Systems

Microsoft Intune

Affected Customers

• Personally owned Windows devices that have signed in to ‘Access work or school’ with university credentials.
• Personally owned Windows devices that have accepted ‘Allow my organization to manage my device’ when signing into M365 apps with university credentials.
• Android devices that have installed the Company Portal app and signed in with university credentials (primarily Teams devices).

General Information

Microsoft Intune will automatically remove devices that have not communicated with the service in 270 days. Communication with Intune is a passive process that requires an internet connection and a valid Intune device certificate, which is automatically issued during device enrollment and is valid for one year.

A removed device is considered unenrolled from Intune and will:

• No longer receive policy or settings from Intune.
• Automatically re-enroll in Intune only if it still has a valid Intune device certificate the next time it has an active internet connection.

Depending on the settings managed by Intune at the time of last check-in, a Windows device that comes online after removal may have some settings persist. Others may revert to Windows' default behavior. In either case, management of all settings will be returned to the device’s administrator.

Users who sign in to a removed Windows device may receive a notification that their organization no longer manages specific settings. They may also experience behavior that differs from the last time they were online, depending on the settings that are no longer managed.

Any changes in a device's Intune enrollment state or the settings managed on a device will not result in the removal of any personal files from the device.

Removal will neither wipe nor retire a device, and it will not disable or remove the device from Microsoft Entra ID.