Home

What does disabling an Azure AD device actually do?

%3CLINGO-SUB%20id%3D%22lingo-sub-217272%22%20slang%3D%22en-US%22%3EWhat%20does%20disabling%20an%20Azure%20AD%20device%20actually%20do%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-217272%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20a%20AAD%20only%20org%2C%20with%20Windows%2010%20Enterprise%20computers%20all%20Azure%20AD%20joined%20and%20managed%20by%20Intune%2C%20exactly%20what%20does%20%22disabling%22%20the%20device%20via%20the%20AAD%20Portal%20--%26gt%3BDevices--%26gt%3BSelect%20a%20device--%26gt%3BDisable%20do%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20seems%20to%20have%20absolutely%20no%20impact%20on%20our%20devices'%20abilities%20to%20continue%20to%20login%20to%20AAD%2C%20and%20access%20Office%20365%20apps%2Fservices%2C%20for%20example.%20Perhaps%20I%20naively%20assumed%20that%20disabling%20a%20device%20actually%20meant%20that%20it%20would%20be%20disabled%20in%20the%20sense%20that%20you%20couldn't%20login%20to%20your%20org%20via%20AAD%20login%2C%20or%2C%20even%20if%20you%20were%2C%20you%20wouldn't%20be%20able%20to%20do%20anything%20that%20required%20AAD%20-%20which%20in%20my%20mind%20includes%20Office%20365.%20Am%20I%20mistaken%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EBob%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-217272%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-356203%22%20slang%3D%22en-US%22%3ERe%3A%20What%20does%20disabling%20an%20Azure%20AD%20device%20actually%20do%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-356203%22%20slang%3D%22en-US%22%3E%3CP%3EBase%20on%20this%20article%2C%20it%20takes%20update%20to%201%20hour%26nbsp%3B%3CSPAN%3Efor%20a%20revoke%20to%20be%20applied%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Ffaq%26nbsp%3B%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Ffaq%26nbsp%3B%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EQ%3A%20Why%20can%20a%20user%20still%20access%20resources%20from%20a%20device%20I%20disabled%20in%20the%20Azure%20portal%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EA%3A%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EIt%20takes%20up%20to%20an%20hour%20for%20a%20revoke%20to%20be%20applied.%3C%2FP%3E%0A%3CDIV%20class%3D%22alert%20is-info%22%3E%0A%3CP%20class%3D%22alert-title%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3ENote%3C%2FP%3E%0A%3CP%3EFor%20enrolled%20devices%2C%20we%20recommend%20that%20you%20wipe%20the%20device%20to%20make%20sure%20users%20can't%20access%20the%20resources.%20For%20more%20information%2C%20see%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fintune%2Fdeploy-use%2Fenroll-devices-in-microsoft-intune%22%20data-linktype%3D%22external%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EWhat%20is%20device%20enrollment%3F%3C%2FA%3E.%3C%2FP%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-271951%22%20slang%3D%22en-US%22%3ERe%3A%20What%20does%20disabling%20an%20Azure%20AD%20device%20actually%20do%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-271951%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3Enow%20I'm%20forced%20to%20learn%20how%20Azure%20works%20to%20consult%20our%20clients..%3C%2FP%3E%3CP%3EI'm%20not%20very%20good%20in%20Azure%20skills%20and%20also%20need%20to%20know%20this%20mistery%20-%20to%20what%20type%20of%20resourses%20the%20user%2Fdevice%20must%20lost%20an%20access%20after%20device%20disabling%20in%20Azure%3F%20Obviously%2C%20that's%20not%20a%20loss%20of%20login%20to%20azure%20portal%20or%20o365%20apps%20using%2C%20nor%20on-premises%20login%20or%20e.g.%20shared%20folders%20using.%20So%20what%20it%20could%20be%3F%20Any%20ideas%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERoman%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-944214%22%20slang%3D%22en-US%22%3ERe%3A%20What%20does%20disabling%20an%20Azure%20AD%20device%20actually%20do%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-944214%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F11453%22%20target%3D%22_blank%22%3E%40Yinghua%20Zeng%3C%2FA%3E%2C%20in%20an%20hour%20someone%20can%20copy%20all%20my%20data...%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

In a AAD only org, with Windows 10 Enterprise computers all Azure AD joined and managed by Intune, exactly what does "disabling" the device via the AAD Portal -->Devices-->Select a device-->Disable do?

 

It seems to have absolutely no impact on our devices' abilities to continue to login to AAD, and access Office 365 apps/services, for example. Perhaps I naively assumed that disabling a device actually meant that it would be disabled in the sense that you couldn't login to your org via AAD login, or, even if you were, you wouldn't be able to do anything that required AAD - which in my mind includes Office 365. Am I mistaken?

 

Thanks,

Bob

3 Replies
Highlighted

Hi,

now I'm forced to learn how Azure works to consult our clients..

I'm not very good in Azure skills and also need to know this mistery - to what type of resourses the user/device must lost an access after device disabling in Azure? Obviously, that's not a loss of login to azure portal or o365 apps using, nor on-premises login or e.g. shared folders using. So what it could be? Any ideas?

 

Roman

Base on this article, it takes update to 1 hour for a revoke to be applied

 

https://docs.microsoft.com/en-us/azure/active-directory/devices/faq 

 

Q: Why can a user still access resources from a device I disabled in the Azure portal?

A: It takes up to an hour for a revoke to be applied.

 Note

For enrolled devices, we recommend that you wipe the device to make sure users can't access the resources. For more information, see What is device enrollment?.

@Yinghua Zeng, in an hour someone can copy all my data...

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies