Intune Fresh Start vs. Wipe: The Best Choice for Device Management

Managing devices within an organization is a crucial task, with Microsoft Intune playing an important role. Two options that often cause confusion are “Intune Fresh Start” and “Intune Wipe. In this blog post, I explain the difference between these two features so you can better determine which option best suits your needs.

🔄 1. Intune Fresh Start: A Clean Slate with Preservation of User Data

Purpose: Fresh Start is designed to restore a device to a clean state, installing the latest version of Windows.

What happens: When running Fresh Start, all user-installed apps are deleted. What is unique, however, is that user data is preserved. Windows is then reinstalled.

Use case: This option is ideal if you want to rid a device of unwanted software while ensuring it has the latest Windows version without losing the user’s personal data.

❌ 2. Intune Wipe: A Complete Reset

Purpose: Wipe is used to delete all data on a device and restore it to factory settings.

What happens: A Wipe completely deletes all user data, apps, settings and even the operating system. The device returns to the state as it was when it first came out of the box.

Use scenario: This option is useful if you want to completely clean a device, for example before it is phased out or transferred to a new user. This ensures that no residual data from the previous user remains on the device.

Two Forms of Intune Wipe

Standard Wipe
The default Wipe option within Intune deletes all user data, apps and settings, and returns the device to factory settings. This is ideal for when a device is transferred to a new user or removed from the organization.

Wipe with “Continue Wipe even if Device Loses Power”
This advanced option is designed for scenarios where a device may have been stolen. When enabled, the wipe continues even if the device loses power. This is a crucial security feature, as stolen devices are often quickly disabled by thieves.

🛠 3. Autopilot Reset

Autopilot Reset is a feature within Microsoft’s Windows Autopilot that allows a device to be restored to a clean state, while at the same time being retained within the organization’s management. This feature is ideal for scenarios where a device needs to be reconfigured for a new user or when troubleshooting issues that cannot be resolved with standard troubleshooting. The reset process ensures that all personal files, apps, and settings are deleted, while still keeping the device connected to the organization for easy reconfiguration.

Why LTE/5G Laptops Are a Smart Choice

Tip: Consider laptops with LTE/5G connectivity for your organization. The reason? LTE/5G connections increase the chances of a wipe being successfully performed on a stolen device.

Why is this important?

A thief is unlikely to try to connect to Wi-Fi on a stolen device to avoid detection. However, LTE/5G connected devices always have some form of connectivity even when not connected to Wi-Fi. This means that as long as the device is on, it can receive signals via LTE/5G, allowing security measures such as a remote wipe to be performed effectively. This keeps your data protected even in the event of theft. So LTE/5G laptops not only offer the flexibility of being connected everywhere, but also increase the security of your devices and sensitive data.

Management via the Intune console

Both actions, Fresh Start and Wipe, can be easily initiated from the Microsoft Intune management console. You simply select the device and choose the desired action. This makes device management efficient and user-friendly.

Advice: Replace the SSD/HDD on Retirement

Although a standard wipe removes data, we recommend replacing the SSD/HDD when a device goes out of service for maximum security.

BitLocker Policy in Intune

Another interesting feature within Intune is setting a policy where after a certain number of incorrect login attempts, BitLocker is activated. This requires the user to enter a recovery key to regain access. While not exactly the same as a full wipe, it provides strong protection against unauthorized access.

Conclusion

In summary, with “Fresh Start,” “Wipe” and “Autopilot Reset,” Windows Autopilot offers three powerful options for managing devices within an organization. Each of these options serves a specific purpose, from retaining personal data during a light refresh to a full reset for a clean start, to retaining management during a reset. By using these options strategically, organizations can optimize and secure their device management, contributing to a more efficient and secure IT environment.

Want to learn more or need help implementing and managing Intune in your organization? If so, please contact ALTA-ICT. Our team of experts is ready to support you with customized solutions that meet your specific needs. Visit our website or contact us directly for a personal consultation. Together, we’ll make sure your organization makes the best use of Microsoft Intune and is ready for today’s and tomorrow’s technology challenges.