MSEndpointMgr

Moving to the Cloud. Co-management workloads and capabilities (revisited)

In this post I will revisit Co-management workloads, capabilities and take a walk down memory lane.

Background

Ok, let’s expand on what “Moving to the Cloud” means to us – and that varies, a lot, depending on who you speak to. Quite often our journey to the cloud is complex. We don’t have a magic button that shifts everything from on-premises to the Cloud and then cuts our operational bill in half – that kind of thinking belongs with an eccentric wizard and his hobbit friends. More often the path is much more complex.

I remember being an admin when “The Cloud” burst onto the scene. Technologies were being born and new concepts like “Its a journey, not a destination” were being spread like wild fire. I had a feeling of urgency that I had to move our organisation with the times and current trends but it was more than that. There was a sense that the old days of baby sitting the Exchange server in the corner were coming to an end and this new, cloud first, world needed learning, chasing and embracing.

The biggest challenge that I remember churning through my over analytical brain was “How does this all come together and look at its conclusion”. I didn’t really have an overall picture of how this puzzle would look when it was complete. What part of my infrastructure would remain on premises and what would be in the cloud. It was very much a case of take baby steps and trust in the process. Cloud strategies hadn’t matured and many of us felt like early pioneers in the “Moving to the Cloud” gold rush. This was exactly how Ernest Shackleton must have felt on that fateful journey to Antarctica…our cloud journey was bound to end in disaster but we all crossed our fingers and trusted in the marketing headlines.

Configuration Manager “The steady ship”

Like me, many admins had managed a steady ship for years. She was the pride of the fleet. Maturing from year to year with no end in sight to her prowess. Configuration Manager was/is a master piece. We got a sense that the white fluffy things (clouds) were on the hymn sheets in Microsoft HQ when we saw technologies like IBCM and Cloud DP come into the portfolio.

Organisations started asking us if we could manage mobile devices with Configuration Manager, which was an interesting chapter in many of our lives, and we started to get a taste of something on the horizon. Intune was afoot…

Intune Classic Portal

https://learn.microsoft.com/en-us/mem/intune/fundamentals/ui-changes

Intune “The Cloud”

Intune burst onto the scene and felt like this bold, new, idea that would help us navigate seamlessly to the cloud. I and many others were wondering how and when to embrace the Cloud, Microsoft too were stepping into a new era with a stronger focus on the fluffy white stuff.

Intune matured, slowly at first but then more rapidly when released from the shackles of Silverlight. We could see how promising cloud management could be and like kiddies in a candy shop, we had no patience. We wanted ALL the features and control that we were used to in Configuration Manger and we wanted it now.

Intune, for all it promised to be, actually presented us with some difficult conundrums. We wanted to embrace the cloud but there wasn’t a simple “Do it” switch. Microsoft still hadn’t worked that part out. Instead, we were faced with challenges like hybrid identities, ADFS (painful memories), the advent of AD Sync, moving mobile device management from ConfigMgr to the Intune, ensuring GPO’s didn’t conflict with Intune policy. It was a hot spaghetti mess that would trip you up if you didn’t navigate the pot holes like a cautious badger on stilts.

Co-management “The Bridge”

Enter Co-management. This was hands-down the most promising technology yet to help us transition smoothly to device management from the Cloud. Co-management finally allowed us to move different workloads to Intune, at our own pace. We had options. It was no longer the choice of “do nothing” vs “big bang cutover”.

Fast forward to today. Co-management has matured – a lot. She still has a little way to go and the story isn’t complete but golly are admins faced with much easier migration challenges today than we were 10 years ago.

Workloads

I wanted to focus this post on something I have been looking at recently

Workloads is a concept that allows us to move individual “workloads” from Configuration Manager to Intune. What are the workloads we can move? The options have changed over recent years, today we have the following:-

Microsoft have a great doc explaining what moving each of the these workloads means, I won’t duplicate that information in this post. Go check out Co-management workloads – Configuration Manager | Microsoft Learn

The great thing about workloads is that you can move them, individually, at a pace that suits you and your adoption of the Cloud.

I wanted to focus this post on something I have been looking at recently and that is workload capabilities.

Capabilities (and some dirty-split code)

Capabilities have fascinated me since I blogged on them back in 2019

Every workload has an associated numerical value. We refer to this as the capability number. You can very easily see the capability value assigned to the client in the ConfigMgr control panel applet and CoManagementHandler.log

Screenshot from 2019 blog post

Up until recently we grew familiar with the capability values. Enter ConfigMgr 2111 – enter crazy values.

