Sources:
https://docs.microsoft.com/nl-nl/intune/remote-actions/devices-wipe
https://docs.microsoft.com/en-us/intune/remote-actions/device-sync
https://docs.microsoft.com/en-gb/intune/remote-actions/device-fresh-start
https://www.petervanderwoude.nl/post/factory-reset-fresh-start-autopilot-reset-so-many-options/
Overview of all enrolled devices
If you select a device you get a overview
Retire
The Retire action removes managed app data (where applicable), settings, and email profiles that were assigned by using Intune. The device is removed from Intune management. This happens the next time the device checks in and receives the remote Retire action. The device still shows up in Intune until the device checks in. If you want to remove stale devices immediately, use the Delete action instead.
Retire leaves the user’s personal data on the device.
| Data type | Windows 10 |
| Company apps and associated data installed by Intune | Apps are uninstalled. Sideloading keys are removed. For Windows 10 version 1703 (Creators Update) and later, Office 365 ProPlus apps aren’t removed. Intune management extension installed Win32 apps will not be uninstalled on unenrolled devices. Admins can leverage assignment exclusion to not offer Win32 apps to BYOD Devices. |
| Settings | Configurations that were set by Intune policy are no longer enforced. Users can change the settings. |
| Wi-Fi and VPN profile settings | Removed. |
| Certificate profile settings | Certificates are removed and revoked. |
| Removes email that’s EFS-enabled. This includes emails and attachments in the Mail app for Windows. Removes mail accounts that were provisioned by Intune. | |
| Azure AD unjoin | The Azure AD record is removed. |
Wipe
The Wipe action restores a device to its factory default settings. The user data is kept if you choose the Retain enrollment state and user account checkbox. Otherwise, all data, apps, and settings will be removed.
| Retain enrollment state and user account | Checked | Not checked |
| Description | Wipes all user accounts, data, MDM policies, and settings. Resets the operating system to its default state and settings. | Wipes all user accounts, data, MDM policies, and settings. Resets the operating system to its default state and settings. |
| Retained during a wipe | Not retained | |
| User accounts associated with the device | User files | |
| Machine state (domain join, Azure AD-joined) | User-installed apps (store and Win32 apps) | |
| Mobile device management (MDM) enrollment | Non-default device setting | |
| OEM-installed apps (store and Win32 apps) | ||
| User profile | ||
| User data outside of the user profile | ||
| User autologon |
Delete
Delete devices from the Intune portal
Choose Devices > All devices > choose the devices you want to delete > Delete.
You might need to delete devices from Azure AD due to communication issues or missing devices. You can use the Delete action to remove device records from the Azure portal for devices that you know are unreachable and unlikely to communicate with Azure again.
Azure Active Directory > Users > Devices > choose the devices you want to delete > Delete
Sync
The Sync device action forces the selected device to immediately check in with Intune. When a device checks in, it immediately receives any pending actions or policies that have been assigned to it. This feature can help you immediately validate and troubleshoot policies you’ve assigned, without waiting for the next scheduled check-in.
Restart
The Restart device action causes the device you choose to be restarted. The device owner isn’t automatically notified of the restart, and they might lose work.
Fresh Start
The Fresh Start device action removes any apps that are installed on a PC running Windows 10, version 1703 or later. Fresh Start helps remove pre-installed (OEM) apps that are typically installed with a new PC.
AutoPilot reset
The AutoPilot reset action returns the device to a fully configured and/or IT-approved state. This removes personal files, apps, and settings, and applies the original settings and management settings, so the devices are ready to use. The management settings are coming straight from Azure AD and Intune device management.
| Retained during a AutoPilot reset | Not retained |
| Intune enrollment | Removes user data |
| Azure AD-join | Removes MDM policies |
| User accounts | Removes settings |
| Returns the device to the original settings and management settings | Removes installed apps |
Quick scan
Windows Defender quick scan looks at all the locations on the device where there could be malware registered to start with the system, such as registry keys and known Windows startup folders. A quick scan helps provide strong coverage for both malware that starts with the system and kernel-level malware.
Full scan
Windows Defender full scan checks all files and running programs on the device hard disk for malware. This scan could take longer than one hour.
Update Windows Defender
Windows Defender will update the malware definitions for this device.
Rename device
Enter a new name for this device and restart after rename.
Monitor
