MacOS DEP enrolment with Intune – Part 4 (Erase/Wipe)

Intune, MacOS 2 Minutes

So you have your new Mac enrolled into the DEP Program, Signed in to the Mac during the out of box experience, and then renamed the Mac to allow you to know which device is which.

That’s great, now lets run through it again to validate that it wasn’t a once off. From the Intune Portal we can send a command to wipe a computer. When you do this with a Windows 10 device you send the command and in 30 minutes give or take the computer is ready for the end user to sign back in.

For MacOS, it’s slightly different, the wipe command is replaced with the Erase command in the Intune Portal. From a UI point of view you are now prompted to enter a recovery PIN, it is very important that you note down this PIN as once you hit the erase button you won’t be able to change it, and you can’t use the device until the PIN is entered.

Screen Shot 2019-04-13 at 3.16.09 pm.png

It is also important to note that as soon as you press the Erase button the Mac OS will be erased within a minute, obviously with a dependancy on being connected to the internet. The computer will then restart, and come to the screen below:

SH6_1764.JPG

This is where you enter the PIN from the Intune Portal, in my case when the MacBook Air is sitting next to me remembering the PIN was easy enough, but in the real world make sure you send this PIN to the person who has the device (Or to nobody if you are erasing the device as a result of being stolen or lost).

Once we have entered the PIN and select next (the button appears on the screen when you enter the code), the next screen you see (well after the loading spinning disc screen) is this scary looking one:

SH6_1765.JPG

This icon signifies that there is no OS on the device, unlike Windows when you Wipe the device and leaves the operating system on the device, when you Erase a Mac it not only removes your confidential files, but also the whole Operating System!

To get the MacBook Air (this doesn’t work for VM’s only physical devices) back to a useable state you need to select CommandR during the power on phase, if you select it correctly you will see this:

SH6_1766.JPG>

Once connected to your WiFi it’ll take a little while to download the MacOS ISO from the Apple CDN’s in my case around 10 minutes, at which point you’ll see this screen:

SH6_1767.JPG

Which will allow you to follow the standard process to Reinstall macOS by selecting well “Reinstall macOS” and selecting continue, as this is a standard process I’m not going to document it.

So this covers off the process to Erase macOS’s from Intune and the process which needs to be completed on the client side.

Good Luck

Steve

Published by Steven Hosking

Published