We should remind ourselves what these values are and what they represent. Each workload has a corresponding value. Before ConfigMgr 2111, they looked like this:-

CapabilityWorkload
1Co-management Enabled
2Compliance Policies
4Resource access Policies
8Device Configuration
16Windows Updates Policies
32Endpoint Protection
64Client Apps
128Office Click-to-Run Apps
Workloads Pre ConfigMgr 2111

Now, they look like this*

CapabilityWorkload
1Co-management Inventory
8193Co-management Enabled
2Compliance Policies
4Resource access Policies
8Device Configuration
16Windows Updates Policies
4128Endpoint Protection
64Client Apps
128Office Click-to-Run Apps
Workloads ConfigMgr 2111+

Note

The workload values jumped dramatically. Co-management enabled (8193), which is not an official workload per se, is the default value in ConfigMgr 2111+ but it is made up of a combination of Endpoint Protection Split (8192) + Inventory (1).

Adam Gross kindly pointed me to check out AdminUI.CoManagement.dll. If we decompile it we can see a little further under the hood. The previous value for the Endpoint Protection workload (32) is now labelled “Security”. My guess is this was done to accommodate future co-management workload splits for the Endpoint Protection workload.

The Endpoint Protection split in ConfigMgr 2111+ is made up from Disk Encryption (4096) and Security (32).

For simplicity, I haven’t reflected the split in the code I share later as it doesn’t obviously relate to what you see in the ConfigMgr console…today, at least.

There is some masking of the split in the code, we can still not see the Endpoint Protection / Disk Encryption split in the UI (see below).

2211 Co-management Settings

I won’t dwell on this. The Endpoint Protection workload split looks dirty, but, it is effective. I guess the programmers also thought it was a dirty way to split the workload too (see below)

Moving on. When we start to move workloads to our to Intune, the capabilities value reflects the combined workloads.

For example, before ConfigMgr 2111, moving client workloads for Compliance Polices and Client Apps used to give the client a Co-management capability of 67. But how do we get to this number? 67

Co-Management Enabled (1) + Compliance Policies (2) + Client Apps (64) = 67

Simple right?

Bitwise Operations

We could calculate the value previously by doing a basic math sum, but capabilities are more complex when you dive a bit deeper. What we should actually be doing is a bitwise operation on the binary value of the capability number.

Lets look at the capability value binary representation.

CapabilityBinary
100000000000001
819310000000000001
200000000000010
400000000000100
800000000001000
1600000000010000
412801000000100000
6400000001000000
12800000010000000
Binary representation of capability values

We can perform a bitwise operation on multiple capability values to get a new capability value. What happens when we have “Co-management Enabled” (8193) and the “Compliance” (2) workload moved to Intune?

10000000000001 -bor 00000000000010 = 10000000000011

If we look at the bitwise calculation below, we are actually returning 1 when either one or both bits, in each corresponding column, equals 1

10000000000001
00000000000010
10000000000011 = 8195

PowerShell

My colleague Cody Mathis (brilliant brain) had previously written some neat code to work out the combined capability values using bitwise operations. Combining capabilities with the -bor operator and comparing them with the -band operator to convert Co-management workloads from and to their text representations. Take a look at his work script at CM-Ramblings/Convert-CoManagementWorkload.ps1 at master · CodyMathis123/CM-Ramblings · GitHub

What prompted me to re-think capabilities again was when I saw a tweet from Ioan Popovici @MEM.Zone on Twitter

Credit Loan Popovici

I had not considered using flags with enum definitions before with PowerShell. It actually makes the PowerShell much simpler. Lets take a look

[flags()] Enum workloads {
        CoMgmt_Enabled = 8193
        Compliance_Policies = 2
        Resource_Access_Policies = 4
        Device_Configuration = 8
        Windows_Update_Policies = 16
        Client_Apps = 64
        Office_Click2Run_Apps = 128
        Endpoint_Protection = 4128
    }

And we throw a capability value in

[workloads]8195

This is cool.

