Event details
Inactive devices in our tenant are deleted after 6 months,
If we have a device that was lost or stolen. What is the best way to approach this scenario on laptops, ios devices, and android devices?
Goal is to make the device unusable by whoever has it, like lock it on the user enrollment screen until a valid azure admin account is used to (re)enroll.
Thanks for the responses. The tricky part is if device is auto-deleted after 6 months. We auto delete because inactive devices lowers our defender score, clutters the our portal, etc.
Example, we had a lost iOS device suddenly resurface on intune after 1 year. It looks to have been factory reset using DFU mode. so they were able to get to the home screen, but not enroll so no access to company resources. I was able to place it on lost mode, but thief did another DFU reset (i think) and so I lost mode it again.
It was whack a mole until they gave up. I've since created an iOS enrollment profile that places the device in single app mode (comp portal) when it auto pilots, and moved lost devices to this profile. That way thieves can not use it at all.
I was curious if this approach can be done on Windows devices, and Android.