All the ways to reset devices with Intune

Why have one when you can have seven? Microsoft loves ‘giving customers choice’ and resetting Intune-registered devices via the Microsoft Endpoint Manager admin centre is no exception. Let’s take a look.

Retire #

Removes any managed data and programs. Frustratingly the Office suite and any Win32 apps are left standing. You’re essentially just removing Intune management here. The device will be removed from the MEM portal after checking in.

Best for… personally-owned BYOD devices.

Do not use for corporate devices. A device provisioned for corporate use (for example, using Autopilot) will be left with no way to be signed into because it is no longer Azure AD joined and there is no local administrator.


Wipe #

Resets the OS, restoring to factory condition. The next user will be presented with the Windows out of box experience (OOBE).

Best for… lost or stolen devices.

Keep enrolment state and associated user account #

Optionally keeps the device enrolled in MDM and saves the primary user’s profile. MDM settings (including configuration profiles and programs) will still be removed. Effectively the same as choosing ‘keep my files’ when resetting Windows from Settings on the device.

Best for… nothing, as far as I can see.

Continue to wipe even if device loses power #

Performs a wipe and fully cleans the OS drive. Whereas a normal wipe can be bypassed by powering off, protected wipe will keep trying to reset until it’s successful.

Whereas the normal wipe will cancel and boot back to Windows if it detects that Windows Recovery Environment is disabled, protected wipe will go ahead. Windows then won’t be able to boot and you’ll need to re-image.

Best for… if the device is definitely lost or stolen and you don’t think it’ll be coming back (unless you don’t mind the effort of re-imaging Windows).


Delete #

Removes managed data and programs (except Office and Win32 apps) the same as retire but also removes the device record from the MEM portal without waiting for it to check in.

Best for… stale records where a device has already been retired or re-provisioned.

Do not use for corporate devices. See retire.


Fresh start #

Resets the OS, restoring to factory condition the same as wipe but also removes any pre-installed crapware from the OEM. You’re taking it back to the base Windows ISO.

Best for… if you’re selling the device and care about the owner not being drowned in crapware.

Retain user data #

Optionally keeps the device enrolled in MDM and saves user data. MDM settings (including configuration profiles and programs) will still be removed.


Autopilot reset #

Removes personal data, settings and programs but keeps the Azure AD connection and MDM enrolment. The OS drive isn’t wiped, rather the user profile is deleted (so user files stored outside their profile will remain). Also keeps region, language and keyboard settings.

Once complete, the new user skips the OOBE process and just sees the login screen. Autopilot reset is not Autopilot. The device is ready for use but because you don’t go back to the OOBE process, you can’t run Autopilot and the hardware hash isn’t sent to the Autopilot service.

Best for… re-issuing a device to a new user in your organisation.


Imagine him falling forward. That’s retiring a corporate device.

giphy.gif

 
6
Kudos
 
6
Kudos

Now read this

Removing /public/ from Snipe-IT URL when installing with Softaculous

Softaculous is great. It makes the installation of web-based applications [almost] as easy as downloading an app on your phone. This plug-and-play method can have disadvantages though… Snipe-IT is built to use the /public subdirectory as... Continue →