This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 59%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
I have EMS license assigned to a user. And the user has an enrolled device.
I would like to know what the effect would be if I directly remove the license for the user from Intune portal.
(a) Will the device remain enrolled in Intune if my device is:
-> Only Azure AD Joined
-> Hybrid Azure AD Joined
-> Co-managed with SCCM
I would like to know the enrollment status in all the above 3 scenarios.
(b) What will happen to the policies that are targeted to the device. Will those policy stop taking affect?
(c) Suppose I deployed a BitLocker policy to the device. After removing the Intune license, will my BitLocker policy stop taking effect and my device would decrypt itself and would no longer be BitLocker encrypted ?
Hello IntuneUser-0687 ,
Based Upon the information provided.
Yes that is possible that when we assigned the license to the user and then remove it directly for the user from Intune portal then this will affect the compliance status. and the device is no logger be compliant.
Thus the the device will not remain enrolled in Intune For:
-> Only Azure AD Joined
-> Hybrid Azure AD Joined
-> Co-managed with SCCM
What will happen to the policies that are targeted to the device. Will those policy stop taking affect?
Yes this will take affect.
and if you delete the device from AAD and the device communicates with AAD again (nothing can happen if it doesn't communicate again as it would never know the AAD object was deleted), then the key protector is removed from the OS volume leaving BitLocker enabled but suspended.
------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--
Thanks for your reply @Limitless Technology , I found an article : https://learn.microsoft.com/en-us/mem/configmgr/core/understand/product-and-licensing-faq#what-changes-with-licensing-for-co-management-in-microsoft-endpoint-manager-
This article states that if I have a SCCM co-management license, I would not require an additional Intune license for the user.
Hence, could you please confirm whether my policies from Intune would still be applying. I want to focus only on my BitLocker policy for now, which I deployed from Intune.
@IntuneUser Thanks for posting in our Q&A.
Based on my research, if we remove intune license from a user that has managed devices, it may affect the compliance or management of these devices.
So, if you want to use intune to manage devices and apps, it is suggested to assign intune license to users.
Thanks for your understanding.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.