从 Intune 管理停用设备Retire devices from Intune management

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

无论设备是公司拥有的还是个人的,最终都需要从 Intune 管理中删除一个托管设备。Whether devices are corporate-owned or personally owned, eventually a managed device needs to be removed from Intune management.

没有你的干预,即使设备已有一段时间未连接到 Intune 服务,设备也永远不会从 Intune 中删除。Devices are never removed from Intune without your intervention, even if the devices haven't connected to the Intune service for a period of time.

出于多种原因,可能需要停用设备:You might need to retire a device for a variety of reasons:

  • 用户以计划方式离开公司(“托管式”离开)User leaves a company in a planned way (“managed” departure)
  • 用户突然离开(被解雇、辞职等)。User leaves abruptly (gets fired, quits, etc.).
  • 设备丢失Loss of device
  • 改变设备用途(转移给其他用户、重新用于其他目的等)Repurpose of a device (move to another user, reuse for a different purpose, etc.)

可以对作为移动设备进行管理的设备执行选择性擦除或完全擦除,或者可以锁定设备并重置密码。You can do either a selective wipe or a full wipe on a device that's managed as a mobile device, or you can lock a device and reset its password. 擦除设备可释放用户的订阅,以添加其他设备。By wiping the device, you free up the user's subscription to add a different device. 也可以停用使用 Intune 客户端软件管理的电脑。You can also retire PCs that are managed with the Intune client software.

从设备中擦除数据和应用Wipe data and apps from devices

选择性擦除和完全擦除都可以通过删除设备的策略和公司门户,将设备从 Intune 管理中删除。Both a selective wipe and a full wipe remove the device from Intune management by removing its policy and the company portal. 因此,设备不再拥有登录到公司资源(如 Microsoft SharePoint、电子邮件或 Office 365)所必需的凭据。As a result, the device no longer has the necessary credentials to sign in to company resources like Microsoft SharePoint, email, or Office 365.

对于已在 Intune 注册其自有设备的员工而言,选择性擦除是首选的操作选项,因为它不会影响设备上的个人信息。Selective wipe is the preferred action for employees who have enrolled their own devices in Intune because it does not affect personal information on the device. 仅删除公司数据。Only corporate data is removed.

对于需要重新调整用途的设备,你也可以使用完全擦除,这会将设备重置为出厂默认设置。For devices that need to be repurposed, you can also use a full wipe, which resets the device to factory default settings.

删除用户许可证和托管设备Removing user licenses and managed devices

删除用户许可证时,该用户的已注册设备将结束注册状态。When you remove a user license, that user's enrolled devices cease to be enrolled. 最佳做法是:在删除用户的 Intune 许可证之前,应使用选择性擦除从托管设备中删除公司数据。As a best practice, you should use selective wipe to remove company data from managed devices before removing the Intune license for a user. 删除用户许可证后,无法再将设备作为远程操作的目标。Once you remove the user license, the device cannot be targeted for remote actions.

在 Azure Active Directory 门户中删除设备To delete devices in the Azure Active Directory portal

  1. 使用组织凭据登录到 http://aka.ms/accessaadhttps://portal.office.com,然后选择“管理中心”>“Azure AD”。Sign in with your organization credentials to http://aka.ms/accessaad or https://portal.office.com, and then choose Admin centers > Azure AD.

  2. 创建 Azure 订阅(如果没有)。Create an Azure subscription if you don’t have one. 如果拥有付费帐户,则不需要使用信用卡或进行付款。This should not require a credit card or payment if you have a paid account. 选择“注册免费的 Azure Active Directory”订阅链接。Choose the Register your free Azure Active Directory subscription link.

  3. 选择“Active Directory”,然后选择组织。Choose Active Directory, and then choose your organization.

  4. 选择“用户”选项卡。Choose the Users tab.

  5. 选择要删除其设备的用户。Choose the user whose devices you want to delete.

  6. 选择设备Choose Devices.

  7. 选择适当的设备,然后选择“删除设备”。Choose the devices as appropriate, and then choose Delete device. 下一次与 Active Directory 同步时,将删除该设备。The device will be deleted the next time it syncs with Active Directory. 这通常发生在 4 小时内。This typically happens within four hours. 同步之后,将从管理中删除该设备。After syncing, the device is removed from management. 这会从该用户的设备限制中删除一台设备。This removes one device from the device limit for this user.

停用被管理的计算机Retire managed computers

可以从 Intune 管理控制台的管理中删除 Intune 客户端软件管理的计算机。Computers that Intune client software manages can be removed from management in the Intune admin console. 删除的同时还会卸载客户端软件,并从计算机中删除 Intune 策略。This also uninstalls the client software and deletes the Intune policy from the computer. 请参阅有关停用使用 Intune 客户端软件管理的计算机的信息。See information about retiring computers managed with the Intune client software.

阻止访问设备Block access a device

如果丢失了某个设备,或者因为某位员工离开公司时未归还公司拥有的硬件而必须要停用设备,则还可以重置密码和远程锁定该设备。If a device is lost or when you must retire a device because an employee left your company without returning a company-owned hardware, you can also passcode reset and remotely lock the device. 尽管你可能已将设备标记为丢失,但此操作可以防止公司信息被误用。This keeps company information from being misused, although you might have to write the device off as a loss.

你还需要从该员工的 Intune 用户帐户吊销许可证。You also want to revoke the license from the employee's Intune user account. 这将释放许可证,然后可以将该许可证分配给新的用户帐户。This frees up the license, and you can assign it to a new user account.

停用硬件Retire hardware

有时,设备本身已达到了其寿命终点。Sometimes, it’s the device itself that has reached its end of life. 在这种情况下,使用完全擦除重置为出厂设置将删除所有的数据并从 Intune 中删除设备。In such cases, resetting it to factory settings with a full wipe removes all data and removes the device from Intune. 然后,可以根据公司的策略处理掉硬件。Then, you can get rid of the hardware according to your company’s policy.

另请参阅See also

使用完全擦除或选择性擦除保护数据Help protect your data with full or selective wipe