This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 72%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Greetings Internet Hive Mind.
iI have quite a conundrum on my hands. I recently had a user leave my company who took it upon himself to wipe his hard drive on the way out. Attempts to recover the data have all failed. Following the IT protocol I have deleted the device from AD, AAD and Intune. Now I am told they want to go after this former employee legally and want every record they can find on him. Is there a way to recover this recently deleted intune record? I have found bits and peices across the interwebs but nothing solid.
Any help you can provide would be greatly appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@Jeremy Hildeen, Thanks for posting in Q&A.
From your description, I know you want to restore a device record recently deleted from Intune.
Based on my searches, there is no way to recover a device that has been deleted from Intune, you will need to re-join the device to Intune, but you can check the Audit logs to find out which user deleted a device as well as make sure that the device was actually indeed enrolled to Intune.
Here is the location of the Audit log.
Intune portal > Tenant administration > Audit logs
Moreover, you can check the logs in the Event Viewer and look for the Intune cert issued by Sc_Online_Issuing on the device side to confirm that the device was enrolled to Intune.
Location of Log: Event Viewer > Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin
Location of certificate: From the Start menu, type Run > MMC > Choose File > Add/Remove Snap-ins > Double-click Certificates, choose Computer account > Next, and select Local Computer > Double-click Certificates (Local computer) and choose Personal > Certificates.
Hope it will help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Jeremy Hildeen, Hope things going well.
Please tell me if I have fixed your issue successfully.