Microsoft Intune: Device clean up rule

🚨 The Signal: Intune now offers automated device cleanup rules to remove inactive devices. This improves security posture by reducing the attack surface from stale, unmanaged endpoints, aligning with Essential Eight device management principles.

The Impact

Security teams and Intune admins are affected, reducing the risk of compromise via inactive devices.

• Security Teams: Reduced attack surface from unmanaged or stale devices.
• Intune Admins: Automated cleanup reduces manual effort and improves device inventory accuracy.
• Auditors: Improved compliance with asset management policies and controls.
• Incident Responders: Clearer device inventory aids in incident scope and containment.

The Action

1. Navigate to Microsoft Intune admin center > Tenant administration > Device cleanup rules.
2. Create a new device cleanup rule, defining criteria such as inactivity duration.
3. Configure the rule to automatically delete inactive devices.
4. Review and monitor the rule's execution and device removal logs.
5. Establish an internal policy for device inactivity thresholds and cleanup schedules.

Domain: Intune · Impact: high · Workload: Intune · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860