使用恢復出廠預設值、移除公司資料或手動取消註冊裝置來移除裝置Remove devices by using factory reset, removing company data, or manually unenrolling the device

透過使用 [移除公司資料] 或 [重設成出廠預設值] 動作,您可以從 Intune 移除不再需要、重新設定用途或者遺失的裝置。By using the Remove company data or Factory reset actions, you can remove devices from Intune that are no longer needed, being repurposed, or missing. 使用者也可以從 Intune 公司入口網站,對使用 Intune 註冊的個人擁有裝置發出遠端命令。Users can also issue a remote command from the Intune Company Portal to personally owned devices that are enrolled in Intune.

注意

在您從 Azure Active Directory (Azure AD) 移除使用者之前,請對與該使用者建立關聯的所有裝置發出 [原廠重設] 或 [移除公司資料] 動作。Before you remove a user from Azure Active Directory (Azure AD), use the Factory reset or Remove company data actions for all devices that are associated with that user. 如果您從 Azure AD 移除有受控裝置的使用者,Intune 不會再對這些裝置發出原廠重設或移除公司資料的命令。If you remove users that have managed devices from Azure AD, Intune can no longer issue a factory reset or remove company data for those devices.

原廠重設Factory reset

[原廠重設] 動作會將裝置還原成其出廠的預設設定。The Factory reset action restores a device to its factory default settings. 如果您選擇 [保留註冊狀態和使用者帳戶] 核取方塊,則會保留使用者資料。The user data is kept if you choose the Retain enrollment state and user account checkbox. 否則,會安全地清除磁碟機。Otherwise, the drive is securely erased.

重設成出廠預設值動作Factory reset action 保留註冊狀態和使用者帳戶Retain enrollment state and user account 從 Intune 管理移除Removed from Intune management 說明Description
重設成出廠預設值Factory Reset 未勾選Not checked Yes 清除所有的使用者帳戶、資料、MDM 原則及設定。Wipes all user accounts, data, MDM policies, and settings. 將作業系統重設為其預設狀態和設定。Resets the operating system to its default state and settings.
重設成出廠預設值Factory Reset 勾選Checked No 清除所有的 MDM 原則。Wipes all MDM Policies. 保留使用者帳戶和資料。Keeps user accounts and data. 將使用者設定重設為預設值。Resets user settings back to default. 將作業系統重設為其預設狀態和設定。Resets the operating system to its default state and settings.

[保留註冊狀態和使用者帳戶] 選項僅適用於 Windows 10 版本 1709 或更新版本。The Retain enrollment state and user account option is only available for Windows 10 version 1709 or later.

下次連線到 Intune 時,MDM 原則將會重新套用。MDM policies will be reapplied the next time the device connects to Intune.

在您將裝置給予新使用者之前重設裝置,或當裝置遺失或遭竊的情況,原廠重設十分有用。A factory reset is useful for resetting a device before you give the device to a new user, or when the device has been lost or stolen. 請小心選取 [原廠重設]。Be careful about selecting Factory reset. 裝置上的資料無法復原。Data on the device cannot be recovered.

對裝置執行原廠重設Factory reset a device

  1. 登入 Azure 入口網站Sign in to the Azure portal.

  2. 選取 [All services] (所有服務),篩選 [Intune],然後選取 [Microsoft Intune]。Select All services, filter on Intune, and select Microsoft Intune.

  3. 選取 [裝置] > [所有裝置]。Select Devices > All devices.

  4. 選擇您要執行原廠重設的裝置名稱。Select the name of the device that you want to factory reset.

  5. 在顯示裝置名稱的窗格中,選取 [原廠重設]。In the pane that shows the device name, select Factory reset.

  6. 在 Windows 10 的 1709 版或更新版本中,您也可以有 [Retain enrollment state and user account] (保留註冊狀態和使用者帳戶) 選項。For Windows 10 version 1709 or later, you also have the Retain enrollment state and user account option.

