Personal Device Offboarding Procedure

This admin procedure will provide background information on the steps to offboard personal devices associated with an Azure AD user using Intune.

This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

Retire Device Action

By using the Retire or Wipe actions, you can remove devices from Intune that are no longer needed, being repurposed, or missing.

 

Retire

The Retire action removes managed app data (where applicable), settings, and email profiles that were assigned by using Intune.

The device is removed from Intune management.

Removal happens the next time the device checks in and receives the remote Retire action.

The device still shows up in Intune until the device checks in.

If the device is on and connected, the Retire action propagates across all device types in less than 15 minutes.

Retired devices might not be automatically deleted resulting in the device record remaining in Intune for 180 days unless issued a Delete action.

 

Effect of the Retire action on data that remains on the device.

When you use the Retire device action, the user's personal data is not removed from the device.

Note

For Windows 10 devices that join Azure AD during initial Setup (OOBE), the retire command will remove all Azure AD accounts from the device.

 

Procedure Scope: Administrators

Required Group Membership: Admin.DeviceSecurity

 

Personal Device Offboarding

  1. Prior to initializing a retire action on a personal device, we will want to locate all devices associated with the user account; this will cover all bases of removing corporate data from all Azure AD devices as well as mobile devices.
  2. Navigate to Users – Azure Active Directory, locate the user account that needs to be offboarded from your corporate environment.
  3. From the overview page, select Devices. Here we will take note of both Azure AD joined and Mobile Devices. These will be used when we navigate to the Intune portal momentarily.
  4. Navigate to Devices – Intune, locate the device that needs to be offboarded from Intune Management.
  5. From the device overview page, select Retire. A prompt will display asking for your approval, outlining that corporate data will be removed from the device while personal data remains intact. Select Yes to initiate the action, this should take about 15 minutes to carry out the Retire process.
  6. If everything goes accordingly, you should receive a notification that the initialization process was successful.
  7. On an additional note, if you have any line of business applications such as an MDR agent or specialized software for a job task, you will have to take additional hands-on keyboard steps to make sure that those applications are no longer accessible on the device.

  8. Lastly, navigate to App Selective Wipe – Intune, this will cover the last base of removing corporate data from the captured mobile device associated with the user. Select Create Wipe Request to begin.
  9. Select User, a pop-out will be displayed use the search bar to locate the account. When complete hit Select to go back to the main area where the mobile device associated with the account will now be listed.
  10. Select the box to confirm that you want to wipe corporate app data from the listed device and hit Create to finalize the process.

You're Finished!

You should have successfully offboarded the personal owned Azure Ad joined devices and successfully carried out the corporate data wipe on corporate scoped mobile application for the associated mobile device linked to the user. For any other problems or questions, reach out to us!