Best Guide to Remote Lock Devices using Intune

Hola, I’m back with a new article on Best Guide to Remote Lock Devices using Intune. This article will discuss the steps and when to Lock Mobile Devices using Intune remotely. The remote lock option is very helpful in case of the device is lost or stolen.

Intune provides admins with many remote actions that can be performed remotely on enrolled devices. Remote Lock is one of them. We can lock any Android, iOS, iPadOS, or macOS devices enrolled in Intune. Intune doesn’t support Windows 10 devices to remote Lock.

Remote lock works on devices that have a set device passcode or PIN. WhenIntunee sends a Remote lock action, the device gets locked, and the user has to input the device Passcode or PIN to unlock the device. This remote action doesn’t work on devices that do not have a Passcode or PIN.

When the remote lock command is initiated on devices that do not have device-level PIN or passcode, the screen will be turned off, but the device doesn’t get locked as the device does not have any passcode. Users can wake up the device and use it without a password and PIN. So always ensure device passcode or password is enforced on all devices enrolled in Intune.

Patch My PC
Best Guide to Remote Lock Devices using Intune Fig: 1
Best Guide to Remote Lock Devices using Intune Fig: 1

What are the Operating Systems and Platforms Supports for Remote Lock

Intune supports various operating systems to enroll devices to Intune. Android, iOS, iPadOS, macOS, Windows, Linux, and Chrome OS are the OS platforms Intune supports for managing the devices. Remote Lock action is supported for the below platforms

  • iOS/iPadOS
  • macOS
  • Android Open Source Project (AOSP) devices
  • Android Enterprise with Work Profile
  • Android Enterprise Kiosk devices/Corporate Owned dedicated devices
  • Android Enterprise Corporate Owned Fully Managed devices
  • Android Enterprise Corporate Owned Work Profile Devices

Remote Lock Devices using Intune

In this post, I’m going to cover how to lock Android Enterprise with Work Profile devices, User-driven enrolment of iOS devices (BYOD devices), and macOS devices. The remote Lock would be similar to Work Profile devices for the rest of Android Enterprise devices.

How to Lock Mobile Devices Remotely using Intune – Android Devices

Now let’s see how we can initiate the Remote lock command from the Endpoint Manager console to Android devices. Make sure the device is enrolled in Intune and has a device passcode or password, or PIN s.et

Best Guide to Remote Lock Devices using Intune Fig: 2
Best Guide to Remote Lock Devices using Intune Fig: 2

Under the Overview tab, click on Remote Lock, now the admin gets a message, ” Are you sure you want to lock the device this device? A device locked can only be unlocked by the user using a passcode. Devices without a passcode will still be accessible by any user“. Now click on Lock, if you really want to lock the device else click on Cancel.

Best Guide to Remote Lock Devices using Intune Fig: 3
Best Guide to Remote Lock Devices using Intune Fig: 3

After clicking on Lock, Intune gives you a notification that a Remote lock is initiated. This is the confirmation from Intune that it has issued remote lock command to the device. As soon as the device comes online and syncs, the device will be locked, and the user will be forced to enter the device passcode.

On Intune console, admins will be notified about the status of the remote action once it is completed as “Remote lock: Completed.” Once the device is locked, admins can also view the time stamp when the device is locked in the overview tab under Device Actions Status, as shown in the below screenshot.

Best Guide to Remote Lock Devices using Intune Fig: 4
Best Guide to Remote Lock Devices using Intune Fig: 4

User Experience

Suppose the device is lost/stolen after sending the Remote lock command, If the user has Faceid or Fingerprint set to unlock the device, the Faceid and Fingerprint cannot unlock the device, and the user is asked to enter the device passcode.

After successfully unlocking the device, the user can use Faceid or Fingerprint to unlock the device next time. I couldn’t capture the screenshot as the device was not allowing me to capture a screenshot of the lock screen.

How to Lock Mobile Devices Remotely using Intune – iOS/iPadOS Devices

Similarly, we can remotely lock iOS/iPadOS devices using Microsoft Endpoint Manager. To do that, the device must have a lock enabled, and the users should set a valid PIN or Passcode to unlock the device. Now let’s see how we can initiate the Remote lock command.

