Avoiding OS Reinstallation Issues After Wiping Devices in Intune

If you're managing end-user devices using Microsoft Intune and facing issues where wiping a device still requires you to install the OS using a USB drive, you're likely encountering duplicate device entries in Azure AD and Intune. This issue often occurs due to BitLocker encryption on the OS drive (C: drive).

Understanding the Issue

When you wipe a device from Intune, it should automatically reinstall Windows and prompt the user for login. However, in some cases:

• The device gets stuck at BitLocker recovery or a missing OS screen.
• After wiping, the device fails to boot and requires a USB OS installation.
• The device appears twice in Azure AD and Intune, causing enrollment conflicts.

Why does this happen? ?? BitLocker encryption is still active on the OS drive (C:) during the wipe process. When Intune wipes the device, it does not properly remove encryption keys, causing boot failures.

How to Prevent This Issue

Before wiping a device from Intune, follow these steps to ensure a smooth wipe and re-enrollment via Autopilot:

1?? Decrypt the Device Before Wiping

Since BitLocker encryption is causing the issue, you must disable BitLocker before wiping the device.

?? Find the BitLocker Recovery Key

• If the device is Azure AD joined, retrieve the key from Microsoft Account.
• If the device is managed by Intune, go to Microsoft Endpoint Manager → Devices → Select Device → Recovery Keys.

?? Turn Off BitLocker Encryption Run this command in an elevated Command Prompt (Admin Mode):

manage-bde -off C:

This process may take time. Ensure decryption is fully complete before proceeding.

2?? Wipe the Device Using Intune

Once BitLocker is disabled, initiate the wipe:

• Go to Microsoft Endpoint Manager → Devices → All Devices.
• Select the device and choose Wipe.
• Choose "Wipe and remove from Intune" (if reassigning) or "Retain enrollment state" (if the same user is reusing it).

3?? Let the Device Reset Without a USB OS Installation

• After wiping, the device will automatically reboot and reinstall Windows.
• It will prompt for new user login without needing a manual OS installation.

Key Takeaways

? Always decrypt BitLocker before wiping a device.

? This prevents duplicate entries in Azure AD and Intune.

? Avoid unnecessary USB OS installation and streamline Autopilot enrollment.

? Ensure a seamless user experience for end users.

By following this approach, you can avoid common wiping issues and ensure smooth device re-enrollment in Intune and Autopilot.

Have you faced similar issues? Let's discuss in the comments! ??