    重設為原廠設定時保留不變Retained during a factory reset 不保留Not retained
    與裝置建立關聯的使用者帳戶User accounts associated with the device 使用者檔案User files
    機器狀態 (網域加入、已加入 Azure AD)Machine state (domain join, Azure AD-joined) 使用者安裝的應用程式 (市集和 Win32 應用程式)User-installed apps (store and Win32 apps)
    行動裝置管理 (MDM) 註冊Mobile device management (MDM) enrollment 非預設的裝置設定Non-default device settings
    OEM 安裝的應用程式 (市集和 Win32 應用程式)OEM-installed apps (store and Win32 apps)
    使用者設定檔User profile
    使用者設定檔外的使用者資料User data outside of the user profile
    使用者自動登入User autologon
  7. 選取 [是] 確認執行原廠重設。To confirm the factory reset, select Yes.

如果裝置已開啟且連線,則 [原廠重設] 動作過程會在 15 分鐘內傳播到所有的裝置類型。If the device is on and connected, the Factory reset action propagates across all device types in less than 15 minutes.

移除公司資料Remove company data

[移除公司資料] 動作會移除使用 Intune 所指派的受控應用程式資料 (適用時)、設定和電子郵件設定檔。The Remove company data action removes managed app data (where applicable), settings, and email profiles that were assigned by using Intune. 並從 Intune 管理項目移除裝置。The device is removed from Intune management. 當裝置下一次簽入並收到遠端 [移除公司資料] 動作時,便會發生。This happens the next time the device checks in and receives the remote Remove company data action.

[移除公司資料] 會將使用者的個人資料保留在裝置上。Remove company data leaves the user's personal data on the device.

下表描述將移除哪些資料,以及移除公司資料後,[移除公司資料] 動作對保留在裝置上的資料有何影響。The following tables describe what data is removed, and the effect of the Remove company data action on data that remains on the device after company data is removed.

iOSiOS

資料類型Data type iOSiOS
Intune 安裝的公司應用程式和相關資料Company apps and associated data installed by Intune 已將應用程式解除安裝。Apps are uninstalled. 將會移除公司應用程式資料。Company app data is removed.

使用行動裝置應用程式管理之 Microsoft 應用程式的應用程式資料會予以移除。App data from Microsoft apps that use mobile app management is removed. 應用程式不會移除。The app is not removed.
設定Settings 由 Intune 原則所設定的設定不再是強制性。Configurations that were set by Intune policy are no longer enforced. 使用者可以變更這些設定。Users can change the settings.
Wi-Fi 及 VPN 設定檔設定Wi-Fi and VPN profile settings 已移除。Removed.
憑證設定檔設定Certificate profile settings 憑證會予以移除及撤銷。Certificates are removed and revoked.
管理代理程式Management agent 已移除管理設定檔。The management profile is removed.
電子郵件Email 已移除經由 Intune 佈建的電子郵件設定檔。Email profiles that are provisioned through Intune are removed. 已刪除裝置上的快取電子郵件。Cached email on the device is deleted.
OutlookOutlook 已移除 iOS 版 Microsoft Outlook 應用程式收到的電子郵件。Email that's received by the Microsoft Outlook app for iOS is removed. 先決條件是要將 Outlook 行動應用程式部署為 iOS 使用者的「必要」應用程式。This requires that the Outlook mobile app be deployed as a Required app to iOS users first.
Azure AD 退出Azure AD unjoin 已移除 Azure AD 記錄。The Azure AD record is removed.
連絡人Contacts 已移除直接從應用程式同步到原生通訊錄的連絡人。Contacts that are synced directly from the app to the native address book are removed. 無法移除從原生通訊錄同步到其他外部來源的任何連絡人。Any contacts that are synced from the native address book to another external source can't be removed.

目前只支援 Outlook 應用程式。Currently, only the Outlook app is supported.