Best Guide to Remote Lock Devices using Intune Fig: 5
Best Guide to Remote Lock Devices using Intune Fig: 5

In the Overview section of the device, click on Remote lock, now, the admins will be prompted to confirm to lock the device with a message similar to that of Android devices. Are you sure you want to lock the device on this device? A device locked can only be unlocked by the user using a passcode. Devices without a passcode will still be accessible by any user“.

Intune will notify Admins about remote action once initiated, as shown in the screenshot below, under the notification tab in the Microsoft Endpoint Manager console.

Best Guide to Remote Lock Devices using Intune Fig: 6
Best Guide to Remote Lock Devices using Intune Fig: 6

Now click on Lock, if you really want to lock the device else click on Cancel. Once you click on Lock, it will send a command to lock the device. Intune will show the Remote Lock: Pending message to the admins if the device is offline or unavailable. To capture this, I made one of my iPhones offline. Even though the device lock is successfully initiated, it is pending as the device is offline.

Best Guide to Remote Lock Devices using Intune Fig: 7
Best Guide to Remote Lock Devices using Intune Fig: 7

User Experience

As soon as the device comes, Online or connected to Intune, the user is forced to unlock the device using a PIN, Passcode, or Faceid set by the user. Unlike Android, the remote lock command does not override the Faceid, users can use Faceid to unlock the device.

Best Guide to Remote Lock Devices using Intune Fig: 8
Best Guide to Remote Lock Devices using Intune Fig: 8

How to Lock Mobile Devices Remotely using Intune – macOS Devices

Now let’s see how to lock a macOS device using Intune remotely. To Lock a macOS device, the device must be enrolled in Intune and have a device-level passcode to unlock the device.

Best Guide to Remote Lock Devices using Intune Fig: 9
Best Guide to Remote Lock Devices using Intune Fig: 9

On the Overview page, click on the remote Lock. After clicking, admins will be requested confirmation “This action is intended to lock lost devices. While the device is locked, it will be unusable. A six-digit recovery pin will be generated and displayed in the status bar. This PIN will be required to restore functionality to this device. Be sure to give the PIN to the device owner. Are you sure you’d like to lock the device?

Click on Lock, if you want to lock the device else, click on Cancel. Intune will give notification as the Reme lock is initiated.

Best Guide to Remote Lock Devices using Intune Fig: 10
Best Guide to Remote Lock Devices using Intune Fig: 10

Unlike Android and iOS devices, a new 6-digit PIN will be generated for macOS devices to unlock the device. The user has to enter the PIN to enter the Mac. Intune will show/store the PIN for 30 days, make a note of the PIN generated by Intune.

Note! Do not initiate the remote lock command multiple times without unlocking the Mac device using the six-digit PIN generated by Intune. If we initiate it, the status of the new remote lock action status will be failed.

Best Guide to Remote Lock Devices using Intune Fig: 11
Best Guide to Remote Lock Devices using Intune Fig: 11

Similar to Android and iOS devices, we can view the remote action status under the Device actions status on the device overview page. The device will be locked only if it is online and in sync with Intune. If the device is offline, the status of the remote action will be shown as pending.

User Experience

On macOS devices, the behavior is a bit different, User will be asked to enter the 6-digit PIN generated by Intune. Users have to input the 6-digit PIN in order to unlock the Mac. Once the Mac is unlocked, the user can use his regular unlock method. You can view the behavior in the below screenshot.

Best Guide to Remote Lock Devices using Intune Fig: 12
Best Guide to Remote Lock Devices using Intune Fig: 12

I know the above screenshot is not an ideal one, after the remote lock, I’m not allowed to take screenshots of the lock and was left with no other option than take a pic from my mobile. So, as shown above, the user is presented with a screen to enter the 6-digit PIN generated to unlock the Mac. It also gives a message that the device is locked by your organization, and contact your administrator or enter the PIN to unlock the device.

Conclusion

So, this is how you can initiate a Remote lock Command to Android, iOS/iPad, and macOS devices in Intune. I hope you have learned something new from this blog post and helped in finding solutions for your requirement. I will be back with you another day with a new blog. Till then, Chao.

Author

About AuthorNarendra Kumar Malepati (Naren) has 11+ years of experience in IT, working on different MDM tools. Over the last seven years, Naren has been working on various features of Intune, including migration from different MDMs to Intune. Naren mainly focuses on Android, iOS, and MacOS.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.