Functions

I put together a function that allows you to pass single or multiple capability values to see the workloads

Function Get-Workload {
    [CmdletBinding()]
    Param(
        [Parameter(Position = 0, Mandatory = $true)]
        [ValidateRange(1,12543)]
        [Int32[]]$capability
    )

    #Create enumurator for workload flags // ConfigMgr 2111+
    [flags()] Enum workloads {
        CoMgmt_Enabled = 8193
        Compliance_Policies = 2
        Resource_Access_Policies = 4
        Device_Configuration = 8
        Windows_Update_Policies = 16
        Client_Apps = 64
        Office_Click2Run_Apps = 128
        Endpoint_Protection = 4128
    }

    #Create an ordered hash table to capture all capabilities
    $allCapabilities = [Ordered]@{}

    ForEach ($capNum in $capability) {

        #Evaluate capabilities 
        If ($capNum -eq 1) {
            $capResult = @("CoMgmt_Disabled")

            #Build hash table of results
            $allCapabilities.Add([string]$capNum, $capResult)
        }
        elseIf ($capNum -eq 8193) {
            $capResult = @("CoMgmt_Enabled_NoWorkloads")

            #Build hash table of results
            $allCapabilities.Add([string]$capNum, $capResult)
        }
        elseIf ($capNum -lt 8193) {
            $capResult = @("Invalid_Workload_Value")

            #Build hash table of results
            $allCapabilities.Add([string]$capNum, $capResult)
        }
        else {
            Try {
                $workload = [workloads]$capNum

                #Build data if a valid flag is matched
                If ($workload -like "*_*") {
              
                    #Filter out CoMgmt_Enabled value - we assume it is enabled if we have a workload match
                    $capabilities = $workload -split ', ' -notmatch 'CoMgmt_Enabled'

                    #Tidy up and export capabilities sorted to an array
                    $capabilities = $capabilities | Sort-Object
                    $capResult = @($capabilities)

                    #Build hash table of results
                    $allCapabilities.Add([string]$capNum, $capResult)
                }
            }
            Catch {
                #Do Nothing, ignore invalid values
            }
        }
    }
    Return $allCapabilities
}

With the values sorted as an array in the hash table, we can throw this out as a JSON for giggle.

It got me thinking. Thinking big. Lets use a similar function to generate ALL the possible workloads combinations. I had been wanting to update the workload capabilities table I had created 4 years ago and this seemed the perfect way to do it.

ConfigMgr 2111+ Capability Values

A similar function will export all possible workloads

Function Get-AllWorkloads {
    
    #Create enumurator for workload flags // ConfigMgr 2111+
    [flags()] Enum allWorkloads {
        CoMgmt_Enabled = 8193
        Compliance_Policies = 2
        Resource_Access_Policies = 4
        Device_Configuration = 8
        Windows_Update_Policies = 16
        Client_Apps = 64
        Office_Click2Run_Apps = 128
        Endpoint_Protection = 4128
    }

    #Create an ordered hash table to capture all capabilities
    $allCapabilities = [Ordered]@{}

    8195..12543 | Foreach-Object {

        $capNum = [string]$_

        #Evaluate capabilities s
        Try {
            $workload = [allWorkloads]$capNum

            #Build data if a valid flag is matched
            If ($workload -like "*_*") {
              
                #Filter out CoMgmt_Enabled value - we assume it is enabled if we have a workload match
                $capabilities = $workload -split ', ' -notmatch 'CoMgmt_Enabled'

                #Tidy up and export capabilities sorted to an array
                $capabilities = $capabilities | Sort-Object
                $capResult = @($capabilities)

                #Build hash table of results
                $allCapabilities.Add($capNum, $capResult)
            }
        }
        Catch {
            #Do Nothing, ignore invalid values
        }
    }
    Return $allCapabilities
}

