Intune - MDM Commands
Intune allows a technician to send certain commands to a managed device over the Internet. These can be useful if you need to remotely reset a PC or decommission it.
The MDM commands can be found in the computer record within Intune
| Command | Function |
|---|---|
| Retire | Removes company data and settings from a device, and leaves personal data intact. |
| Wipe - use this one. |
This action restores a device to its factory settings and removes all data and settings. |
| Delete | Removes a device from Intune management, any company data is removed, and the device is retired. Do not use this unless the device is reimaged or you have the BitLocker key. |
| Sync | Syncs a device with Intune to apply the latest policies and configurations. |
| Restart | Restarts a device. |
| Collect Diagnostics | Collects diagnostic logs from a device and uploads the logs to Intune. |
| Fresh Start | Reinstalls the latest version of Windows on a device and removes apps that the manufacturer installed. |
 | Please note that the Remote Lock and Reset Passcode commands only apply to iOS devices and NOT Windows devices. Those commands will be grayed out for Windows computers. Quick Scan and Full Scan commands do not apply to MIT Intune enrolled devices which are utilizing Sophos Anti-virus. |
Wipe vs Fresh Start vs Autopilot Reset
Fresh Start is nearly identical to Wipe. Both options will restore a device back to its factory settings (back to OOBE). The one difference here is that Fresh Start will also remove OEM-preloaded applications. Autopilot Reset removes all of the files, apps, and settings on a device (including the user profile) but retains the connection to Azure AD and Intune (or 3rd party MDM). This makes Autopilot Reset a sort of middle-ground option, where you’re wiping a device and maintaining the enrollment state but not the user data.
