Event details

This AMA is designed for IT teams looking to cut through the noise and gain clearer insight into what’s really happening across their device estate. You can’t secure or manage what you can’t fully...
Heather_Poulsen
Updated Jun 19, 2026
AMA
Tech Community Live
SCawed's avatar
SCawed
Copper Contributor
Jun 23, 2026

Inactive devices in our tenant are deleted after 6 months,

If we have a device that was lost or stolen. What is the best way to approach this scenario on laptops, ios devices, and android devices?

Goal is to make the device unusable by whoever has it, like lock it on the user enrollment screen until a valid azure admin account is used to (re)enroll.

  • SCawed's avatar
    SCawed
    Copper Contributor
    Jun 23, 2026

    Thanks for the responses. The tricky part is if device is auto-deleted after 6 months. We auto delete because inactive devices lowers our defender score, clutters the our portal, etc.

    Example, we had a lost iOS device suddenly resurface on intune after 1 year. It looks to have been factory reset using DFU mode. so they were able to get to the home screen, but not enroll so no access to company resources. I was able to place it on lost mode, but thief did another DFU reset (i think) and so I lost mode it again.

    It was whack a mole until they gave up. I've since created an iOS enrollment profile that places the device in single app mode (comp portal) when it auto pilots, and moved lost devices to this profile. That way thieves can not use it at all. 

    I was curious if this approach can be done on Windows devices, and Android.

  • Abigail_Stein's avatar
    Abigail_Stein
    Icon for Microsoft rankMicrosoft
    Jun 23, 2026

    For Android devices, you'll also want to take a look at the available device actions. Depending on the scenario, actions such as Delete, Remote Lock, Retire, and Wipe may be appropriate.

  • David_Guyer's avatar
    David_Guyer
    Icon for Microsoft rankMicrosoft
    Jun 23, 2026

    SCawed​ ,

    The place to look is at device actions.  Select the device under Devices, and then when the device page comes up the Overview page has a bar at the top of the actions you can take, which depends on the OS.  For example, for Windows, you can initiate a Wipe, and even unenroll the device from Intune, and there's additional options.  You can also rotate local admin passwords, do an autopilot reset, or try to locate the device... all potentially useful tools for lost devices.

    I do recommend testing these options before you need them to ensure you are familiar with how they work and their device impact.

    HTH,

    -David Guyer
    Principal Product Manager - Intune

  • Mike-Danoski's avatar
    Mike-Danoski
    Icon for Microsoft rankMicrosoft
    Jun 23, 2026

    It varies based on the platform but you can see the available remote actions here:
    Device Actions - Wipe, Lock, Locate, and More - Microsoft Intune | Microsoft Learn

    Things like lost mode on iOS or autopilot restart for Windows could get the device into a state where an unauthorized user is unable to use the device. For some of these actions, the user can initiate an action through personal device methods: Find and lock a lost Windows device | Microsoft Support