Let’s learn how you can retire Noncompliant Devices from Intune portal. The Retire the noncompliant device action removes all company data from the device and removes the device from Intune management.
Compliance policy configuration is an important design decision while managing devices with Intune. Intune compliance policies are the first step of the protection before providing access to corporate applications, along with Conditional Access policies.
By default, when Intune detects a device that isn’t compliant, Intune immediately marks the device as noncompliant. Azure AD Conditional Access then blocks the device. Intune allows you to add actions for noncompliance when a device isn’t compliant, which gives you the flexibility to decide what to do.
Only devices to which the Retire the noncompliant device action has been triggered appear in the Retire Selected Devices view. To see a list of all devices that are not compliant, Intune Noncompliant Devices Report.
The Retire the noncompliant device action removes all company data from the device and removes the device from Intune management. The following platforms support this action:
- Android device administrator
- Android (AOSP)
- Android Enterprise:
- Fully Managed
- Dedicated
- Corporate-Owned Work Profile
- Personally Owned Work Profile
- iOS/iPadOS
- macOS
- Windows 10/11
Here’s how you can create notifications in Intune Admin portal for Noncompliant Devices and send Notifications for Noncompliant Devices from Intune.
- Create Intune Compliance Policy for Windows 365 Cloud PC and AVD
- Managing Windows Bitlocker Compliance Policy Using Intune | MS Graph | Grace Period
Retire Noncompliant Devices from Intune Portal
The following steps provide details on how to retire Noncompliant devices in Intune. When this action applies to a device, that device is added to a list of devices in the admin console. The device isn’t retired until an admin takes explicit action to retire the device.
- Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com/
- Select Devices > Compliance policies > Retire Noncompliant Devices.
To retire one or more devices from the list, choose devices to retire and then select Retire Selected Devices.
When you choose an action that retires devices, you’re presented with a dialog box to confirm the action. Only after confirming the intent to retire the devices are cleared of company data and removed from Intune management.
Click on Yes to proceed. A notification will appear automatically in the top right-hand corner with the message Retire initiated.
The Retire action removes managed app data, settings, and email profiles assigned by using Intune. The device is removed from Intune management. Removal happens the next time the device checks in and receives the remote Retire action.
You will receive a notification “Work profile deleted” Your work profile is no longer available on this device. These are screenshots taken from Android devices.
The device still shows up in Intune until the device checks in. If you want to remove stale devices immediately, use the Delete action instead. Retire leaves the user’s personal data on the device.
The other options include Retire All Devices, Clear All Devices Retire State, and Clear Selected Devices Retire State. Clearing the retire state for a device removes the device from the list of devices that can be retired until the action to Retire the noncompliant device is applied to that device again.
Author
About Author – Jitesh, Microsoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.