KB4575787 ConfigMgr Co-management enrollment takes longer than expected
If ConfigMgr Co-management enrollment takes longer than expected for clients, then we have a new hotfix KB4575787. This is a out of band hotfix and you must install this by importing it first in ConfigMgr.
Before you install the KB 4575787 hotfix, ensure you are running ConfigMgr 2006. In addition, the KB4578605 hotfix update rollup (HFRU) should be installed.
Most of all the KB 4575787 update does not directly replace any previously released updates. It only addresses an issue where ConfigMgr Co-management enrollment takes longer than expected. However, the client patch (.MSP file) supercedes the version that shipped with update rollup KB 4578605. Therefore, only one client upgrade should be performed.
Table of Contents
ConfigMgr Co-management enrollment takes longer than expected
The co-managed devices configured to automatically enroll in Microsoft Intune will initially fail to enroll based on their Azure Active Directory device token.
The enrollment process then falls back to user token-based enrollment, which succeeds when a user logs in and meets any specific user enrollment requirements.
The co-management dashboard may show a status of pending user sign in for affected clients during this time. As a result, ConfigMgr Co-management enrollment takes longer than expected.
This issue only occurs in environments when the below conditions are met.
- The KB4578605 update rollup is installed, and clients have upgraded to version 5.00.9012.1052 before completing the co-management onboarding process.
- The client restarts or upgrades during the enrollment process. If the client does not restart or upgrade during enrollment process, the client will not be affected.
In addition this issue also occurs when one or both of the following conditions are true.
- The device/ user is configured to use multi-factor authentication with Azure Active Directory.
- Configuration Manager 2006 is the co-management authority for Resource Access. However Windows Hello for Business Configuration is done via Microsoft Intune.
Download and Import the KB 4575787 Out of band Hotfix
You must first download the KB 4575787. This update won’t appear in your console until you import it manually. Since this is a out of band hotfix, the size of the update is not big.
To import the SCCM 2006 KB4575787 hotfix, you can refer the following guide on Import Hotfix using Update Registration Tool in SCCM.
Install ConfigMgr 2006 KB4575787 hotfix
Use the below steps to install the ConfigMgr 2006 KB4575787 hotfix.
- Launch the ConfigMgr console.
- Go to Administration > Updates and Servicing Node.
- If you don’t see KB4575787 hotfix, run check for updates.
- Right click Configuration Manager 2006 KB4575787 hotfix and click Install Update pack.
Interesting. When I imported KB4575787 and installed it showed an additional 3 hotfixes in my console.
KB4575786, KB4575787 and KB4575790
I ran each independently, in order. They took about 15-30 minutes each to complete.
Looks good, but was unexpected.