How to Stop and Prevent Unexpected Auto-Wipes in Intune Environments

By /

How to Stop Random Auto-Wipes in Your Intune Environment

Nothing is more nerve-wracking than finding a user’s PC wiped with no warning. If Intune is auto-wiping devices and you can’t trace the trigger, follow these steps to regain control and prevent future surprises.

1. Pause Wipes in Your Compliance Policies

Intune lets you “wipe device” as a noncompliance action. The first thing to do is disable it so no more devices vanish.

  • In the Intune portal, go to Devices → Compliance policies.

  • Open each policy, click Properties → Actions for noncompliance, and remove or disable the Wipe action.

  • Save your changes.

This buys you time to root out the real cause without new wipes happening.

2. Look at Conditional Access Grants

Auto-wipes often spring from Conditional Access rules that demand a compliant device. If compliance checks fail, Azure AD can trigger a wipe.

  • In Azure AD, go to Security → Conditional Access.

  • Check policies that grant access to apps (Exchange Online, Microsoft 365) with “Require device to be marked compliant.”

  • Disable or exclude a test user and watch if wipes stop.

This helps pinpoint whether a broken compliance check is the culprit.

3. Audit Enrollment Status Page (ESP) Settings

During Autopilot provisioning, a hung ESP can reset the device entirely.

  • In Intune, navigate to Devices → Windows → Windows enrollment → Deployment Profiles.

  • Edit your profile and set Wait for device setup to complete to No or extend the timeouts.

A quick setup or a longer timeout can prevent provisioning failures that look like wipes.

4. Inspect Device Actions Logs

Intune logs every wipe command in the portal. Find out exactly which service sent it.

  • Go to Devices → All devices, select a wiped device, and open Troubleshooting + support → Device actions.

  • Look for any Wipe entries and note the source.

This reveals whether Intune, Azure AD, or another MDM command issued the wipe.

5. Review Local Compliance Client Logs

When a wipe happens, the Intune Management Extension logs policy decisions that led to it.

  • On the affected PC, collect logs from:

    • %ProgramData%\Microsoft\IntuneManagementExtension\Logs

    • %windir%\CCM\Logs

  • Search for entries around the wipe timestamp for policy evaluation or MDM commands.

These details often point straight to the noncompliant rule triggering the action.

6. Rebuild Your Wipe Strategy

Once you’ve stopped the random wipes, you can reintroduce wipes in a controlled way:

  • Remove wipe actions from broad compliance policies.

  • Create a dedicated compliance policy for high-risk devices (kiosks, shared PCs) only.

  • Set its noncompliance action to Wipe after a grace period (e.g., 7 days).

  • Pilot it on a small group and monitor closely.

This approach ensures wipes only hit the devices you expect.

By pausing wipes, tracking down your Conditional Access and compliance triggers, and rebuilding your wipe policies on a targeted basis, you’ll turn off those surprise auto-wipes and keep your Intune environment stable.

LinkedInCopyPinterestRedditTelegram

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by
Scroll to Top