Intune Device Reprovisioning Guide
How STRSI reclaims, wipes, and reprovisions Intune-managed Windows devices from departing employees for reassignment to new users.
Overview
This guide explains the preferred STRSI process for handling a Windows laptop returned by a departing employee and preparing it for reassignment to a new user.
This process ensures:
- Previous user data is removed
- Device remains managed by STRSI
- Autopilot registration is preserved
- Intune compliance and security baselines reapply automatically
- The next user receives a clean, ready-to-use device
Primary method: Windows Autopilot Reset
Fallback method: Full Windows reset with Autopilot re-entry
When to Use This Process
Use this workflow when:
- A user has left STRSI
- The device is corporate-owned
- The device should be reused internally
- The device is (or should be) registered in Windows Autopilot
Do not use this process for:
- Devices being decommissioned permanently
- BYOD devices
- Devices leaving STRSI ownership
Prerequisites
- Device must run Windows 10/11 Pro or Enterprise
- Device must have internet access
- Device must be registered in Windows Autopilot
- Admin must have Intune permissions to manage devices
- Returned device must not be BitLocker-locked without recovery key access
Step 1 – Unassign the Previous User (Admin Action)
Before resetting the device, ensure the previous employee is fully disassociated.
In Microsoft Intune Admin Center
- Navigate to: Devices → All devices
- Select the returned laptop
- Review Primary user
- If set to the former employee:
- Click Change primary user
- Clear or leave unassigned
Clearing the primary user prevents reporting, licensing, and compliance confusion.
In Entra ID (Optional but Recommended)
- Go to Entra admin center → Devices
- Locate the device object
- Confirm the former employee is no longer listed as an owner
Step 2 – Trigger Autopilot Reset (Preferred)
Autopilot Reset does not reinstall Windows. It prepares the device for immediate reuse.
Option A: Local Autopilot Reset (In-Hand Device)
This is the recommended and fastest method when IT has physical access.
- Power on the device
- Stop at the Windows sign-in screen
Press:
1
Ctrl + Windows + R
If this doesn’t bring up a menu, proceed to Option B
- Select Autopilot Reset / Reset this device
- Authenticate if prompted
- Confirm reset
What this does:
- Removes all user profiles and data
- Keeps Entra ID join
- Keeps Intune enrollment
- Keeps Autopilot registration
- Returns device to OOBE
Option B: Remote Autopilot Reset (If Device Is Enrolled)
If the device still appears in Intune:
- Go to Devices → All devices
- Select the device
- Choose Autopilot Reset
- Confirm
This requires the device to be actively enrolled and online.
Step 3 – Assign the New User
Once the device resets and returns to OOBE:
Option A: User-Driven Assignment (Preferred)
- Ship or hand the device to the new employee
- User signs in during OOBE with their STRSI work email
- Autopilot provisions the device automatically
- Intune assigns policies, apps, and security baselines
This is the default STRSI approach.
Option B: Pre-Assign User (Optional)
If the device is preallocated:
- In Intune, locate the device
- Assign the Primary user
- Ship device
Pre-assignment is optional and not required for Autopilot to function.
Step 4 – Verify Successful Reprovisioning
After the new user signs in:
- Confirm device appears in: Intune → Devices → All devices
- Verify:
- Correct user
- Compliance status transitions to Compliant
- Required applications install
- Confirm BitLocker is enabled
Compliance may take several hours and multiple reboots.
Fallback – Full Reset (If Autopilot Reset Is Unavailable)
Use this only if Autopilot Reset does not appear.
- Sign in as local/admin user
- Navigate to: Settings → System → Recovery → Reset this PC
- Choose:
- Remove everything
- Cloud download
- Complete reset
After reset:
- Device re-enters OOBE
- Autopilot applies automatically if the device is registered
Common Pitfalls
- Forgetting to clear the previous primary user
- Attempting to reuse devices without resetting
- Expecting Autopilot to rerun without OOBE
- Using Microsoft Store or personal accounts during setup
Summary
| Task | Required |
|---|---|
| Remove old user data | Autopilot Reset |
| Keep device managed | Autopilot Reset |
| Reassign to new user | OOBE sign-in |
| Reapply policies | Automatic |
| Re-import hardware hash | Not required |
Autopilot Reset is the STRSI standard for device reuse.
Contact
Questions or escalations: Trever Ehrfurth – tehrfurth@strsi.com.