Getty Images/iStockphoto

Tip

How to remove a device from Intune enrollment

When a device reaches its end of life, IT needs to remove that device from any management software, such as Microsoft Intune. But there are several removal options to learn.

Any Windows device management plan must account for the complete lifecycle of the device from purchase to retirement.

Beyond end of life, IT departments may need to perform similar functions to protect corporate data on lost or compromised devices. As such, organizations that use Microsoft Intune to manage Windows endpoints should learn the options for retiring and removing devices from Intune's management.

The 5 ways to remove Windows devices from Microsoft Intune

Before IT admins remove or retire Windows devices from Microsoft Intune, they should learn the different options to achieve that. IT has several options for removing Windows devices from Intune, and all of these options have their own pros and cons. Often, the best option depends on the reason for removing that specific device. For Windows devices, the following options are available:

  1. Autopilot reset. IT can use the Autopilot reset action to reset Windows devices and to restore those devices to their original settings. Besides that, it removes personal files, apps and settings but maintains the connections with Microsoft Entra ID and Microsoft Intune.
  2. Delete. Admins can use the Delete action to directly remove Windows devices from Microsoft Intune.
  3. Fresh Start. Intune administrators can use the Fresh Start action to reinstall the latest version of Windows on those devices and to remove apps that were initially installed by the manufacturer. Besides that, it removes all data and settings.
  4. Retire. IT teams can use the Retire action to remove a Windows device from Microsoft Intune. Besides that, it leaves Windows intact and only removes the corporate data and apps.
  5. Wipe. The Wipe action, also known as the Factory reset action, restores Windows devices to their factory default settings. Besides that, it removes all data and settings, unless specified to do otherwise.
The most important and direct effect of removing a user from Intune is that the user isn't able to access corporate data via that device.

How to remove Windows devices from Microsoft Intune

Within Microsoft Intune, there are two different approaches to remove Windows devices, and each of these approaches can account for the five types of device removal.

Either the IT administrator can remotely trigger an action to remove the device via Intune, or the user can locally trigger an action to remove the device.

Removing Windows devices from Microsoft Intune as an IT administrator

The first option for removing Windows devices from Microsoft Intune is as an IT administrator. The IT administrator can remotely trigger any of the earlier described actions by using the Microsoft Intune admin center portal:

  1. Open the Microsoft Intune admin center portal, and navigate to Devices > Windows.
  2. On the Windows | Windows devices page, select the device that should be removed from Microsoft Intune.
  3. Select the remote action by choosing the action that is applicable to the scenario for removing that device from Microsoft Intune (Figure 1).

    The Intune admin center showing the details of a specific Windows device
    Figure 1. The Microsoft Intune admin center with a specific device selected and several removal options highlighted
  4. Depending on the desired removal action, admins need to complete the requisite follow-up actions:
    1. Autopilot reset. When performing an Autopilot reset action, click Yes to confirm the action.
    2. Delete. When performing a Delete action, click Yes to confirm the action.
    3. Fresh Start. When performing a Fresh Start action, choose whether or not to retain the user data, and click Yes to confirm the action.
    4. Retire. When performing a Retire action, click Yes to confirm the action.
    5. Wipe. When performing a Wipe action, choose the type of wipe action that should be performed, and click Yes to confirm the action.

Removing Windows devices from Microsoft Intune as a user

The second option for removing Windows devices from Microsoft Intune is a device's user triggering the action. For this option, one prerequisite is that the IT department has not blocked users from unenrolling devices from Intune. When the user is allowed to perform this action, the user can enact the following steps to remove the device from Microsoft Intune:

  1. Open the Settings app, and navigate to Accounts > Access work or school.
  2. On the Access to work or school page, select the connected account that should be removed, and click Disconnect (Figure 2).
  3. On the confirmation dialog box, select Yes to confirm the removal of the device.
The Company Portal showing a user's access to device settings
Figure 2. A user's Company Portal interface with the ability to change device management status blocked by IT

Besides directly using the Settings app, the user could also use the Company Portal app to remove their Windows device from Intune. This approach also requires that IT has not blocked the option to remove.

What does removing a device from Intune do?

The most important and direct effect of removing a user from Intune is that the user isn't able to access corporate data via that device. Besides that, that device is no longer available in the Company Portal app for the user, and the user isn't able to install any corporate apps on it.

The Company Portal app saves personal information related to the user. This information is not something that can directly identify the user, but it contains diagnostic logs and the application cache. Those diagnostic logs contain standard app activity data, such as how long the app was open and if the app has crashed. The application cache contains support files that are required for the app to function correctly. To ensure that all of this information is removed, either uninstall the Company Portal app, or reset the Company Portal app.

Peter van der Woude works as a mobility consultant and knows the ins and outs of the ConfigMgr and Microsoft Intune tools. He is a Microsoft MVP and a Windows expert as well.

Dig Deeper on Windows OS and management