Retiring and deleting devices takes way too long
When working with a user on the phone, and we need to retire and reenroll a device, the process of retiring takes a very long time, which becomes frustrating for not only myself, but for the user who wants to get their problem resolved and get back to work. Please work to improve the speed for operations like this within the console,
Pierce Radtke commented
We use windows Hello for our users. When selecting "remove company data" from an android or apple phone that has the Intune Company Portal app installed the process is swift and efficient.
Users lose access on the device almost instantly.
This is not the case when doing the same thing with a WIN10 Device
Additionally - It does look like any o365 systems do eventually lose their access once the system is retired
However, simple Text files do not even though they are synced with one drive. This would be true of any non-o365 connected system is my suspicion.
Also, Teams continue to function without a problem for a couple of minutes
As I am currently testing how to best block users from signing into their WIN10 Equipment I was hoping that retiring (as called thru azure Intune)/"removing company data" (as described in o365 admin) was going to be just as swift.
As I am watching the 30+ minutes that this system has not disconnected from azure this is concerning.
If we block signins the system will prevent the computer from connecting to one drive - this is a plus... but any locally saved files are still available!!
We need an option for force WIN10 to sign the user out of the machine and remove their Azure Active Directory sync immediately. We work with users who are primarily remote.
It is already a month that a test iOS devise is stuck on state "Retire pending". One month...
Mike M commented
I find that Retire, Wipe, and Freshstart typically kick off at a reasonable pace. So long as you're staring at the machine, it is usually initiated within a minute or two. I wouldn't trust doing it blind if there was a security breach though. What is worse, is what you're left with after you've initiated one of these actions on a device.
If an office (From Intune) installation fails for unidentifiable reasons (zero logs, useless 0x0 unknown error codes), short of re-installing windows, you're in for a bunch of waiting and failures.
Retiring the device, and waiting for re-enrollment is the only other option you have. Often required installs, and Available installs for the same office deployment conflict they do not reflect the installation of one of the other as present... Company portal is rarely accurate, and re-installing office from the portal can take days if it's even successful after that.
When you retire a device, it doesn't remove everything from the device, often there will be a user account signed on which will prevent Hybrid AAD Joined devices from re-enrolling. The Work arounds FAQ for our helpdesk reads like War and Peace.
Additionally Wipe/Fresh Start processes often results in an unusable PC. Brand new Business class Dells do no re-install windows with the required basic NIC drivers. Isn't the point of Autopilot and windows 10 to have disposable easily redeployed devices? Microsoft and OEMs are not delivering a usable product.
We abandoned SCCM in favor of the Modern Deployment, but it's barely usable in its present state. I still think/Hope MDM is the future for Windows management, focus less on features right now, and focus on core functionality!
A Windows 10 (build 1803) device whipe is not instant and can take a very long time (hours/days) to initiate. From a security perspective this is not acceptable.
Agreed. This needs to work quickly. Also, once you choose "Retire", everything else is greyed out so you can't force the device to do a sync to pull its new policy from the Intune Portal.
I can see this won't work with remote factory reset every time. But when you do remove company data it surely should be able to send a last ping to MDM after it removes profiles. It doesn't do this in all my test cases, even on a newest Galaxy Note 8 with up to date Android and Knox.
Microsoft! Are you listening? Your MDM solution is not working (truth be told.. O365 Device Management sucks). I have multiple devices that remain in Retire Pending or Retire in Progress for days/weeks - nothing drops off. I really hoped this to be a enterprise class solution, but you force us to take business elsewhere when you don't fix what your users are telling you is broken!
I selected "Remove Company Data" from a Windows 10 device and it is STILL pending after 3 days! This is a huge security risk. I will be bringing this to the attention of our CISO. Microsoft may have a lawsuit on their hands with this security risk should a disgruntled user continue to have access to company data after termination.
Chris Wilkes commented
I selected "Remove Company Data" from an iPhone at about 4pm. Went home and came back to work today and its now 11am and still on "Retire Pending"...
I can't believe this needs to be a request, let alone one that's nearly 3 years old.
Over 8 hours for a windows 10 laptop
When I retire a device from the SCCM portal, the wipe is pretty quick. Now it will take a while for it to clear out of the SCCM console which I don't like but from what I have read and been told you should really do the un-enroll from the device in the Intune Company Portal app for a better experience.
Manish Gautam commented
I am not sure about iOS devices , but Android devices take ages to retire. It is very difficult and challenging to explain to the InTune Company portal app user on what is going on. Is there any fix or workaround available for now till this issue is completely gone?
I agree - I'm working to troubleshoot HelpDesk emails on my own phone. I think I should have time to try at least 4-5 things in a day but the deletion takes hours so I can realistically only try once or twice a day which means I am not going to have much success in finding a solution
Sandy Wood commented
I've had one iPhone in the process of retiring for two days. Gonna have to burn a support ticket to figure this one out.
Ricardo Dominguez commented
too bad handling of data synchronization with Intune and Windows 10 devices, certainly we all know that every single technologie need time to replicate but... not 1 day, if you want to improve the response please do homologate identities of Devices as users you already do.
This is frustrating!
Ian Conway commented
Because Intune cannot guarantee a device is going to be wiped in a timely fashion, we are in the process of moving all 500 devices to IBM Maas360, you guys should check it out, their devices wipe within seconds!
Megan-Lee Paterson commented
Seriously this needs to be looked at, Microsoft needs to assess their competition between other MDM service providers, clearly protecting data is not important but yet they give this product free on a very expensive license package, come on Microsoft, we have a premium account with you guys and you cant even provide us the premium support for this simple functionality.
For us this is a data safety issue. If a device is lost or stolen, we need to reset it as soon as it is online again. I used the Azure portal to start this process and it still takes a long time.