This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 92%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Is there a policy available in Intune that can render specific devices unusable if they are wiped? Our objective is to prevent the unauthorised wiping of these devices and ensure that even if wiped, they cannot be reused by the user. Is this functionality feasible within Intune?
Hello Aran
Yes, you can achieve this functionality using Intune by utilizing the Endpoint security settings.
One way to prevent unauthorized wiping of devices and make them unusable is by enabling the "Device Lock" feature in Intune. Device Lock can prevent anyone from performing a factory reset on the device or wiping the device remotely. This can help ensure that even if a device is wiped, it cannot be reused by the user without the necessary credentials or actions from the IT administrator.
To enable Device Lock in Intune:
1. Sign in to the Microsoft Endpoint Manager admin center.
2. Go to Devices > Configuration profiles > Create profile.
3. Select the platform for the devices you want to configure (e.g., Windows, iOS, Android).
4. In the profile settings, look for options related to device security or security policies.
5. Enable the setting for Device Lock or Factory Reset Protection, depending on the platform.
6. Configure the policy settings to enforce Device Lock on the devices.
7. Assign the policy to the devices or groups of devices that you want to secure.
Hi There is require password to unlock but would this then stop the user using the device if they wipe it? What is preventing them of wiping then adding as lock which will then make it compliant?
If a device is locked with a password, wiping the device's data (factory reset) would remove the password requirement and allow the device to be set up as new. However, wiping the device may not resolve any compliance issues related to the device, especially if the original reason for non-compliance was not related to the password lock.
Here are some considerations regarding the device lock and compliance:
Password Lock: If a device is locked with a password and the user wipes the device, the password protection will be removed, allowing the device to be set up as new. This could potentially be used by a user to bypass the password requirement.
Compliance Policies: Compliance policies are typically enforced by an organization's Mobile Device Management (MDM) solution. Compliance issues could be related to various factors such as encryption status, device health, jailbreak/root detection, app protection policies, etc. Wiping the device may not automatically resolve these compliance issues unless the underlying cause is resolved.
Prevention of Wiping: Some MDM solutions offer the ability to prevent users from wiping the device or performing a factory reset without proper authorization. This feature helps in safeguarding corporate data and maintaining compliance standards.
Re-enrollment: After wiping the device, the user may need to re-enroll the device in the organization's MDM solution to ensure compliance policies are re-applied. The user may not be able to add a lock screen if compliance policies require specific security measures.
Thank you for your response. In my current situation, My idea is to render the device non-compliant following a wipe, thereby preventing the user from accessing it. This action would serve as a deterrent for future attempts at wiping the device. Given that we utilise Intune as our MDM solution, I'm seeking guidance on the most effective method to address this issue. Do you think implementing a policy that prohibits device reset is a viable alternative to achieve our objective? If this policy exists
Preventing Device Reset: You can create a device restrictions profile in Intune to block users from wiping or performing a factory reset on the device. This effectively prevents them from erasing the device and starting fresh. Specifically, you’ll want to configure the “Phone reset” setting to block device resets. By default, this setting is set to “Not configured”, which allows users to perform resets. However, when you set it to “Block”, users won’t be able to wipe the device1. Additionally, you can hide the “Reset device” button in the Company Portal for your users. This can be done through the Intune setting: Tenant Administration > Customization > Configuration > Hide reset button on corporate Windows devices = Yes
here is the link
https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure
How do I do this in device restrictions?
We want them to stop going into recovery mode to reset it