Event banner
Event details
MicrosoftFor Intune managed devices, wiping the device by sending a reset to it is the best path. ConfigMgr has direct capability to do this though although with a little creativity and assuming you have a CMG implemented, you could send a device reset command using a package.
Wiping is a reactive action though (and requires that the device is online at some point which is generally unlikely with a lost or stolen Windows device). Ensuring that BitLocker is enabled on devices is the proactive path as this prevents malicious users from accessing data on the device.
Is there a specific angle or caveat that you are curious about here?
I didn't ask the original question but wanted to add our angle here - in the past we've attempted to use Intune to wipe a Windows device that a terminated employee has not returned. As far as I can remember it has never succeeded, because the logged-in user account has been disabled, because they are no longer an employee. Is there any way for Intune to successfully wipe a Windows device in this scenario, or am I misunderstanding the reason for the failure?
- Jason_Sandys
This is a slightly different scenario as it involves a willfully malicious user in which case there is very little that can be done to prevent the user from using the device and accessing data on it as they can simply disconnect it from the Internet and disable any management capabilities. When this happens, other controls are necessary to control data including things like rights management to ensure data stored on the device is still protected. There are solutions from hardware vendors and other partners that can help with this scenario, but it truly needs to be handled at a layer below the OS that we have no direct control of or over other than protecting the data itself using Azure Rights Management as noted.