Remote actions for an end user with Intune

There are several remote actions for an end user that affect his devices and involve Intune or Azure AD. This short post will give an overview about the capabilities. Mainly there are the following portals:

My Account — Devices

  • Disable the device (which will prevent the device authenticating via Azure AD and revoke the Primary Refresh Token) More info
  • View Bitlocker Keys of the device in case an end user needs to unlock the drive with the recovery key (Hint: you can Block users from viewing their BitLocker keys)
My Account, Devices

Company Portal Online — Devices

  • Rename or
  • Reset a device
  • Check status to verify the compliance state
Company Portal Online, remote device action

Looking into the remote reset

Reset prompt

Shortly afterwards if you want to open the Company Portal on that respective device you have chosen for a remote reset:

Company portal notification/error

On the next sync schedule or when performing a manual sync, the device will approach for a reset:

Device reset

Note during this:

  • The Intune object will get deleted and recreated
  • The Azure AD device object will preserve
  • After the reset, the user needs to authenticate in the OOBE to setup his device during an Enrollment Status Page (ESP). Sidenote: I have not tested it, but I assume with a Self-Deploying profile you might not need to authenticate.


-- | #EnterpriseMobility #Security #MEM #ModernWorkplace

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store