I've been looking into what happens to Intune-enrolled devices when their certificates expire, which is typically after about a year. For devices that are not used for 8-12 months, they end up being unmanaged by Intune. However, they remain Entra-joined, meaning that Entra Conditional Access Policies still apply as long as the user accounts are Entra accounts and not local Windows accounts. Devices with local user accounts, like kiosks and library computers, continue to function even if they lose Intune management. We're thinking about setting up a Windows scheduled task that would check for expired Intune certificates and, if found, block all outbound network traffic to effectively make the device unusable and prompt users to contact IT. Has anyone else implemented something similar?
1 Answer
You might want to create a BitLocker trigger that displays a message to contact the IT department, including their contact info on the BitLocker screen. We have a deployment tool that sends the app to devices, and you could potentially use Intune for this to customize the trigger. It basically 'bricks' the device as a solution!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures