KB – Working commands if no user is logged on
The scenario is not quite “modern” but from time to time we have devices where no user is logged on and you still want to manage it.
The list is based on HUB 21.02 and also tested on 21.05 – later versions might change the behaviour.
First of all: only commands that are assigned to the device and not to the user are covered. User commands are only process when the enrollment user is logged on.
Profiles
| Name | Installed when no user is logged on | Comment |
| Password | Yes | Only if “Use Protection Agent” is disabled |
| Wi-Fi | Yes | |
| VPN | Yes | |
| Credentials | Yes | Also Certificate reporting works |
| Restriction | Yes | |
| Defender Exploit Guard | Yes | |
| Data Protection | Yes | |
| Windows Hello | Yes | |
| Firewall | Yes | |
| Encryption | No | |
| Anti-Virus | Yes | |
| Windows Updates | Yes | |
| Proxy | Yes | |
| OEM Updates | No | |
| SCEP | Yes | Also Certificate reporting works |
| Application Control | Yes | |
| Windows Licensing | Yes | |
| BIOS | No | |
| Kiosk | Yes | |
| Personalization | Yes | |
| Peer Distribution | No | |
| Unified Write Filter | Yes |
Custom Profiles
Custom Profiles are working as long as the target is set to OMA DM Client and not to Workspace ONE Intelligent HUB.
All profiles that are targeted to the HUB, are not working if no user is logged on.
Baselines
Baselines are only applied if a user is logged on.
Also Baseline compliance will only be reported if a user is logged on.
Applications
Application installation and also the installation status reporting works if no user is logged on.
Console Actions
Console Queries
| Query type | Works when no user is logged on |
| Device Security | No |
| Windows Information | Yes |
| Health Attestation | Yes |
| Available OS Updates | Yes |
| Hub Check In | No |
| Certificate List Sample | No |
| Security Information | Yes |
| Information | Yes |
| App List Sample – HUB | No |
| App List Sample – OMA-DM | No |
| Sensor | No |
| Workflow | No |
| Time Window | No |
Console actions
| Action name | Works when no user is logged on |
| Reboot | Yes |
| Enterprise Wipe | Yes |
| Device Wipe | Yes |
| Enterprise Reset | Yes |
| Request Device Log | Yes |
Product Provisioning
Product Provisioning only works when a user is logged on.
Scripts
Scripts only work when a user is logged on.
Certificates
Since certificate deployment works, also the revocation and renewal works if no user is logged on.
Remote Assist
Currently Remote Assist does not work if no user is logged on.
Summary
Right now everything that is targeted to the Intelligent HUB is not working when no user is logged on – while everything that is targeted to the native OMA-DM client is working regardless of the user status.
Empowering customers in client management since 2012.
Empowering customers in modern management since 2018.