As you all know, Intune can deploy all kind of settings and profiles (security settings, WiFi, Certificate, Mail and VPN profiles) to your users and devices. But what if you want to remove one of the settings/profiles.
Until now this hasn’t been possible (expect if you did a selective wipe/full wipe). With the updates delivered in the November and December release of Microsoft Intune backend, the policy will be removed when:
- User or device leaves a collection / Group where policy was targeted to
- Admin removes the deployment
- Admin removes the policy itself
Note that this feature is available in both if you use Microsoft Intune Standalone and SCCM UDM with Intune.
As with all things we do with the device, we are dependent of underlying management platform. Below you see what’s can remove per platform.
Type of settings
|
Windows
|
Android
|
WP8.1 (There is no support for WP8)
|
IOS
|
Resource access Profiles (WiFi, VPN, Email, Certificate etc)
|
Yes
|
Yes
|
Yes
|
Yes
|
Configuration Items
|
No
|
No
|
Supported settings: ./Vendor/MSFT/PolicyManager/My/DeviceLock/AllowIdleReturnWithoutPassword ./Vendor/MSFT/PolicyManager/My/DeviceLock/DevicePasswordEnabled”; ./Vendor/MSFT/PolicyManager/My/DeviceLock/AllowSimpleDevicePassword”; ./Vendor/MSFT/PolicyManager/My/DeviceLock/MinDevicePasswordLength”; ./Vendor/MSFT/PolicyManager/My/DeviceLock/AlphanumericDevicePasswordRequired”; ./Vendor/MSFT/PolicyManager/My/DeviceLock/DevicePasswordExpiration”; ./Vendor/MSFT/PolicyManager/My/DeviceLock/DevicePasswordHistory”; ./Vendor/MSFT/PolicyManager/My/DeviceLock/MaxDevicePasswordFailedAttempts”; ./Vendor/MSFT/PolicyManager/My/DeviceLock/MaxInactivityTimeDeviceLock”; ./Vendor/MSFT/PolicyManager/My/DeviceLock/MinDevicePasswordComplexCharacters”; ./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions ./Vendor/MSFT/PolicyManager/My/Camera/AllowCamera ./Vendor/MSFT/PolicyManager/My/Security/RequireDeviceEncryption ./Vendor/MSFT/PolicyManager/My/System/AllowStorageCard ./Vendor/MSFT/PolicyManager/My/Browser/AllowBrowser ./Vendor/MSFT/PolicyManager/My/ApplicationManagement/AllowStore ./Vendor/MSFT/PolicyManager/My/Experience/AllowScreenCapture ./Vendor/MSFT/PolicyManager/My/System/AllowTelemetry ./Vendor/MSFT/PolicyManager/My/System/AllowLocation ./Vendor/MSFT/PolicyManager/My/Accounts/AllowMicrosoftAccountConnection ./Vendor/MSFT/PolicyManager/My/Accounts/AllowAddingNonMicrosoftAccountsManually ./Vendor/MSFT/PolicyManager/My/Experience/AllowCopyPaste ./Vendor/MSFT/PolicyManager/My/WiFi/AllowInternetSharing ./Vendor/MSFT/PolicyManager/My/WiFi/AllowAutoConnectToWiFiSenseHotspots ./Vendor/MSFT/PolicyManager/My/WiFi/AllowWiFiHotSpotReporting ./Vendor/MSFT/PolicyManager/My/Experience/AllowManualMDMUnenrollment ./Vendor/MSFT/PolicyManager/My/System/AllowUserToResetPhone ./Vendor/MSFT/PolicyManager/My/Connectivity/AllowUSBConnection ./Vendor/MSFT/PolicyManager/My/Connectivity/AllowBluetooth ./Vendor/MSFT/PolicyManager/My/Connectivity/AllowCellularDataRoaming ./Vendor/MSFT/PolicyManager/My/Connectivity/AllowNFC ./Vendor/MSFT/PolicyManager/My/Connectivity/AllowCellularData /Vendor/MSFT/PolicyManager/My/WiFi/AllowWiFi
|
All settings except roaming settings
|
The list of policies can also be found at http://technet.microsoft.com/en-us/library/dn743712.aspx under “What happens when a policy is deleted, or no longer applicable”
To illustrate how this can look like I have recorded a short video describing how this looks like.
If you have any questions or feedback, please add into the comments below