January 07, 2024
Intune Fresh Start vs. Wipe: The Best Choice for Device Management
Managing devices within an organization is a crucial task, with Microsoft Intune playing an important role. Two options that often cause confusion are “Intune Fresh Start” and “Intune Wipe. In this blog post, I explain the difference between these two features so you can better determine which option best suits your needs.
Intune Fresh Start: A Clean Slate with Preservation of User Data
Purpose: Fresh Start is designed to restore a device to a clean state, installing the latest version of Windows.
What happens: When running Fresh Start, all user-installed apps are deleted. What is unique, however, is that user data is preserved. Windows is then reinstalled.
Use case: This option is ideal if you want to rid a device of unwanted software while ensuring it has the latest Windows version without losing the user’s personal data.
Intune Wipe: A Complete Reset
Purpose: Wipe is used to delete all data on a device and restore it to factory settings.
What happens: A Wipe completely deletes all user data, apps, settings and even the operating system. The device returns to the state as it was when it first came out of the box.
Use scenario: This option is useful if you want to completely clean a device, for example before it is phased out or transferred to a new user. This ensures that no residual data from the previous user remains on the device.
Two Forms of Intune Wipe
The default Wipe option within Intune deletes all user data, apps and settings, and returns the device to factory settings. This is ideal for when a device is transferred to a new user or removed from the organization.
Wipe with “Continue Wipe even if Device Loses Power”
This advanced option is designed for scenarios where a device may have been stolen. When enabled, the wipe continues even if the device loses power. This is a crucial security feature, as stolen devices are often quickly disabled by thieves.
Why LTE/5G Laptops Are a Smart Choice
Tip: Consider laptops with LTE/5G connectivity for your organization. The reason? LTE/5G connections increase the chances of a wipe being successfully performed on a stolen device.
Why is this important?
A thief is unlikely to try to connect to Wi-Fi on a stolen device to avoid detection. However, LTE/5G connected devices always have some form of connectivity even when not connected to Wi-Fi. This means that as long as the device is on, it can receive signals via LTE/5G, allowing security measures such as a remote wipe to be performed effectively. This keeps your data protected even in the event of theft. So LTE/5G laptops not only offer the flexibility of being connected everywhere, but also increase the security of your devices and sensitive data.
Management via the Intune console
Both actions, Fresh Start and Wipe, can be easily initiated from the Microsoft Intune management console. You simply select the device and choose the desired action. This makes device management efficient and user-friendly.
Advice: Replace the SSD/HDD on Retirement
Although a standard wipe removes data, we recommend replacing the SSD/HDD when a device goes out of service for maximum security.
BitLocker Policy in Intune
Another interesting feature within Intune is setting a policy where after a certain number of incorrect login attempts, BitLocker is activated. This requires the user to enter a recovery key to regain access. While not exactly the same as a full wipe, it provides strong protection against unauthorized access.
The choice between Fresh Start and Wipe depends on your specific needs. If you want to clean up a device but keep the personal data, choose Fresh Start. If a complete reset is needed, then Wipe is the most appropriate choice. By deploying these options intelligently, you can optimize and secure device management within your organization.
Want to learn more or need help implementing and managing Intune in your organization? If so, please contact ALTA-ICT. Our team of experts is ready to support you with customized solutions that meet your specific needs. Visit our website or contact us directly for a personal consultation. Together, we’ll make sure your organization makes the best use of Microsoft Intune and is ready for today’s and tomorrow’s technology challenges.