Lost / Stolen Windows Device

There are plenty of excellent guides and tutorials available on what to do when a Microsoft Intune-managed device is lost or stolen. Some of these resources are listed in the resource section below. However, this article focuses on a different angle: what happens to the device after it is lost or stolen?

Scenario: Two Sides of the Coin

Side A: The User’s Perspective

A user traveling abroad realizes at the airport that their laptop is missing. In the rush to catch their flight home, they either left it behind or it was stolen by a skilled thief. After overcoming the initial panic, the user contacts their company’s help desk.

The company, leveraging Modern Device Management (MDM) through Microsoft Intune, quickly takes action. Using the Intune management console, they issue commands to lock and remotely wipe the device, ensuring sensitive data is protected. Meanwhile, a replacement device is shipped overnight to the user’s home. Thanks to OneDrive for Business, all critical work data is securely stored in the cloud, allowing the user to rest during their flight without worrying about data loss.

Side B: The Finder’s Perspective

On the other side of this scenario, someone stumbles upon the lost laptop on a sidewalk. It looks like a high-end device, but aside from the manufacturer’s logo, there are no visible markings to indicate who owns it. The person waits for a while, hoping that someone comes back to claim it, but no one does. Eventually, they decide to take the laptop home.

Once home, curiosity gets the better of them. They power on the device to see if they can figure out who it belongs to. However, because this laptop is managed by Microsoft Intune, they quickly hit a roadblock. The device is locked, requiring credentials to access anything. If the company IT team has already issued a remote lock or wipe command through Intune, the laptop becomes even less useful—essentially a brick with no accessible data.

Still determined, the finder might try other methods to bypass security. They could attempt to reset the device entirely or even take it to a tech-savvy friend or repair shop to see if it can be unlocked. However, modern security measures in Microsoft Intune make this extremely difficult. Features like BitLocker encryption ensure that even if someone manages to access the hard drive physically, the data stored on it remains encrypted and unreadable without the proper recovery key.

At this point, the finder faces a decision:

Return the Laptop (If Possible): If they’re honest and well-intentioned, they might try harder to locate the rightful owner. They could contact the laptop manufacturer or bring it to local authorities in case it has been reported lost or stolen.
Sell or Discard It: If they’re less scrupulous or simply frustrated by their inability to use the device, they might attempt to sell it for parts or discard it altogether.
Keep Trying: In some cases, someone might keep trying to bypass security measures out of sheer persistence or with malicious intent. However, with advanced Intune protections like conditional access policies and remote management capabilities, even these efforts are unlikely to succeed.

The Bigger Picture

This side of the story highlights an important aspect of modern device management: while corporate IT teams can protect sensitive data and render devices unusable through tools like Microsoft Intune, they can’t control what happens to the physical hardware after it’s lost or stolen. Whether it ends up in a landfill, on a resale website, or in someone’s hands as an unusable piece of tech depends entirely on who finds it and what actions they take.

Scenario: Two Sides of the Coin

Some References