SOLVED
Home

Unable to login to device after retiring from Intune

%3CLINGO-SUB%20id%3D%22lingo-sub-74090%22%20slang%3D%22en-US%22%3EUnable%20to%20login%20to%20device%20after%20retiring%20from%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-74090%22%20slang%3D%22en-US%22%3E%3CP%3EWin%2010%20machine%20(version%201703)%2C%20enrolled%20in%20MDM%2FIntune%20as%20a%20company-owned%20mobile%20device%20(joined%20to%20Azure%20AD)%2C%20nothing%20on%20premise%2C%20Intune%20still%20being%20managed%20on%20the%20classic%20portal%20(Silverlight%20based%20console).%20Machine%20gets%20orphaned%20as%20a%20result%20of%20being%20removed%20from%20management%2C%20with%20no%20way%20to%20login%20post-retirement.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESteps%20to%20reproduce%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20perform%20a%20Selective%20Retire%2FWipe%20of%20the%20device%20from%20the%20Intune%20console%3C%2FP%3E%3CP%3E-%20this%20leaves%20the%20machine%20with%20no%20means%20to%20login.%20The%20Azure%20AD%20account%20is%20still%20there%2C%20but%20in%20order%20to%20login%20it%20tells%20me%20now%20that%20a%20PIN%20must%20be%20setup%20(the%20PIN%20got%20removed%20as%20part%20of%20the%20retirement%20process).%3C%2FP%3E%3CP%3E-%20Logging%20in%20with%20the%20existing%20password%20no%20longer%20works%2C%20and%20there%20is%20no%20way%20to%20establish%20a%20PIN.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20I'm%20stuck%20with%20a%20machine%20with%20no%20way%20to%20login.%20There%20is%20no%20local%20user%20account.%20Any%20suggestions%20as%20to%20what%20I%20could%20do%20at%20this%20point%2C%20short%20of%20reformatting%2Freinstalling%20Windows%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBob%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-74090%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-250858%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20login%20to%20device%20after%20retiring%20from%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-250858%22%20slang%3D%22en-US%22%3EThanks%20a%20lot%20Bob%2C%20this%20workaround%20made%20my%20day!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-74247%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20login%20to%20device%20after%20retiring%20from%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-74247%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Allan.%20I%20actually%20found%20a%20different%20workaround%20that%20didn't%20require%20a%20full%20reset%2Frefresh%20of%20Windows.%20I%20restarted%20in%20%22Safe%22%20mode%20which%20magically%20creates%20a%20default%20Administrator%20local%20account.%20Once%20I%20was%20bootstrapped%20into%20that%20account%20I%20was%20on%20my%20merry%20way%20once%20again.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBob%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-74219%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20login%20to%20device%20after%20retiring%20from%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-74219%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Bob%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20new%20Azure%20Portal%2C%20this%20option%20is%20called%20'Remove%20company%20data'%20and%20the%20documentation%20says%20that%20this%20is%20not%20supported%20when%20the%20device%20is%20joined%20to%20Azure%20Active%20Directory.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fdevice-management%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fdevice-management%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ERemove%20company%20data%3C%2FSTRONG%3E%3C%2FP%3E%3CP%20class%3D%22lf-text-block%20lf-block%22%3ERemoves%20only%20company%20data%20managed%20by%20Intune.%20Does%20not%20remove%20personal%20data%20from%20the%20device.%20The%20device%20will%20no%20longer%20be%20managed%20by%20Intune%2C%20and%20will%20no%20longer%20be%20able%20to%20access%20corporate%20resources%20(not%20supported%20for%20Windows%20devices%20that%20are%20joined%20to%20Azure%20Active%20Directory).%3C%2FP%3E%3CP%20class%3D%22lf-text-block%20lf-block%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22lf-text-block%20lf-block%22%3EI%20always%20use%20the%20'Factory%20reset'%20option%20which%20does%20the%20same%20job%20as%20the%20'Reset%20this%20PC'%20option%20in%20Windows.%20Once%20the%20machine%20resets%2C%20you%20can%20join%20again%20to%20Azure%20AD%20or%20set%20up%20a%20local%20account.%3C%2FP%3E%3CP%20class%3D%22lf-text-block%20lf-block%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22lf-text-block%20lf-block%22%3EIt%20looks%20like%20you'll%20need%20to%20Reset%20the%20PC.%20You%20can%20hold%20down%20Shift%20on%20the%20lock%20screen%20and%20click%20Power%20%26gt%3B%20Restart%20to%20get%20started.%3C%2FP%3E%3CP%20class%3D%22lf-text-block%20lf-block%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22lf-text-block%20lf-block%22%3EHope%20this%20helps.%3C%2FP%3E%3CP%20class%3D%22lf-text-block%20lf-block%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22lf-text-block%20lf-block%22%3EAllan%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Win 10 machine (version 1703), enrolled in MDM/Intune as a company-owned mobile device (joined to Azure AD), nothing on premise, Intune still being managed on the classic portal (Silverlight based console). Machine gets orphaned as a result of being removed from management, with no way to login post-retirement.

 

Steps to reproduce:

 

- perform a Selective Retire/Wipe of the device from the Intune console

- this leaves the machine with no means to login. The Azure AD account is still there, but in order to login it tells me now that a PIN must be setup (the PIN got removed as part of the retirement process).

- Logging in with the existing password no longer works, and there is no way to establish a PIN.

 

So I'm stuck with a machine with no way to login. There is no local user account. Any suggestions as to what I could do at this point, short of reformatting/reinstalling Windows?

 

Bob

3 Replies

Hi Bob

 

In the new Azure Portal, this option is called 'Remove company data' and the documentation says that this is not supported when the device is joined to Azure Active Directory.

 

https://docs.microsoft.com/en-us/intune/device-management

 

Remove company data

Removes only company data managed by Intune. Does not remove personal data from the device. The device will no longer be managed by Intune, and will no longer be able to access corporate resources (not supported for Windows devices that are joined to Azure Active Directory).

 

I always use the 'Factory reset' option which does the same job as the 'Reset this PC' option in Windows. Once the machine resets, you can join again to Azure AD or set up a local account.

 

It looks like you'll need to Reset the PC. You can hold down Shift on the lock screen and click Power > Restart to get started.

 

Hope this helps.

 

Allan

Solution

Thanks Allan. I actually found a different workaround that didn't require a full reset/refresh of Windows. I restarted in "Safe" mode which magically creates a default Administrator local account. Once I was bootstrapped into that account I was on my merry way once again.

 

Bob

Thanks a lot Bob, this workaround made my day!
Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies