This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 76%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
When we run a report of all devices in InTune, there are often numerous with no recent check in activity (often several months or longer). I am trying to determine the best practice to handle these devices, assuming they may actually represent old hardware no longer in active use.
In classic on-prem AD if you had equivalents for say office based workstation, there was often a process to disable the computer objects in AD after a set period of no recent login activity. What could/should be done with equivalents in say Android mobile devices in InTune?
And more specifically, what if any are the risks in just leaving the unused/possibly disposed of devices in InTune?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@crib bar Thanks for posting in Q&A. Based on the information provided, it is important to ensure that devices periodically check in with the Intune service to maintain access to protected corporate resources. If a device has not checked in for several months or longer, it may be inactive or no longer in use. In order to maintain the security of the environment and focus resources on managing active devices, it is recommended to remove stale or unused devices.
For Android mobile devices in Intune, you can use the Inactive Devices Report to identify inactive or stale devices. The Microsoft Learn article titled "How To: Manage stale devices in Azure AD" provides steps for efficiently managing stale devices in your environment, which can also be applied to Android devices managed in Intune. One option is to retire or delete stale or unresponsive devices that have not checked in for a certain period of time.
Leaving unused or possibly disposed of devices in Intune poses potential security risks such as the devices being compromised or used to access corporate resources. It is important to ensure that all devices are managed properly to maintain the security of your environment. Therefore, it is recommended to periodically remove any stale or unused devices from Intune.
References:
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
And more specifically, what if any are the risks in just leaving the unused/possibly disposed of devices in InTune?
Devices that don't check-in will become inactive after a period of time before finally becoming stale. You can enable device clean-up to delete all Intune device stale objects.