AndroidAndroid

資料類型Data type AndroidAndroid Android Samsung Knox StandardAndroid Samsung Knox Standard
網頁連結Web links 已移除。Removed. 已移除。Removed.
未受管理的 Google Play 應用程式Unmanaged Google Play apps 應用程式和資料仍會保持安裝。Apps and data remain installed. 應用程式和資料仍會保持安裝。Apps and data remain installed.
非受控企業營運應用程式Unmanaged line-of-business apps 應用程式和資料仍會保持安裝。Apps and data remain installed. 已解除安裝應用程式並移除應用程式的本機資料。Apps are uninstalled and data that's local to the app is removed. 不會移除應用程式外的任何資料 (例如 SD 記憶卡)。No data that's outside the app (for example, on an SD card) is removed.
受管理的 Google Play 應用程式Managed Google Play apps 將會移除應用程式資料。App data is removed. 不會移除應用程式。The app isn't removed. 應用程式外受行動應用程式管理 (MAM) 加密保護的資料 (例如 SD 記憶卡),仍維持加密狀態且無法使用,但不會移除。Data that's protected by Mobile Application Management (MAM) encryption outside the app (for example, an SD card) remains encrypted and unusable, but isn't removed. 將會移除應用程式資料。App data is removed. 不會移除應用程式。The app isn't removed. 應用程式外受 MAM 加密保護的資料 (例如 SD 記憶卡),仍維持加密狀態,但不會移除。Data that's protected by MAM encryption outside the app (for example, an SD card) remains encrypted, but isn't removed.
非受控企業營運應用程式Managed line-of-business apps 將會移除應用程式資料。App data is removed. 不會移除應用程式。The app isn't removed. 應用程式外受 MAM 加密保護的資料 (例如 SD 記憶卡),仍維持加密狀態且無法使用,但不會移除。Data that's protected by MAM encryption outside the app (for example, an SD card) remains encrypted and unusable, but isn't removed. 將會移除應用程式資料。App data is removed. 不會移除應用程式。The app isn't removed. 應用程式外受 MAM 加密保護的資料 (例如 SD 記憶卡),仍維持加密狀態且無法使用,但不會移除。Data that's protected by MAM encryption outside the app (for example, an SD card) remains encrypted and unusable, but isn't removed.
設定Settings 由 Intune 原則所設定的設定不再是強制性。Configurations that were set by Intune policy are no longer enforced. 使用者可以變更這些設定。Users can change the settings. 由 Intune 原則所設定的設定不再是強制性。Configurations that were set by Intune policy are no longer enforced. 使用者可以變更這些設定。Users can change the settings.
Wi-Fi 及 VPN 設定檔設定Wi-Fi and VPN profile settings 已移除。Removed. 已移除。Removed.
憑證設定檔設定Certificate profile settings 憑證會予以撤銷,但不會移除。Certificates are revoked but not removed. 憑證會予以移除及撤銷。Certificates are removed and revoked.
管理代理程式Management agent 撤銷裝置系統管理員權限。Device Administrator privilege is revoked. 撤銷裝置系統管理員權限。Device Administrator privilege is revoked.
電子郵件Email N/A (Android 裝置不支援電子郵件設定檔)N/A (Email profiles aren't supported by Android devices) 經由 Intune 佈建的電子郵件設定檔已移除。Email profiles that are provisioned through Intune are removed. 已刪除裝置上的快取電子郵件。Cached email on the device is deleted.
OutlookOutlook 僅當 Android 版 Outlook 應用程式受到 MAM 原則保護時,才會移除其所接收的電子郵件。Email that's received by the Outlook app for Android is removed, but only if Outlook is protected by MAM policies. 否則,取消註冊裝置時不會抹除 Outlook。Otherwise, Outlook isn't wiped when the device is unenrolled. 僅當 Android 版 Outlook 應用程式受到 MAM 原則保護時,才會移除其所接收的電子郵件。Email that's received by the Outlook app for Android is removed, but only if Outlook is protected by MAM policies. 否則,取消註冊裝置時不會抹除 Outlook。Otherwise, Outlook isn't wiped when the device is unenrolled.
Azure AD 退出Azure AD unjoin 已移除 Azure AD 記錄。The Azure AD record is removed. 已移除 Azure AD 記錄。The Azure AD record is removed.
連絡人Contacts 已移除直接從應用程式同步到原生通訊錄的連絡人。Contacts that are synced directly from the app to the native address book are removed. 無法移除從原生通訊錄同步到其他外部來源的任何連絡人。Any contacts that are synced from the native address book to another external source can't be removed.