This is cool. Let’s throw that into a JSON

{
  "8195": [
    "Compliance_Policies"
  ],
  "8197": [
    "Resource_Access_Policies"
  ],
  "8199": [
    "Compliance_Policies",
    "Resource_Access_Policies"
  ],
  "8201": [
    "Device_Configuration"
  ],
  "8203": [
    "Compliance_Policies",
    "Device_Configuration"
  ],
  "8205": [
    "Device_Configuration",
    "Resource_Access_Policies"
  ],
  "8207": [
    "Compliance_Policies",
    "Device_Configuration",
    "Resource_Access_Policies"
  ],
  "8209": [
    "Windows_Update_Policies"
  ],
  "8211": [
    "Compliance_Policies",
    "Windows_Update_Policies"
  ],
  "8213": [
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8215": [
    "Compliance_Policies",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8217": [
    "Device_Configuration",
    "Windows_Update_Policies"
  ],
  "8219": [
    "Compliance_Policies",
    "Device_Configuration",
    "Windows_Update_Policies"
  ],
  "8221": [
    "Device_Configuration",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8223": [
    "Compliance_Policies",
    "Device_Configuration",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8257": [
    "Client_Apps"
  ],
  "8259": [
    "Client_Apps",
    "Compliance_Policies"
  ],
  "8261": [
    "Client_Apps",
    "Resource_Access_Policies"
  ],
  "8263": [
    "Client_Apps",
    "Compliance_Policies",
    "Resource_Access_Policies"
  ],
  "8265": [
    "Client_Apps",
    "Device_Configuration"
  ],
  "8267": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration"
  ],
  "8269": [
    "Client_Apps",
    "Device_Configuration",
    "Resource_Access_Policies"
  ],
  "8271": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Resource_Access_Policies"
  ],
  "8273": [
    "Client_Apps",
    "Windows_Update_Policies"
  ],
  "8275": [
    "Client_Apps",
    "Compliance_Policies",
    "Windows_Update_Policies"
  ],
  "8277": [
    "Client_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8279": [
    "Client_Apps",
    "Compliance_Policies",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8281": [
    "Client_Apps",
    "Device_Configuration",
    "Windows_Update_Policies"
  ],
  "8283": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Windows_Update_Policies"
  ],
  "8285": [
    "Client_Apps",
    "Device_Configuration",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8287": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8321": [
    "Office_Click2Run_Apps"
  ],
  "8323": [
    "Compliance_Policies",
    "Office_Click2Run_Apps"
  ],
  "8325": [
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "8327": [
    "Compliance_Policies",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "8329": [
    "Device_Configuration",
    "Office_Click2Run_Apps"
  ],
  "8331": [
    "Compliance_Policies",
    "Device_Configuration",
    "Office_Click2Run_Apps"
  ],
  "8333": [
    "Device_Configuration",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "8335": [
    "Compliance_Policies",
    "Device_Configuration",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "8337": [
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "8339": [
    "Compliance_Policies",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "8341": [
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8343": [
    "Compliance_Policies",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8345": [
    "Device_Configuration",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "8347": [
    "Compliance_Policies",
    "Device_Configuration",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "8349": [
    "Device_Configuration",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8351": [
    "Compliance_Policies",
    "Device_Configuration",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8385": [
    "Client_Apps",
    "Office_Click2Run_Apps"
  ],
  "8387": [
    "Client_Apps",
    "Compliance_Policies",
    "Office_Click2Run_Apps"
  ],
  "8389": [
    "Client_Apps",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "8391": [
    "Client_Apps",
    "Compliance_Policies",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "8393": [
    "Client_Apps",
    "Device_Configuration",
    "Office_Click2Run_Apps"
  ],
  "8395": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Office_Click2Run_Apps"
  ],
  "8397": [
    "Client_Apps",
    "Device_Configuration",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "8399": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "8401": [
    "Client_Apps",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "8403": [
    "Client_Apps",
    "Compliance_Policies",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "8405": [
    "Client_Apps",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8407": [
    "Client_Apps",
    "Compliance_Policies",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8409": [
    "Client_Apps",
    "Device_Configuration",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "8411": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "8413": [
    "Client_Apps",
    "Device_Configuration",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "8415": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12321": [
    "Endpoint_Protection"
  ],
  "12323": [
    "Compliance_Policies",
    "Endpoint_Protection"
  ],
  "12325": [
    "Endpoint_Protection",
    "Resource_Access_Policies"
  ],
  "12327": [
    "Compliance_Policies",
    "Endpoint_Protection",
    "Resource_Access_Policies"
  ],
  "12329": [
    "Device_Configuration",
    "Endpoint_Protection"
  ],
  "12331": [
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection"
  ],
  "12333": [
    "Device_Configuration",
    "Endpoint_Protection",
    "Resource_Access_Policies"
  ],
  "12335": [
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Resource_Access_Policies"
  ],
  "12337": [
    "Endpoint_Protection",
    "Windows_Update_Policies"
  ],
  "12339": [
    "Compliance_Policies",
    "Endpoint_Protection",
    "Windows_Update_Policies"
  ],
  "12341": [
