec 7, 2021

8 min read

UEM solutions have always tried to revitalize endpoint management by replacing hard work with smart work. Meanwhile, technological expansions have tremendously enhanced the number of choices on offer for enterprises seeking a UEM solution. Consequently, as the competition grew, it became increasingly difficult for enterprises to pick an ideal UEM solution.

It is a no-brainer that enterprises investing heavily in UEM solutions will analyze the ROI each solution offers. The practice of switching between UEM solutions to fine-tune them with the industry demands is also common. However, the flexibility to manage devices concurrently using more than one UEM solution is something out of the box and looks promising mainly. Yes, you guessed it right, it is nothing but the pioneering piece of transition technology called ‘Co-management.’

Windows management simplified

What is Windows co-management?

Co-management, also called partial enrollment, enables you to concurrently manage Windows 10 or later devices using more than one UEM solution. The term shouldn’t be confused with the SCCM co-management or co-existence. Instead, it is an exclusive feature that provides modern enterprises the flexibility to use multiple UEM solutions. With this, enterprises can incorporate the technology that works best for their organization. In short, if you are caught in the dilemma of choosing an ideal UEM solution for your enterprise but can’t let go of your previous solution that easily, co-management can work wonders for you.

Windows devices are as indispensable as coffee table conversations in the modern workspace. And obviously, managing the countless fleet of those devices can be daunting. Now put, your Windows device encountered an issue, and you want to fix it immediately. Undoubtedly, you’ll be in all sorts of trouble until the issue is fixed. And gosh! How long would you have to hold on for someone to figure out the issue and resolve it? To make it worse, your default UEM, may not offer you a remote view feature that helps the IT admins resolve the issue with ease. Wouldn’t you be elated if you could use the remote view feature from another UEM! That’s where co-management comes to play.

Why co-management?

According to the conventional UEM protocols, a device already enrolled in a UEM cannot use another UEM again. However, as business demands grew leaps and bounds, there arose a need to utilize a secondary solution in parallel with the default UEM. That is how Co-Management, aka partial enrolment, raised the bars.

The successful incorporation of an efficient UEM solution, as in co-management, will undoubtedly add value to modern enterprises. It will revitalize the existing management infrastructure and processes therein, opening up the immense possibility of adding new functionalities to an existing system without substantially changing its previous behavior. Does it sound like a cakewalk? Well, it has to!

What is Unified Endpoint Management (UEM)?

Also, there is an implicit law of orchestration in co-management. It is universal and applies to almost all co-managerial spheres. A standard analog is that in hospitals where specialists take care of hospital services, a dedicated group, often comprising physicians, handles the managerial side. What’s general is the idea of synchronization and effective management of workloads. If orchestration fails, co-management will aggravate the complexity of device management in the modern workspace.

Co-management of Windows devices with Hexnode

Hexnode is one of the few UEMs, extending the flexibility of co-management to its users in a simplified and convincing manner. In addition, it offers the provision of customizing the way enterprises wish to co-manage their devices. Looks cool, is it not?

As mentioned earlier, co-management is an improvisation that came into being for enhancing the device management capabilities of modern enterprises. However, it cannot defer the conventional UEM protocol that endorses just one UEM for one device. Well, it doesn’t. I find every reason for you to wonder how Hexnode does the trick. Hang on!

Hexnode accomplishes multi-UEM management for a single device by letting the user install the agent app and co-managing it without enrolling it into the Hexnode portal. Or in other words, it provides conditional access to some of the device functions. This permits the user to fetch the device details from the manage tab and perform some basic actions supported by the agent app.

As the application “Hexnode Installer” is being installed, you’ll get to know whether the device has already been enrolled in another UEM or not. If it happens to, an error message displaying “Your device is already being managed by an organization” pops up. Simultaneously, the user gets the choice of continuing with co-management. Here, the user(enterprise) has the sole authority to allow co-management on a Windows device.

Featured resource

Hexnode Windows Management Solution

Manually controlling devices can put your organizational data at risk. A UEM/MDM solution makes it easier to deploy and manage all your Windows devices and applications.

Download datasheet

Some handy features using co-management

Several valuable features can be enabled using co-management. These features are complementary and help the user overcome the limitations of the primary UEM. Some of the picks include

MSI & Store app installation

MSI apps, better known as enterprise applications, are integral to the modern workspace. The MSI file packages help enterprises manage privately built applications. As the feature is enabled in co-management, you can quickly push enterprise apps to target devices without fully enrolling them. In addition, co-management comes with the advantage of including command line parameters in the MSI application files.

Windows store applications also play a pivotal role in the endpoint management space. Co-management supports the installation of these applications in a way similar to that of the MSI app installation.

Pushing custom scripts

Custom scripts are a series of commands written in a particular programming language that entails the operations you wish to perform in a device. It obviates manual intervention and reduces the tediousness of executing tasks that are not natively supported.

With co-management, you can add custom scripts, which seriously enhance your UEM’s operational capabilities. The common script files supported are .ps1, .bat and .cmd

Remote view

Remote view is one of the outstanding features of troubleshooting in the modern-day mobile device management workspace. It makes the mundane task of manual troubleshooting a thing of the past and cuts down device downtime.

This feature allows the admin to view the device remotely, identify the issues and assist the user promptly rectify them. However, installing the remote assist app is mandatory to enable remote view in the co-managed device.

Hardware scan

Co-management also offers the possibility of obtaining device details from the device info page. This feature helps to check the device’s health regularly. It also discovers irregularities in the device management and keeps a check on the network and security info.

Remote actions

Co-management extends the functionalities of remote actions to the managed devices. It can eventually bolster the level of control on the endpoints as there is plenty of value-driven features in remote actions.

Here is a list of some of the notable remote actions you can perform in a co-managed device

Change Owner- This feature allows enterprises to seamlessly change the ownership profiles of users who left the organization and assign it to new users within the organization.

Enable Lost Mode- Lost mode ensures that the sensitive corporate data are not exposed once a corporate device is lost or misplaced. Just because data breaches are on the rise, the lost mode is one of the critical features for enterprises.

Export Device Details – Exporting device details will help the admin manage devices better. It offers a comprehensive set of device-specific information to monitor the devices individually, ensure compliance, identify irregularities and enhance overall productivity.

Four easy steps to co-management

  1. Enable co-management in the admin tab
  2. Log in to your Hexnode portal
  3. Navigate to the Windows enrolment tab and choose the option-co-management
  4. Enrol the device using open or authenticated enrolment.

As easy as that. Your device is now ready to be co-managed!

Furthermore, you should enable the feature in the admin tab to ensure that co-management takes place without fail. It is also noteworthy that the feature is supported only in Windows 10+, Windows 10 v1803+ and Windows 10 v1703 to Windows 10 v1709 (if .NET Framework v4.7.1+ is installed on the device).

Co-management, the future

The future
Awaiting a glorious future

With businesses developing at an exponential pace and business demands rising sharply, the future of co-management looks brighter than ever. Co-management also opens up the possibility of fully enrolling a co-managed device. This transition can happen if the user finds the co-managed system way too superior or if the existing UEM falls behind in providing industry-specific use cases. You can fully enroll a co-managed device in Hexnode by removing the existing UEM vendor and re-enrolling it with Hexnode


Aiden Gonzales

Entrapped in the enchanting enigma of letters.

Share your thoughts