目前只支援 Outlook 應用程式。Currently, only the Outlook app is supported.
已移除直接從應用程式同步到原生通訊錄的連絡人。Contacts that are synced directly from the app to the native address book are removed. 無法移除從原生通訊錄同步到其他外部來源的任何連絡人。Any contacts that are synced from the native address book to another external source can't be removed.

目前只支援 Outlook 應用程式。Currently, only the Outlook app is supported.

Android 工作設定檔Android work profile

從 Android 工作設定檔裝置移除公司資料會移除該裝置上工作設定檔中的所有資料、應用程式和設定。Removing company data from an Android work profile device removes all data, apps, and settings in the work profile on that device. Intune 管理已淘汰該裝置。The device is retired from management with Intune. Android 工作設定檔不支援恢復出廠預設值。Factory reset is not supported for Android work profiles.

Android 企業 Kiosk 裝置Android enterprise kiosk devices

您只可以將 Android Kiosk 裝置恢復為出廠預設值。You can only factory reset Android kiosk devices. 您無法從 Android Kiosk 裝置移除公司資料。You can't remove company data from Android kiosk devices.

macOSmacOS

資料類型Data type macOSmacOS
設定Settings 由 Intune 原則所設定的設定不再是強制性。Configurations that were set by Intune policy are no longer enforced. 使用者可以變更這些設定。Users can change the settings.
Wi-Fi 及 VPN 設定檔設定Wi-Fi and VPN profile settings 已移除。Removed.
憑證設定檔設定Certificate profile settings 透過 MDM 部署的憑證將會移除並撤銷。Certificates that were deployed through MDM are removed and revoked.
管理代理程式Management agent 已移除管理設定檔。The management profile is removed.
OutlookOutlook 若已啟用條件式存取,裝置就不會收到新的郵件。If conditional access is enabled, the device doesn't receive new mail.
Azure AD 退出Azure AD unjoin 已移除 Azure AD 記錄。The Azure AD record is removed.

