Intune/AutoPilot Cleanup/Fresh Start Queries

James Edmonds 816 Reputation points
2021-07-22T14:43:31.05+00:00

Hi,

My predecessor was toying with Intune, AutoPilot and ConfigManager. He never really followed through on any one of those things and has left a few little remnants I'd like to clean up before I finish off those projects.

I am therefore hoping someone can advise me accordingly on several queries;

  1. There are two autopilot devices that are in active use. I assume I cannot delete these from being autopilot devices in endpoint manager without impacting the end users, and they would need to be returned and reset after deleting as autopilot devices?
  2. I have a device that shows up in Azure AD as an autopilot device, that does not appear as an autopilot device in endpoint manager. Is there a way I can restore its status so it shows as a normal, not-autopilot device (I believe this device is in active service)?
  3. As we use Azure AD Connect to sync computer objects, I am finding a handful of Azure AD devices listed, that no longer exist on premise. Does AADC not delete devices from Azure AD when they are deleted from on-prem AD? Additionally, does AADC rename computer objects in Azure if renamed on-prem?
  4. I have devices listed in Azure AD with their MDM as System Center Config Manager. We do not have any existing on-prem Config Manager deployment, so can I safely delete these from Intune and will this update the MDM listed in Azure AD to "None"?
  5. I have a device in Azure AD showing MDM as Config Manager, but it does not appear in Intune. How can I correct its state to be just "None"?
  6. Similarly, I have multiple devices in Azure AD whose MDM show as Intune, yet they do not appear in Intune. How can I revert their MDM state to "None"
  7. Lastly, for those devices in a weird state, can I simply delete them from Azure AD, and will AADC correctly recreate them during its next sync if they still exist on premise?

Sorry to put them all into one topic, but it's all part and parcel of the same cleanup exercise.

Thanks
James

Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
462 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,885 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,351 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,990 questions
0 comments No comments
{count} vote

2 answers

Sort by: Most helpful
  1. Jarvis Sun-MSFT 10,191 Reputation points Microsoft Vendor
    2021-07-23T07:19:42.683+00:00

    @James Edmonds Thanks for posting in our Q&A.
    From your description, I know that we are working on cleaning and resetting some autopilot devices. If there is any misunderstanding, please feel free to let us know. As far as i know, you can manage devices for your organization and apply an Autopilot deployment profile to your devices.

    Fore more information about Windows AutoPilot, in combination with Microsoft Intune and the different configuration options, please refer to:

    Overview of Windows AutoPilot: https://learn.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot

    Manage Windows device deployment with Windows AutoPilot Deployment: https://learn.microsoft.com/en-us/microsoft-store/add-profile-to-devices

    Delete an Azure AD device: https://learn.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal#delete-an-azure-ad-device

    Windows Autopilot Reset: https://learn.microsoft.com/en-us/mem/autopilot/windows-autopilot-reset


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. JayK 1 Reputation point
    2022-02-17T07:20:51.25+00:00

    I'm still new to this. I don't work at MS. Here's my understanding:

    1. I think you can technically remove them from the autpilot devices list, but I air on the safe side. If it is in service, thenn I'd suggest that you just leave it in that list. It is possible to do autopilot remotely if you have the HWID, and it sounds like you're hybrid. So, you'd need VPN before Windows login to autopilot offsite. It's doable, but easier onsite.
    2. No. If it is not in the Intune Devices or Autopilot Devices lists, then the only way to get it out of that locked state is to delete it from on-prem AD and AADC will sync that change. Why worry about it though?
    3. Deletes should replicate from AD to AAD (one way). I'm pretty sure that you can delete from AAD without worry, and anything that is on-premise will re-sync with AAD... BUT, check the registration type to be sure it's a hybrid joined device, and not just a registered device. If it's the latter, then it could be a personal device and deleting it could disconnect them.
    4. I'm less sure about this one. I'm always hesitant deleting things when I don't know where it came from. Are they personal devices? Guest devices managed by config mgr at another company?
    5. I think you can safely delete it from AAD (especially after hours) and AADC will sync it back. This should probably clear the wrong MDM.
    6. Same answers apply. Again, be sure they aren't guest devices only "registered" in your tenant, but managed by another Intune MDM? If you delete, are you cutting off their access?
    7. Yes. Best to do after hours when possible.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.