Category filter
Co-management of Windows devices
The configuration that enables concurrent management of devices running Windows 10 or later enrolled in other UEM solutions from Hexnode is called Co-management. A device enrolled in some other UEM/MDM software cannot be enrolled in Hexnode, yet it can be co-managed to obtain the device details, perform basic actions, deploy automations or more from Hexnode. Therefore, such devices are provided with conditional access to the device management functionalities supported by Hexnode. When a Windows device (fully enrolled with another UEM) has the Hexnode UEM app installed and is co-managed by Hexnode, it unleashes the benefits of both the UEMs. Moreover, co-management is one of the primary ways to streamline migration to Hexnode from other UEM vendors.
- Co-management is supported on:
- Windows 10 v1803+
- Windows 10 v1703 to Windows 10 v1709 (if .NET Framework v4.7.1+ is installed on the device)
- Windows 11
Co-managing devices in Hexnode
Co-management is a different enrollment technique where two management authorities co-exist on a single device. Once enrollment is initiated on a Windows device via the Hexnode Installer app, the Hexnode Installer checks whether the device is already enrolled with another UEM vendor. If it detects that a third-party UEM service is also managing the device and co-management is enabled on the Hexnode portal, the user can determine whether the device should be co-managed. Then, based on the enrollment settings configured on the portal, the user can continue the enrollment procedure.
Enable co-management from the portal
You can unlock co-management on Windows devices by configuring enrollment profiles from the Enroll tab.
- Log in to the Hexnode UEM console.
- Navigate to Enroll > Platform-Specific > Windows PCs & Tablets > Information. Under Enrollment profile, select an already existing enrollment profile and click on View.
- In General Settings, under the Co-management setting, click on the Enabled button.
Enrollment instructions for the user
This section describes how the user can initiate co-management from the device.
- Open the web browser on the device
- Enter the enrollment URL.
- Click on ‘Download’ to download the Hexnode Installer app.
- Go to the download location and open the file to install the app on your device.
- On the app, tap ‘Agree and Enroll’ after reading the EULA agreement.
- Click on Proceed to co-manage the device.
- In the Authentication window, enter the authentication credentials (If Authenticated Enrollment is chosen).
- Follow further instructions to install the agent and start co-management of your Windows device.
A co-managed device shows an Enrolled (Limited) status next to the Enrollment status (under Device Summary > Enrollment details). Moreover, you can fetch only a limited number of device details from the portal. The details fetched for a co-managed device are confined to the following sub-tabs, Device Summary, Device Info, Applications, Device Groups, and Action History.
Executing remote actions on co-managed devices
You can perform the following remote actions on a co-managed Windows device:
- Scan Device
- Scan for Updates
- Scan for Apps
- Scan Device Location
- Sync Local Accounts
- Lock Device
- Wipe Device
- Enable Location Tracking
- Uninstall Application
- Create User Account
- Join/Unjoin AD Domain
- Broadcast message
- Power off Device
- Restart Device
- Delete Location History
- Execute Custom Script
- Change Owner
- Edit Device Attributes
- Enable Lost Mode
- Disable Lost Mode
- Install Application
- Set Friendly Name
- Change Ownership
- Export Device Details
- Disenroll Device
- Force BitLocker Encryption
-
Co-management fails on the endpoints in the following instances.
- If co-management for Windows devices is disabled in the Admin tab.
- If the device is currently enrolled in another Hexnode portal.
- If the device is already enrolled in Hexnode, you will have to disenroll the device and rerun the Hexnode Installer app to proceed with co-management.
Remote View/Control
Hexnode supports the built-in feature to remotely view the screens of your co-managed Windows devices in real-time and control them. The Hexnode Remote Assist application installed on the device during its enrollment in Hexnode, enables unattended remote access on the Windows device. During Remote Assist, you will have complete control over the co-managed device and will be able to view the real-time preview of the device’s screen and control it through the Hexnode portal.
Patches and Updates
You can automate the scheduling and deployment of any patches or updates for your co-managed Windows device over-the-air from the Patches tab in the Hexnode portal. It allows you to monitor and manage all available updates for both the OS and applications for your co-managed device.
While deploying updates for the device, you can choose to automatically or manually deploy the updates.
Automation
You can automate and schedule deployments for your co-managed Windows devices through the Automate tab in Hexnode UEM. The deployment can be triggered by setting a time interval or by defining a device activity such as device enrollment or on location compliance/non-compliance. You can schedule bulk actions on the devices such as:
- Execute Custom Script
- Scan Device
- Sync Local Accounts
- Scan Device Location
- Broadcast Message
- Power Off
- Restart Device
- Lock Device
- Enable Lost Mode
- Disable Lost Mode
You can also automate the deployment of patches and updates into the co-managed device by creating automations.
Local User Account Management
Hexnode enables you to manage the local user accounts on your co-managed Windows devices. You can perform various actions associated with a local user account such as:
- Create new user accounts
- Change password
- Change user role to standard user or administrator
- Sync user accounts with the Hexnode portal
- Disable/enable user accounts
- Delete user accounts
- Force logout a user
To synchronize the local accounts on a device with the Hexnode portal, you can use the Sync Local Accounts remote action. The local user accounts on each co-managed device can be viewed and managed from the Local Accounts sub-tab in the device details page of the respective device in the Hexnode portal.
Geofencing
You can set up virtual geographical fences for your co-managed Windows devices using geofencing through Hexnode UEM. This feature can be used to determine the location compliance of the device where if the device moves out of the geofence it will be considered location non-compliant. You can also deploy actions on the co-managed devices depending on the location of your device with the help of geofencing. It can also help in the creation of dynamic groups where devices can be added to groups based on whether a device is outside a geofence region or not.
Fully enrolling a Co-Managed device
Device management requirements for an organization grow over time. If your current MDM is missing out on desired functionalities, or you want to unleash additional features of Hexnode on co-managed devices, you can fully enroll them in Hexnode. A co-managed device can be fully enrolled by removing the existing UEM vendor from the device and enrolling it in Hexnode once again.
Removing existing MDM
- Open Settings on the device.
- Navigate to Accounts > Access work or school.
- Choose the account corresponding to the current MDM vendor.
- Click Disconnect.
Re-enrolling the device
You can re-initiate enrollment on a co-managed device using any of the techniques.
While enrolling, if the authentication mode is set as:
- No Authentication – The device is fully enrolled and is assigned to its current user. Later, the administrator may change the device owner from the portal.
- Enforce Authentication – The device is fully enrolled and is assigned to the existing owner (user), given the same user authenticates during enrollment. If the authenticated user is not the same as the device owner, the enrollment fails.
