Avoiding OS Reinstallation Issues After Wiping Devices in Intune

 If you're managing end-user devices using Microsoft Intune and facing issues where wiping a device still requires you to install the OS using a USB drive, you're likely encountering duplicate device entries in Azure AD and Intune. This issue often occurs due to BitLocker encryption on the OS drive (C: drive).

Understanding the Issue

When you wipe a device from Intune, it should automatically reinstall Windows and prompt the user for login. However, in some cases:

  • The device gets stuck at BitLocker recovery or a missing OS screen.
  • After wiping, the device fails to boot and requires a USB OS installation.
  • The device appears twice in Azure AD and Intune, causing enrollment conflicts.

Why does this happen? 👉 BitLocker encryption is still active on the OS drive (C:) during the wipe process. When Intune wipes the device, it does not properly remove encryption keys, causing boot failures.

How to Prevent This Issue

Before wiping a device from Intune, follow these steps to ensure a smooth wipe and re-enrollment via Autopilot:

1️⃣ Decrypt the Device Before Wiping

Since BitLocker encryption is causing the issue, you must disable BitLocker before wiping the device.

✔️ Find the BitLocker Recovery Key

  • If the device is Azure AD joined, retrieve the key from Microsoft Account.
  • If the device is managed by Intune, go to Microsoft Endpoint Manager Devices Select Device Recovery Keys.

✔️ Turn Off BitLocker Encryption Run this command in an elevated Command Prompt (Admin Mode):

manage-bde -off C:

This process may take time. Ensure decryption is fully complete before proceeding.

2️⃣ Wipe the Device Using Intune

Once BitLocker is disabled, initiate the wipe:

  • Go to Microsoft Endpoint Manager Devices All Devices.
  • Select the device and choose Wipe.
  • Choose "Wipe and remove from Intune" (if reassigning) or "Retain enrollment state" (if the same user is reusing it).

3️⃣ Let the Device Reset Without a USB OS Installation

  • After wiping, the device will automatically reboot and reinstall Windows.
  • It will prompt for new user login without needing a manual OS installation.

Key Takeaways

Always decrypt BitLocker before wiping a device.

This prevents duplicate entries in Azure AD and Intune.

Avoid unnecessary USB OS installation and streamline Autopilot enrollment.

Ensure a seamless user experience for end users.

By following this approach, you can avoid common wiping issues and ensure smooth device re-enrollment in Intune and Autopilot.

Have you faced similar issues? Let's discuss in the comments! 🚀

Comments

Post a Comment

Popular posts from this blog

4 Most common Issues while registering devices with Microsoft Intune MDM

Image
  The built-in Mobile Device Management (MDM) for Office 365 helps you secure and manage your users' mobile devices like iPhones, iPads, Androids, and Windows phones. You can create and manage device security policies, remotely wipe a device, and view detailed device reports. During implementation or deployment, there are some common issues which occur in many of the environment  1-   Windows Update Sometimes you will notice that Windows Update is showing-Up-To-Date but in actual, the version needed for the MDM Registration is not updating automatically and eventually fails every time in the loop Solution Suggested Go to this  link  upgrade your Windows 10 to the latest version You will find a home page like the screenshot below. Click on UPDATE Now button. It will download a .exe file. Run the file and click on UPDATE Now button and press YES. Here it will update your Windows 10 to the Latest Version Note:  You can still work during downloading a...
Read more

Managing Windows Updates with Intune: Best Practices with Update Rings

Image
  Keeping Windows devices up to date is one of the most critical, and often most overlooked, aspects of endpoint security. With Microsoft Intune, you can manage Windows updates centrally using Update Rings , giving you control over when updates install, how users experience restarts, and how you test updates before broad deployment. In this guide, I’ll walk you through: What update rings are Why they’re essential for patch compliance How to configure them in Intune Best practices for rollout and user experience 1. What Are Windows Update Rings in Intune? Update rings in Intune allow you to: Define when and how Windows updates are delivered Set deadlines for installation and restarts Delay feature updates (e.g., to test before production) Control user experience during updates They apply to Windows 10 and 11 devices enrolled in Intune, including those provisioned via Autopilot. 2. Why Update Management Matters Without structured update management, you risk: Devices missing crit...
Read more

The Intune Device Lifecycle: From Onboarding to Retirement (Best Practices)

  Managing endpoints isn’t just about deployment, it’s about handling the entire device lifecycle : from onboarding and day-to-day management to secure deprovisioning when a device is no longer in use. Microsoft Intune provides a streamlined, policy-driven approach to each phase of this lifecycle, and when done right, it reduces IT overhead, increases security, and improves the user experience. In this post, I’ll walk you through the key stages of managing a device in Intune from start to finish, and how to handle each one effectively. Stage 1: Provisioning & Onboarding This is where the device journey begins, and it sets the tone for everything that follows. Tools and features to use: Windows Autopilot for zero-touch setup Enrollment Status Page (ESP) to control setup sequence Dynamic groups to assign configurations automatically Baseline security policies (compliance, Defender, encryption) Goal: Make the first experience smooth, secure, and consistent for every user. Sta...
Read more