Hola, I’m back with a new article on Best Guide to Remote Lock Devices using Intune. This article will discuss the steps and when to Lock Mobile Devices using Intune remotely. The remote lock option is very helpful in case of the device is lost or stolen.
Intune provides admins with many remote actions that can be performed remotely on enrolled devices. Remote Lock is one of them. We can lock any Android, iOS, iPadOS, or macOS devices enrolled in Intune. Intune doesn’t support Windows 10 devices to remote Lock.
Remote lock works on devices that have a set device passcode or PIN. WhenIntunee sends a Remote lock action, the device gets locked, and the user has to input the device Passcode or PIN to unlock the device. This remote action doesn’t work on devices that do not have a Passcode or PIN.
When the remote lock command is initiated on devices that do not have device-level PIN or passcode, the screen will be turned off, but the device doesn’t get locked as the device does not have any passcode. Users can wake up the device and use it without a password and PIN. So always ensure device passcode or password is enforced on all devices enrolled in Intune.
- Enforcing Screen Lock for Android Devices in Intune as per CIS Benchmarks
- Secure Android Devices using Microsoft Defender for Endpoint in Intune

What are the Operating Systems and Platforms Supports for Remote Lock
Intune supports various operating systems to enroll devices to Intune. Android, iOS, iPadOS, macOS, Windows, Linux, and Chrome OS are the OS platforms Intune supports for managing the devices. Remote Lock action is supported for the below platforms
- iOS/iPadOS
- macOS
- Android Open Source Project (AOSP) devices
- Android Enterprise with Work Profile
- Android Enterprise Kiosk devices/Corporate Owned dedicated devices
- Android Enterprise Corporate Owned Fully Managed devices
- Android Enterprise Corporate Owned Work Profile Devices
Remote Lock Devices using Intune
In this post, I’m going to cover how to lock Android Enterprise with Work Profile devices, User-driven enrolment of iOS devices (BYOD devices), and macOS devices. The remote Lock would be similar to Work Profile devices for the rest of Android Enterprise devices.
How to Lock Mobile Devices Remotely using Intune – Android Devices
Now let’s see how we can initiate the Remote lock command from the Endpoint Manager console to Android devices. Make sure the device is enrolled in Intune and has a device passcode or password, or PIN s.et
- Sign in to the Microsoft Endpoint Manager admin center https://intune.microsoft.com
- Search for the Android device that requires a locking device Remotely
Under the Overview tab, click on Remote Lock, now the admin gets a message, ” Are you sure you want to lock the device this device? A device locked can only be unlocked by the user using a passcode. Devices without a passcode will still be accessible by any user“. Now click on Lock, if you really want to lock the device else click on Cancel.
After clicking on Lock, Intune gives you a notification that a Remote lock is initiated. This is the confirmation from Intune that it has issued remote lock command to the device. As soon as the device comes online and syncs, the device will be locked, and the user will be forced to enter the device passcode.
On Intune console, admins will be notified about the status of the remote action once it is completed as “Remote lock: Completed.” Once the device is locked, admins can also view the time stamp when the device is locked in the overview tab under Device Actions Status, as shown in the below screenshot.
User Experience
Suppose the device is lost/stolen after sending the Remote lock command, If the user has Faceid or Fingerprint set to unlock the device, the Faceid and Fingerprint cannot unlock the device, and the user is asked to enter the device passcode.
After successfully unlocking the device, the user can use Faceid or Fingerprint to unlock the device next time. I couldn’t capture the screenshot as the device was not allowing me to capture a screenshot of the lock screen.
How to Lock Mobile Devices Remotely using Intune – iOS/iPadOS Devices
Similarly, we can remotely lock iOS/iPadOS devices using Microsoft Endpoint Manager. To do that, the device must have a lock enabled, and the users should set a valid PIN or Passcode to unlock the device. Now let’s see how we can initiate the Remote lock command.
- Sign in to the Microsoft Endpoint Manager admin center https://intune.microsoft.com.
- Search for the iOS device you want to lock from the Microsoft Endpoint Manager.
In the Overview section of the device, click on Remote lock, now, the admins will be prompted to confirm to lock the device with a message similar to that of Android devices. Are you sure you want to lock the device on this device? A device locked can only be unlocked by the user using a passcode. Devices without a passcode will still be accessible by any user“.
Intune will notify Admins about remote action once initiated, as shown in the screenshot below, under the notification tab in the Microsoft Endpoint Manager console.
Now click on Lock, if you really want to lock the device else click on Cancel. Once you click on Lock, it will send a command to lock the device. Intune will show the Remote Lock: Pending message to the admins if the device is offline or unavailable. To capture this, I made one of my iPhones offline. Even though the device lock is successfully initiated, it is pending as the device is offline.
User Experience
As soon as the device comes, Online or connected to Intune, the user is forced to unlock the device using a PIN, Passcode, or Faceid set by the user. Unlike Android, the remote lock command does not override the Faceid, users can use Faceid to unlock the device.
How to Lock Mobile Devices Remotely using Intune – macOS Devices
Now let’s see how to lock a macOS device using Intune remotely. To Lock a macOS device, the device must be enrolled in Intune and have a device-level passcode to unlock the device.
- Sign in to the Microsoft Endpoint Manager admin center https://intune.microsoft.com.
- Search for the macOS device you want to lock in Intune.
On the Overview page, click on the remote Lock. After clicking, admins will be requested confirmation “This action is intended to lock lost devices. While the device is locked, it will be unusable. A six-digit recovery pin will be generated and displayed in the status bar. This PIN will be required to restore functionality to this device. Be sure to give the PIN to the device owner. Are you sure you’d like to lock the device?“
Click on Lock, if you want to lock the device else, click on Cancel. Intune will give notification as the Reme lock is initiated.
Unlike Android and iOS devices, a new 6-digit PIN will be generated for macOS devices to unlock the device. The user has to enter the PIN to enter the Mac. Intune will show/store the PIN for 30 days, make a note of the PIN generated by Intune.
Note! Do not initiate the remote lock command multiple times without unlocking the Mac device using the six-digit PIN generated by Intune. If we initiate it, the status of the new remote lock action status will be failed.
Similar to Android and iOS devices, we can view the remote action status under the Device actions status on the device overview page. The device will be locked only if it is online and in sync with Intune. If the device is offline, the status of the remote action will be shown as pending.
User Experience
On macOS devices, the behavior is a bit different, User will be asked to enter the 6-digit PIN generated by Intune. Users have to input the 6-digit PIN in order to unlock the Mac. Once the Mac is unlocked, the user can use his regular unlock method. You can view the behavior in the below screenshot.
I know the above screenshot is not an ideal one, after the remote lock, I’m not allowed to take screenshots of the lock and was left with no other option than take a pic from my mobile. So, as shown above, the user is presented with a screen to enter the 6-digit PIN generated to unlock the Mac. It also gives a message that the device is locked by your organization, and contact your administrator or enter the PIN to unlock the device.
Conclusion
So, this is how you can initiate a Remote lock Command to Android, iOS/iPad, and macOS devices in Intune. I hope you have learned something new from this blog post and helped in finding solutions for your requirement. I will be back with you another day with a new blog. Till then, Chao.
Author
About Author – Narendra Kumar Malepati (Naren) has 11+ years of experience in IT, working on different MDM tools. Over the last seven years, Naren has been working on various features of Intune, including migration from different MDMs to Intune. Naren mainly focuses on Android, iOS, and MacOS.