In Microsoft Intune, “Retire,” “Wipe,” and “Delete” are actions you can take when managing mobile devices and sometimes computers. These actions are used to control and secure the data and settings on the devices.
1- Retire:
Purpose: Retiring a device means marking it as no longer needed or in use. It’s a way to indicate that the device is no longer managed by the organization.
Effects: When you retire a device, it typically removes company data and settings associated with that device, but it doesn’t wipe the entire device or delete personal data.
Use Case: You would use the retirement option when an employee leaves the company, and you want to remove their access to company resources without wiping their personal data.
2- Wipe:
Purpose: Wiping a device means removing all data and settings on the device, returning it to its factory state. It’s a more drastic action than retiring and is typically used in cases where the device is lost, stolen, or when more thorough data removal is necessary.
Effects: Wiping a device will erase all data on the device, including both company and personal data. It resets the device to its original configuration.
Use Case: You would use the wipe option when a device is lost or stolen, or when you need to decommission a device and ensure no company data remains on it.
3- Delete:
Purpose: Deleting a device removes it from the Intune console and revokes its management capabilities. It’s a way to permanently remove a device from the organization’s Intune account.
Effects: Deleting a device removes it from management but does not wipe the device or affect the data on it.
Use Case: You would use the delete option when you no longer need to manage a device with Intune, such as when a device is no longer in use or is being replaced.
The difference between ‘Retire’, ‘Wipe’, and ‘Delete’ in Intune device management is as follows:
Retire:
removes app data, settings, and Intune managed email profiles from the device. The device will still show up in Intune until the device checks in. Retirement leaves users’ personal data on the device. Retire also removes the Azure AD record of the device, unless the device has an Autopilot hash assigned³.
Wipe :
restores a device to its factory default settings. All data, apps, and settings are removed. Wipe also removes the device from Intune management and Azure AD, unless the device has an Autopilot hash assigned³. Wipe is useful for resetting a device before giving it to a new user, or when the device has been lost or stolen.
Delete:
removes the device from the All-devices list in Intune immediately. Delete also issues the retire command to the device, which removes app data, settings, and Intune managed email profiles from the device. Delete also removes the Azure AD record of the device, unless the device has an Autopilot hash assigned³.
It’s important to understand the differences between these actions and use them appropriately based on your organization’s policies and the specific circumstances for each device. Always exercise caution when performing actions like wiping or deleting, as they can result in data loss on the device. It’s also good practice to communicate with the device owner or user before taking such actions, especially when dealing with personal devices.
To add a new user in Azure Active Directory (Azure AD), you typically have a few different methods to choose from, depending on your needs and preferences. Here’s a common method using the Azure portal:
Sign in, to Azure Portal:
Sign in, to your Azure portal using your admin account
Access Azure Active Directory :
Click on “Azure Active Directory” in the left-hand menu. If you can’t find it, you can also use the search bar to locate it quickly.
Add a New User:
There are a few ways to add a new user, but the most common one is to go to “Users” under “Manage.” Click on the “+ New user” button. With two ways we can create user:
Create user
Invite user
User Details:
You’ll be prompted to enter the user’s details. These typically include:
Username: The user’s username, which is used for signing in.
Name: Full name of the user.
Profile: You can set the user’s job title, department, and more.
User type: Depending on your subscription, you can choose between “Member,” “Guest,” or “External.”
Authentication and Role Assignment:
You’ll set the user’s role and authentication method. Here, you can choose roles like “User” or “Global Administrator.” You’ll also set their password and authentication method, whether it’s a temporary password or you let them create their own.
Directory Role:
Depending on your needs, you might want to assign the user to directory roles, like “User administrator” or “Application administrator.”
Groups:
You can also add the user to Azure AD security groups if needed.
Review and Create:
Review the user’s details and settings. Make sure everything is correct.
Create:
Once you’re satisfied, click “Create” to add the user to Azure AD.
The user should now be added to Azure AD. They will receive an email (if you provided their email address) to set up their account or change their temporary password.
Please note that the specific steps and options may vary depending on the version of Azure and your subscription level. Always ensure that you have the necessary permissions and follow best practices for user management and security in your organization.
In this tutorial we want to learn how we can add Application in Intune (for windows)? To add an app in Microsoft Intune, you can follow these general steps:
Sign into the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com) using your administrator account.
Navigate to “Apps” from the left-hand menu.
Click on “Add” to start the process of adding a new app.
Select the app type you want to add. Intune supports several types of apps, including “Managed Google Play app,” “iOS/iPadOS app,” “Android app,” “Windows app (Win32),” “Windows app (store),” and more. Choose the appropriate app type based on your requirements.
Configure the app settings based on the selected app type. The settings may vary depending on the platform and app type. Fill in the required information such as app name, description, publisher, version, installation requirements, etc. Some app types may require additional configuration, such as app package upload or linking to the app store.
Specify the deployment settings, including the targeted user or device groups, installation or assignment options, and any additional settings specific to the app type. These settings determine how the app will be deployed to the managed devices.
Review the settings and make any necessary adjustments.
Click on “Add” or “Save” to add the app to Intune.
Once the app is added, it will be available for deployment to the targeted devices or users based on the settings you configured. Users will then be able to install or access the app through the Intune Company Portal or the managed app store on their devices.
Please note that the specific steps and options may vary slightly depending on the version of Microsoft Intune and the app type you are adding.
In Azure AD, a dynamic group is a special type of group that is defined by a rule or criteria rather than by a static list of members. Dynamic groups can be useful for managing access to resources based on user attributes, such as department, job title, or location. For example, you could create a dynamic group for all users in the “Marketing” department, and then grant access to marketing-related resources to that group.
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. It allows organizations to manage user identities and access to resources across different cloud-based and on-premises applications.
To create a dynamic group in Azure AD, you can follow these steps:
Go to the Azure portal and sign in with your Azure AD administrator account.
Navigate to the “Azure Active Directory” service.
Click on “Groups” and then “New group”.
Select “Dynamic group” as the group type.
Give the group a name and description.
Define the rule or criteria that will determine the membership of the group. You can choose from a variety of attributes, such as department, job title, or location, and specify the values that should be included.
Review and confirm the group settings, and then click “Create” to create the group.
Once you have created a dynamic group, you can use it to manage access to resources in Azure AD or other applications that support Azure AD authentication. You can also add or remove users from the group manually or modify the group membership rule to adjust the membership dynamically.
Microsoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. It provides a variety of services such as computing power, storage, and networking, as well as many pre-built tools and frameworks for different programming languages and platforms, making it easy for developers to build and deploy applications on the cloud.