WindowsWindows

資料類型Data type Windows 8.1 (MDM) 和 Windows RT 8.1Windows 8.1 (MDM) and Windows RT 8.1 Windows RTWindows RT Windows Phone 8.1 和 Windows Phone 8Windows Phone 8.1 and Windows Phone 8 Windows 10Windows 10
Intune 安裝的公司應用程式和相關資料Company apps and associated data installed by Intune 會撤銷受 EFS 保護之檔案的索引鍵。Keys are revoked for files that are protected by EFS. 使用者無法開啟檔案。The user can't open the files. 不會移除公司應用程式。Company apps aren't removed. 原本透過公司入口網站安裝的應用程式將會解除安裝。Apps originally installed through the Company Portal are uninstalled. 將會移除公司應用程式資料。Company app data is removed. 已將應用程式解除安裝。Apps are uninstalled. 已移除側載金鑰。Sideloading keys are removed.
針對 Windows 10 版本 1703 (Creators Update) 和更新版本,不會移除 Office 365 ProPlus 應用程式。For Windows 10 version 1703 (Creators Update) and later, Office 365 ProPlus apps aren't removed.
設定Settings 由 Intune 原則所設定的設定不再是強制性。Configurations that were set by Intune policy are no longer enforced. 使用者可以變更這些設定。Users can change the settings. 由 Intune 原則所設定的設定不再是強制性。Configurations that were set by Intune policy are no longer enforced. 使用者可以變更這些設定。Users can change the settings. 由 Intune 原則所設定的設定不再是強制性。Configurations that were set by Intune policy are no longer enforced. 使用者可以變更這些設定。Users can change the settings. 由 Intune 原則所設定的設定不再是強制性。Configurations that were set by Intune policy are no longer enforced. 使用者可以變更這些設定。Users can change the settings.
Wi-Fi 及 VPN 設定檔設定Wi-Fi and VPN profile settings 已移除。Removed. 已移除。Removed. 不支援。Not supported. 已移除。Removed.
憑證設定檔設定Certificate profile settings 憑證會予以移除及撤銷。Certificates are removed and revoked. 憑證會予以移除及撤銷。Certificates are removed and revoked. 不支援。Not supported. 憑證會予以移除及撤銷。Certificates are removed and revoked.
電子郵件Email 移除已啟用 EFS 的電子郵件。Removes email that's EFS-enabled. 這包括 Windows 郵件應用程式中的電子郵件和附件。This includes emails and attachments in the Mail app for Windows. 不支援。Not supported. 已移除經由 Intune 佈建的電子郵件設定檔。Email profiles that are provisioned through Intune are removed. 已刪除裝置上的快取電子郵件。Cached email on the device is deleted. 移除已啟用 EFS 的電子郵件。Removes email that's EFS-enabled. 這包括 Windows 郵件應用程式中的電子郵件和附件。This includes emails and attachments in the Mail app for Windows. 移除 Intune 佈建的郵件帳戶。Removes mail accounts that were provisioned by Intune.
Azure AD 退出Azure AD unjoin 否。No. 否。No. 已移除 Azure AD 記錄。The Azure AD record is removed. 不適用。Not applicable. 在 Windows 10 中,您無法移除已加入 Azure AD 裝置中的公司資料。On Windows 10, you can't remove company data for Azure AD-joined devices.

移除公司資料Remove company data

  1. 登入 Azure 入口網站中的 IntuneSign in to the Intune in the Azure portal.
  2. 在 [裝置] 窗格中,選取 [所有裝置]。In the Devices pane, select All devices.
  3. 選取您要從中移除公司資料之裝置的名稱。Select the name of the device from which you want to remove company data.
  4. 在顯示裝置名稱的窗格中,選取 [移除公司資料]。In the pane that shows the device name, select Remove company data. 選取 [是] 確認。To confirm, select Yes.

如果裝置已開啟且連線,則 [移除公司資料] 動作過程會在 15 分鐘內傳播到所有的裝置類型。If the device is on and connected, the Remove company data action propagates across all device types in less than 15 minutes.

從 Intune 入口網站中刪除裝置Delete devices from the Intune portal

如果您想要從 Intune 入口網站移除裝置,則可以從特定的裝置窗格來刪除裝置。If you want to remove devices from the Intune portal, you can delete them from the specific device pane. 下一次裝置簽入時,會移除裝置上所有的公司資料。The next time the device checks in, any company data on it will be removed.

  1. 登入 Azure 入口網站中的 IntuneSign in to Intune in the Azure portal.
  2. 選擇 [裝置] > [所有裝置] > 選擇您要刪除的裝置 > [刪除]。Choose Devices > All devices > choose the devices you want to delete > Delete.

使用清除規則自動刪除裝置Automatically delete devices with cleanup rules

您可以將 Intune 設定為自動刪除看似非作用中、過時、或是沒有回應的裝置。You can configure Intune to automatically delete devices that appear to be inactive, stale, or unresponsive. 這些清除規則會持續監視您的裝置清查,以便您的裝置記錄保持最新狀態。These cleanup rules continuously monitor your device inventory so that your device records stay current. 以這種方法刪除的裝置會從 Intune 管理移除。Devices deleted in this way are removed from Intune management.

