Patch My PC / Blog

Windows Autopilot Reset vs. Intune Remote Wipe

by | Aug 5, 2024 | Blog

I started writing this blog after posting a poll on LinkedIn to find out who was using Windows Autopilot Reset or the Intune Remote Wipe to reset an existing device before we handed it over to a new employee.

Autopilot reset vs Intune remote Wipe outcome

Introduction

Let’s start with a proper introduction first.

When giving an existing device to a new employee, IT administrators must choose the best way to prepare it. Two main options are Windows Autopilot Reset and Intune Remote Wipe. Each method has its features and benefits, making it useful in different situations.

Autopilot Reset is designed to quickly restore the device to its original state without really reinstalling the operating system. This efficient option removes all previous user data and settings while keeping essential configurations and applications intact. It’s ideal for scenarios where the device needs to be redeployed quickly with minimal downtime.

On the other hand, Intune Remote Wipe completely erases all device data, settings, and configurations. This method ensures that the device is entirely clean, providing a fresh start for the new user. It is particularly useful in situations where security is a high priority and there is a need to ensure no residual data from the previous user remains on the device.

This blog will explore both methods in detail, looking at how they work and their results. By understanding the processes and outcomes of each approach, you can determine which option is best suited for your needs. Whether you need a quick turnaround or a clean slate, we’ll help you make an informed decision.

Introduction to Windows Autopilot Reset

Windows Autopilot Reset is designed to prepare a device for a new user quickly. It removes personal files, settings, and apps while maintaining the device’s identity and settings in Azure Active Directory (Azure AD) and Intune. This method leverages the automatic redeployment CSP, allowing the device to be reset without reinstalling the operating system, making it faster and less bandwidth-intensive than a full wipe.

Key features of Windows Autopilot Reset include:

  • Retention of Device Identity: The device remains enrolled in Azure AD and Intune, preserving its identity and management capabilities.

  • Speed: The reset process is quicker since it doesn’t involve reinstallation of the OS.

For more information, you can refer to the official Windows Autopilot Reset documentation and the Windows Autopilot Reset overview.

Introduction to Intune Remote Wipe

Intune Remote Wipe is a more comprehensive method designed to remove all user data, settings, and apps from a device. This action reinstalls the operating system, ensuring that all personal data is thoroughly removed. While this process is more time-consuming than an Autopilot Reset, it effectively wipes the device, providing a higher level of data security.

Key features of Intune Remote Wipe include:

  • Comprehensive Data Removal:  This ensures all user data, settings, and apps are wiped from the device.

  • Reinstallation of OS: The process involves reinstalling the operating system, providing a clean slate for the following user.

  • Data Security: Offers a higher level of data security by ensuring the complete removal of all personal data.

For detailed information, visit the Intune Remote Wipe documentation.

Comparing Autopilot Reset and Intune Remote Wipe

A quick comparison between Windows Autopilot reset and the Intune Remote Wipe feature.

Windows Autopilot Reset:

  • Speed: Generally faster than Intune Remote Wipe because it does not reinstall the operating system.

  • Use Case: Suitable for quickly preparing devices for new users in environments where data security is managed through other means.

Intune Remote Wipe:

  • Speed: Takes longer due to the reinstallation of the operating system.

  • Data Handling: This ensures that all data is wiped from the device, providing higher security by removing all personal data and settings.

  • Use Case: Ideal for scenarios requiring high data security and ensuring all previous user data is completely removed.

Detailed Look into the Intune Remote Wipe Process

Let’s start with an overview of what happens during the Intune Remote Wipe Process aka the reset scenario.

The Intune remote Wipe Process showing the deleteoldos and deleteuserdata steps

To give a brief summary of the steps above:

  1. Initiation: The wipe is triggered through the Intune portal.

  1. Data Removal: Before starting the whole process, it will check if the wipeData marker is set.

the WipeData marker been set with the reset Scenario

With the wipeData marker set, the device removes all user data, settings, and apps, including a secure erase of all data volumes.

resetengine.dll responsible for the wipe, shows us the erare of the filesystem in the code.
  1. Operating System Reinstallation: After data removal, the device reinstalls the operating system, ensuring a clean slate.

push button reset flow shows us how the operaring system is reinstalled with all off his settings
  1. Post-Wipe State: The device will be left with a fresh operating system installation with no residual user data.

Final parts of the push button reset

I guess we are all pretty familiar with those steps, right? Especially with the Windows.Old saga that left the Windows.old folder on the disk with all the previous User its important data in it

Windows 21H2 | Data Wipe Command leaves User Data on disk (call4cloud.nl)

Luckily, Microsoft fixed that pretty fast, and with it, we could be pretty sure that the data was clean before handing it over to the next user!

Detailed Look into the Autopilot Reset Process

With the Intune remote wipe process covered, let’s find out what happens when we want to perform a remote Windows Autopilot reset in the Intune portal.

Autopilot reset option in the Intune Portal

When performing a reWindows Autopilot Reset, the process uses the automaticredeployment CSP to reset the device.  A fun fact: Besides clicking on the Autopilot reset button in Intune, we can also perform an exec command for that same CSP using the SyncMl tool. When levering this tool and the automaticredeployment CSP we can perform a local Windows autopilot reset!

manually triggering the Autopilot reset local on the device by using the syncml tool

The overview below shows what happens when we perform an exec to the doAutomaticRedeployment csp. From top to bottom, this is the flow it goes through.

the autopilot reset flow showing us the preserve and restore mdm steps

When looking at the flow above, two things probably stand out. The first one is the PreserveMDM and RestoreMDM functions. When I noticed those two functions, I decided to take a closer look at them.

 

how the preserve mdm step is saving the intune certificate in the mdmconfig.dat

As shown above, it certainly looks like preserving the MDM settings is all about backing up the Intune MDM certificate by storing it in the mdmconfig.dat so it can be restored later in the process.

But….. there is something very important missing in the flow, especially when I look back at the first sentence of this blog: “ When giving an existing device to a new employee,”

Windows Autopilot Reset indeed mentions the fact that it removes personal files, apps, and settings.

Microsoft documentation telling us that the autopilot reset will remove personal files,apps and settings

Now comes the bad news! Autopilot Reset does NOT format/wipe the drive like the Intune Remote Wipe or Fresh Start (SignatureReset) would do

the resetengine.dll code showing us that onle the reset and signaturereset scenario would wipe the device.

With the device not performing a good wipe, previous root folders with possible crucial data are NOT removed from the autopilot device.

after the autopilot reset, existing root folders are still on the device

Oww, another but!! But that’s not even the biggest issue here. The AutomicRedeployment (Reprovioning scenario) also leaves something else lingering on the device!

 

the windows.old folder with the user folder in it is not removed during the Autopilot reset

Yes!!! As shown above, it’s pretty clear that the Windows.old folder with the previous user’s data is still there!

Conclusion

Choosing between Windows Autopilot Reset and Intune Remote Wipe depends on your organization’s needs. If you need to prepare devices quickly and can handle data security in other ways, Windows Autopilot Reset could be an option. It resets the device fast, keeping the MDM enrollment, settings, and apps, but the old user data still lingers—which is, in my opinion, very bad!

Intune Remote Wipe is a way better option if removing all user data completely is very important, especially for strict security. This method wipes everything from the device, making it like new for the next user account.