How to Remove Intune from a Windows 10
I was troubleshooting an issue with Microsoft Intune only to discover that the Mobile Device Management (MDM) setting wasn’t enabled on my Windows 10 computer. This meant that I needed to reset my Windows 10 computer back to the default, so I thought I would document how you can remove Intune from a Windows 10 computer and Azure Active Directory (AAD). Later on, I will also show you how to confirm that a device was either removed from or added to Intune and AAD.
At a high level, this is what I expect to be doing: removing the Workplace Join from the Windows 10 computer, deleting the computer from Intune, and finally removing the computer from Azure Active Directory (AAD).
Take a look at the screenshot above. Notice the computer name? This is the computer that I will be removing from Intune and AAD, so as any good SCCM Administrator would, I’ll be looking for it later on in Intune and AAD.
How to Remove Intune from a Windows 10 Computer
Open the start menu and select the Windows Settings option.
Select Accounts.
Select the Access work or school node.
Select the MDM and click on the Disconnect button.
Click Yes to confirm the removal.
Next, remove the Workplace Join account; first select the account and then click on Disconnect.
Click Yes to confirm the removal of the Workplace Join account. At this point, you are done on your computer; however, I like to reboot my computer to ensure that the computer is in a known state and everything is cleared out of RAM. All of the remaining steps occur within the Azure Portal (Intune).
Azure Portal (Intune)
Sign into the Azure Portal; this is where you will find the Microsoft Intune blade. In my case, I pinned the Microsoft Intune blade as a favorite. If you haven’t done this yet, you will find the Microsoft Intune blade within the All services blade.
On the Microsoft Intune blade, I clicked on the Devices node; this will show you all of your devices.
BUT WAIT. Only three devices were listed when I was expecting four in total. Where’s the computer I just removed from Intune?
As a SCCM Admin, I expected that the computer would be listed for 90 days. After that, the computer would be removed automatically by the SCCM maintenance tasks, so I expected the same from Microsoft Intune. Next, I clicked on the All devices node. Again, all of my active devices were listed, but not the device that I moments ago removed from Intune! I’ll check the Azure Active Directory (AAD) devices.
AAD Devices
Start by clicking on the Azure Active Directory node and then on All devices. In the All devices window, I can see four devices, BUT again, none of these devices is the computer I deleted. Again, similar to Active Directory (AD), I would expect that the computer would be listed until I removed it myself. Next, I decided to review the AAD audit logs to determine what is going on.
Back on the main Azure Active Directory node, under the ACTIVITY section, I could barely see the Audit logs option because it was greyed out, so I highlighted it in the above screenshot. The reason for this is that Intune Service Administrators don’t have security rights to review the AAD audit logs. If you don’t have Global Administrator rights, then you will need to ask your Global Administrator to look at the audit logs.
AAD Audit Logs
After logging in as a Global Administrator I was finally able to review the audit logs. You can see in the above screenshot that there are five entries indicating that my computer is no longer managed by Intune and was also deleted from AAD.
What lessons did I learn? If a user removes the MDM and Workplace Join from a computer, it is automatically removed from Intune and Azure. You can use the AAD audit logs to confirm this information. As an AD or SCCM Administrator this is definitely unexpected. I predict that this will make life difficult managing these devices. At a minimum it will mean that organizational procedures will need to be updated in order to keep pace with what actually occurs versus what an administrator would expect to happen.