  1. 登入 Azure 入口網站中的 IntuneSign in to the Intune in the Azure portal.
  2. 選擇 [裝置] > [裝置清除規則] > [確定]。Choose Devices > Device cleanup rules > Yes.
  3. 在 [刪除已多日未簽入的裝置] 方塊中,輸入 90 到 270 之間的數字。In the Delete devices that haven’t checked in for this many days box, enter a number between 90 and 270.
  4. 選擇 [儲存]。Choose Save.

從 Azure Active Directory 入口網站刪除裝置Delete devices from the Azure Active Directory portal

由於通訊問題或遺失裝置,您可能需要從 Azure AD 刪除裝置。You might need to delete devices from Azure AD due to communication issues or missing devices. 您可以使用 [刪除] 動作來移除 Azure 入口網站中已知無法連線且不太可能與 Azure 再次通訊的裝置記錄。You can use the Delete action to remove device records from the Azure portal for devices that you know are unreachable and unlikely to communicate with Azure again. [刪除] 動作不會從管理移除裝置。The Delete action doesn't remove a device from management.

  1. 使用您的管理員認證登入 Azure 入口網站中的 Azure Active DirectorySign in to Azure Active Directory in the Azure portal by using your admin credentials. 您也可以登入 Office 365 入口網站You can also sign in to the Office 365 portal. 從功能表中,選取 [系統管理中心] > [Azure AD]。From the menu, select Admin centers > Azure AD.
  2. 如果您沒有 Azure 訂用帳戶,請建立帳戶。Create an Azure subscription if you don’t have one. 如果您有付費帳戶,應該不需要信用卡或付款 (請選取 [註冊免費的 Azure Active Directory] 訂閱連結)。This shouldn't require a credit card or payment if you have a paid account (select the Register your free Azure Active Directory subscription link).
  3. 選取 [Azure Active Directory],然後選取您的組織。Select Azure Active Directory, and then select your organization.
  4. 選取 [使用者] 索引標籤。Select the Users tab.
  5. 選取您想要刪除之與裝置建立關聯的使用者。Select the user that's associated with the device that you want to delete.
  6. 選取 [裝置]。Select Devices.
  7. 視狀況移除裝置。Remove devices as appropriate. 例如,您可能需要移除不再使用的裝置,或定義不正確的裝置。For example, you might remove devices that are no longer in use, or devices that have inaccurate definitions.

從 Intune 淘汰 Apple DEP 裝置Retire an Apple DEP device from Intune

如果您想要完全移除由 Intune 管理的 Apple DEP 裝置,請遵循下列步驟:If you want to completely remove an Apple DEP device from management by Intune, follow these steps:

  1. 登入 Azure 入口網站中的 IntuneSign in to the Intune in the Azure portal.

  2. 選擇 [裝置] > [所有裝置] > 選擇您要刪除的裝置 > [移除公司資料]。Choose Devices > All devices > choose the device > Remove company data. 移除公司資料的螢幕擷取畫面Screenshot for remove company data

  3. 選擇 [裝置註冊] > [Apple 註冊] > [註冊計劃權杖] > 選擇權杖 > [裝置] > 選擇該裝置的核取方塊 > [刪除] > [是]。Choose Device enrollment > Apple enrollment > Enrollment program tokens > choose the token > Devices > choose the check box for the device > Delete > Yes. 刪除裝置的螢幕擷取畫面Screenshot for delete device

  4. 請瀏覽 deploy.apple.com 並依序號搜尋裝置。Visit deploy.apple.com and search for the device by its serial number.

  5. 在 [指派至] 功能表上,選擇 [未指派]。In the Assigned to menu, choose Unassigned.

  6. 選擇 [重新指派]。Choose Reassign.

    Apple 重新指派的螢幕擷取畫面

接下來的步驟Next steps

如果您想要重新註冊已刪除的裝置,請參閱註冊選項If you want to reenroll a deleted device, see Enrollment options.