When a user no longer needs to use devices managed by Microsoft Intune, there are several best practices to consider depending on whether you are deleting the user from Azure Active Directory (Azure AD) or need to keep the user present for other purposes. In this post, we’ll review the steps to take to ensure an offboarded user cannot add new devices, and help clean up your Intune datasets more quickly.
If you are ready to completely remove a user from Azure AD (for example, if a user leaves the organization or you are removing a service account), there are a few steps to remember.
Once the user is deleted from Azure AD, Microsoft Endpoint Manager will automatically remove the user from any Intune reports, device enrollment manager (DEM) accounts, or other configurations.
If you plan to preserve a user’s account in Azure AD (for example, for a legal compliance period or to use a service account for a different workload.), but do not intend for them to enroll devices or otherwise access device management, there are several more considerations.
We hope you’ve found this review helpful as you manage your organization’s users. If you have any questions or feedback, comment on this post or reach out to @IntuneSuppTeam on Twitter.
Post updates:
03/20/23: Updated to clarify the steps under the "Deleting a user" section. Thanks for the feedback!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.