Share via

Intune Wipe Device and Defender Report

Anonymous
2025-05-21T12:41:06+00:00

We are Microsoft enterprise customer with over 200 users under active licenses. We would like to clarify two critical aspects related to our device management and security:

  1. Disabling Wipe Device Functionality in Intune In accordance with our company policy, we must ensure that the Wipe Device functionality cannot be executed on any enrolled device, even by a Global Administrator. Is there an option to completely disable this functionality for devices using Intune?
  2. Security Status Report Without Intune If we do not use Intune but rely solely on Microsoft Defender, is it possible to generate a comprehensive security report for devices for legal purposes? Specifically, we are interested in a report (Windows, Linux, MacOS) that includes:
  • Disk encryption status
  • Password policy on device
  • Network configuration (e.g., active connections)
  • Installed software versions
  • OS patch/update status
  • Firewall status
  • Antivirus presence and state
  • List of available/logged-in users
Microsoft 365 and Office | Microsoft 365 Defender | Other | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-05-21T14:34:38+00:00

    Hello Maksym,

    For your first question, I am sorry but there is no supported feature to disable wipe functionality in Microsoft Intune for devices, that includes global admins too.

    And for your second question, yes it's possible but with some caveats.

    Here is how:

    Use Microsoft 365 Defender Portal: Go to https://security.microsoft.com

    Then navigate to Devices > Device Inventory Reports > Vulnerability Management> Advanced Hunting

    Use Advanced Hunting Queries

    You can write Kusto-style queries to extract:

    DeviceTvmSecureConfiguration

    | summarize by DeviceName, ConfigurationId, Value, RecommendedValue

    Then export to CSV by scheduled export APIs or Power BI integration for legal/compliance archiving.

    Hope this helps.

    0 comments