Offboarding Devices

  • 2 minutes to read

When offboarding corporate devices, the recommendation is to wipe the device before deleting the device from Intune and Azure AD. This will ensure that all company data is removed. Proper hardware sanitation is still required.

When offboarding personally owned devices, the recommendation is to retire the device. This will ensure that company data is properly removed from the device before automatically deleting the device after the next check in.

Remove the device from Autopilot (GCC Only)

  1. Sign into Intune Admin Center (GCC)
  2. Click “Devices” -> “Enroll devices” -> “Devices” under “Windows Autopilot Deployment Program”.
  3. Search for device by serial number.
  4. Once the device has been located, click the three elipses, then “Unassign user”.
  5. Check the box next to the device, then click “Delete”.

    It can take up to 24 hours for deleteion to fully propagate. If the device is reset prior to the deletion fully propagating, the device may rejoin the domain.

Wiping a device

Wiping a device through Intune will wipe all user accounts, data, MDM policies, and settings. Resets the operating system to its default state and settings.

  1. Sign into Intune Admin Center (GCC) or Intune Admin Center (GCCH)
  2. Click “Devices” -> “All Devices”.
  3. Search for device needing to be wiped.
  4. Click “Wipe”
  5. Leave box for “Retain enrollment state and user account” unchecked.
  6. Status of the “Wipe” command can be seen in the device overview page.

Retiring a device

Retiring a device in Intune will remove managed app data (where applicable), settings, and email profiles that were assigned by using Intune. Removal happens the next time the device checks in and receives the remote Retire action.

  1. Sign into Intune Admin Center (GCC) or Intune Admin Center (GCCH)
  2. Click “Devices” -> “All Devices”.
  3. Search for device needing to be retired.
  4. Click “Retire”

Delete a device from Intune

Deleting a device out of Intune before you wipe the device will remove users access to company resources, however devices may still retain installed applications and associated data.

  1. Sign into Intune Admin Center (GCC) or Intune Admin Center (GCCH)
  2. Search for device needing to be delete.
  3. Click Delete.

Delete a device from Azure AD

Deleteing a device out of Entra ID will remove the users access to company resources, however this will not remove the device from Intune management.The device will still need to be deleted out of Intune.

  1. Sign into Entra ID (GCC) or Entra ID (GCCH)
  2. In the search bar at the top of the Azure portal, enter “Microsoft Entra ID.”
  3. Click “Devices” -> “All Devices”.
  4. Search for device needing to be deleted.
  5. Click Delete.