Win 10 machine (version 1703), enrolled in MDM/Intune as a company-owned mobile device (joined to Azure AD), nothing on premise, Intune still being managed on the classic portal (Silverlight based console). Machine gets orphaned as a result of being removed from management, with no way to login post-retirement.
Steps to reproduce:
- perform a Selective Retire/Wipe of the device from the Intune console
- this leaves the machine with no means to login. The Azure AD account is still there, but in order to login it tells me now that a PIN must be setup (the PIN got removed as part of the retirement process).
- Logging in with the existing password no longer works, and there is no way to establish a PIN.
So I'm stuck with a machine with no way to login. There is no local user account. Any suggestions as to what I could do at this point, short of reformatting/reinstalling Windows?
Removes only company data managed by Intune. Does not remove personal data from the device. The device will no longer be managed by Intune, and will no longer be able to access corporate resources (not supported for Windows devices that are joined to Azure Active Directory).
I always use the 'Factory reset' option which does the same job as the 'Reset this PC' option in Windows. Once the machine resets, you can join again to Azure AD or set up a local account.
It looks like you'll need to Reset the PC. You can hold down Shift on the lock screen and click Power > Restart to get started.
Thanks Allan. I actually found a different workaround that didn't require a full reset/refresh of Windows. I restarted in "Safe" mode which magically creates a default Administrator local account. Once I was bootstrapped into that account I was on my merry way once again.
Best Response confirmed by
Bob Manjoney (Frequent Contributor)