    "Endpoint_Protection",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12343": [
    "Compliance_Policies",
    "Endpoint_Protection",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12345": [
    "Device_Configuration",
    "Endpoint_Protection",
    "Windows_Update_Policies"
  ],
  "12347": [
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Windows_Update_Policies"
  ],
  "12349": [
    "Device_Configuration",
    "Endpoint_Protection",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12351": [
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12385": [
    "Client_Apps",
    "Endpoint_Protection"
  ],
  "12387": [
    "Client_Apps",
    "Compliance_Policies",
    "Endpoint_Protection"
  ],
  "12389": [
    "Client_Apps",
    "Endpoint_Protection",
    "Resource_Access_Policies"
  ],
  "12391": [
    "Client_Apps",
    "Compliance_Policies",
    "Endpoint_Protection",
    "Resource_Access_Policies"
  ],
  "12393": [
    "Client_Apps",
    "Device_Configuration",
    "Endpoint_Protection"
  ],
  "12395": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection"
  ],
  "12397": [
    "Client_Apps",
    "Device_Configuration",
    "Endpoint_Protection",
    "Resource_Access_Policies"
  ],
  "12399": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Resource_Access_Policies"
  ],
  "12401": [
    "Client_Apps",
    "Endpoint_Protection",
    "Windows_Update_Policies"
  ],
  "12403": [
    "Client_Apps",
    "Compliance_Policies",
    "Endpoint_Protection",
    "Windows_Update_Policies"
  ],
  "12405": [
    "Client_Apps",
    "Endpoint_Protection",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12407": [
    "Client_Apps",
    "Compliance_Policies",
    "Endpoint_Protection",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12409": [
    "Client_Apps",
    "Device_Configuration",
    "Endpoint_Protection",
    "Windows_Update_Policies"
  ],
  "12411": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Windows_Update_Policies"
  ],
  "12413": [
    "Client_Apps",
    "Device_Configuration",
    "Endpoint_Protection",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12415": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12449": [
    "Endpoint_Protection",
    "Office_Click2Run_Apps"
  ],
  "12451": [
    "Compliance_Policies",
    "Endpoint_Protection",
    "Office_Click2Run_Apps"
  ],
  "12453": [
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "12455": [
    "Compliance_Policies",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "12457": [
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps"
  ],
  "12459": [
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps"
  ],
  "12461": [
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "12463": [
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "12465": [
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "12467": [
    "Compliance_Policies",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "12469": [
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12471": [
    "Compliance_Policies",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12473": [
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "12475": [
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "12477": [
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12479": [
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12513": [
    "Client_Apps",
    "Endpoint_Protection",
    "Office_Click2Run_Apps"
  ],
  "12515": [
    "Client_Apps",
    "Compliance_Policies",
    "Endpoint_Protection",
    "Office_Click2Run_Apps"
  ],
  "12517": [
    "Client_Apps",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "12519": [
    "Client_Apps",
    "Compliance_Policies",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "12521": [
    "Client_Apps",
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps"
  ],
  "12523": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps"
  ],
  "12525": [
    "Client_Apps",
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "12527": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies"
  ],
  "12529": [
    "Client_Apps",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "12531": [
    "Client_Apps",
    "Compliance_Policies",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "12533": [
    "Client_Apps",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12535": [
    "Client_Apps",
    "Compliance_Policies",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12537": [
    "Client_Apps",
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "12539": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Windows_Update_Policies"
  ],
  "12541": [
    "Client_Apps",
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ],
  "12543": [
    "Client_Apps",
    "Compliance_Policies",
    "Device_Configuration",
    "Endpoint_Protection",
    "Office_Click2Run_Apps",
    "Resource_Access_Policies",
    "Windows_Update_Policies"
  ]
}

What Next?

The reason I created functions for this task is because I am playing. I have never built my own API before and this dataset gives me the perfect excuse to go learn API’s. Over the coming weeks/months I intend to blog on my journey to create an API so we can display the workloads in a browser using a simple URL GET method. Fun times ahead!

Summary

In this post I reminisced the journey from on-premises to the cloud and re-visited a favorite topic of mine – Co-management. I always wanted to re-create a table of the new Co-management capabilities like i did back in 2019 but instead of building a table – we automated it.

I hope the JSON is useful 🙂

Special thanks and credit to Ioan Popovici for the flags inspiration and my colleague Adam Cook for helping with hash tables 😍

(7358)

Ben Whitmore

Microsoft MVP - Enterprise Mobility, Microsoft Certified Trainer and Microsoft 365 Certified: Enterprise Administrator Expert. Community driven and passionate Customer Engineer Lead at Patch My PC with over 2 decades of experience in driving adoption and technology change within the Enterprise.

1 comment

Sponsors