Cleanup Intune profiles and policies

Brass Contributor

We have come across an issue where a desktop support person was logging into each windows device that they were deploying which assigned them as the primary user on the device.  I ran a script to switch the primary user to the last logged on user which cleaned up the devices and assigned them corrcetly but now the polcies and profiles are a mess.  Most of our polcies and profiles are user based and when I changed the primary user, it left his polcies and profiles on the device.

How do I purge their policies and profiles on these devices.  could it be his work profile is also still assigned on this device?

6 Replies
Hi,
Hi, good morning
Intune profiles--> Windows profiles.. When a user logs in a device... and even when the user is removed the old profile just sits and stays there on the device...
If there is data in it you want to remove, create a powershell script which tries to find the specific user folder first... if it exists... it removes it... (as the userprofile also contains the policies/register settings.. they are also removed)
Or did I get the question wrong :) ?
I didnt think the user profile on the machine was associated with the intune Device Compliance, Device COnfig, and ES Config. I went ahead and pulled the previous user profile off the machine and performed a sync, but the policies and configurations are still applying.
It depends on what was configured..

Device policies...
User policies

Could you take a look at what registry keys are still present inside the policymanager registry key?
Figured out the best way to handle this. Delete the Windows Device from AAD and MEM and wait for it to re-sync. cleans up the any MEM policies and profiles. Just made it a practice for our desktop team to do this before they deploy new or redeploy any Windows device.
SO you need to add the device manually back to aad? isn't autopilot reset not a better option
https://call4cloud.nl/2021/04/to-retire-or-not-to-wipe/#part5

When we need to reassign a existing device to a new user we are always choosing an autopilot reset.
These are hybrid devices. By deleting them in AAD and MEM, they will be autocreated back into AAD and MEM clean. Bit of a pain to do when we switch or deploy pc's, but it seems to work.