How to automatically cleanup devices in Microsoft Intune

If you as an IT admin are using Microsoft Intune for a while, the chance is quite big that you will see devices that are not checked in for a very long time. Often these are devices that are no longer in use or whose device management has been manually removed. By default Microsoft Intune will remove every device that not checked in for over 270 days.

This is too long for most IT admins that want’s a clear overview of active devices currently managed by Microsoft Intune. Therefor Microsoft has released the “Device cleanup” feature back in July, 2018.

In this blog I will show you how to config “Device cleanup” and what you have to take into account.

How to setup Microsoft Intune Device Cleanup

Navigate to: Microsoft Intune > Devices > Device cleanup rules

Here you can configure the device cleanup rules.

Set Delete device based on last check-in date to Yes. Next to Delete devices that haven’t checked in for this many days, enter the number of days after which devices must be deleted automatically. It must be a value between 90 and 270 days.

What happens on the device after a Device Cleanup in Intune?

It’s good to know that actually nothing will happen on the device itself. All policies and apps will stay on the device. To make sure that company data is no longer accessible from the device, make sure you have Conditional Access policies in place for Office 365 Exchange Online and SharePoint/OneDrive. After a Device Cleanup the device is no longer in management by Microsoft Intune and therefor is Not Compliant. Make sure you make that a requirement for access company data.

Intune App Protection – Conditional Launch

If using Intune App Protection policies for Intune managed applications like the Microsoft Office applications, you can also configure Conditional launch. With Conditional launch you can configure that after a certain days the data will be automatically wiped. You can do that via the Offline grace period. Configure the amount of days in the value field and configure Wipe data in the action field as you can see in screenshot below.

About Robin Hobo

I work as a Senior Solution Architect with focus on the Modern Workspace. I am specialized in Azure Virtual Desktop (AVD), Windows 365 and Microsoft EM+S (including Microsoft Endpoint Manager - Microsoft Intune).

For my full bio, check the About Me page.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close