Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The remote lock device action locks a managed device so the user must enter the existing passcode or PIN to continue. Use this action when a device is misplaced, left unattended, or suspected of unauthorized use without wiping data or removing enrollment.
Important
Remote lock is only effective if a passcode or PIN is already set:
- If no passcode exists, the screen may just turn off and the user can still access the device.
- Enforce a passcode policy before relying on this action.
Requirements
Platform requirements
This remote action supports the following platforms:
- Android Enterprise corporate-owned dedicated (COSU)
- Android Enterprise corporate-owned fully managed (COBO)
- Android Enterprise corporate-owned work profile (COPE)
- Android Open Source Project (AOSP)
- iOS/iPadOS
- macOS
Role and permission requirements
To execute this remote action, at a minimum, use an account that has one of the following roles:
- Help Desk Operator
- School Administrator
- Endpoint Security Manager
- Custom role that includes:
- The permission Remote tasks/Remote lock
- Permissions that provide visibility into and access to managed devices in Intune (for example, Organization/Read, Managed devices/Read)
How to remote lock a device from the Intune admin center
- In the Microsoft Intune admin center, select Devices > All devices.
- From the devices list, select a device.
- At the top of the device overview pane, find the row of remote action icons. Select Remote lock.
- Set a six-digit recovery PIN.
Note
The recovery PIN is shown on the device overview pane for up to 30 days, or until another device action is sent. Record it securely; it can't be retrieved afterward. Don't resend remote lock to the same macOS device until that PIN is used—additional attempts show a Failed status in reporting.
Reference links
- Microsoft Graph API: remoteLock action