Erase stolen device fails - "The MDM user needs to log in to the device for settings to be updated"
Have a Win10 laptop that was fully enrolled (agent and profile).
It's been stolen and we are attempting to remotely wipe the device but the command is failing. It appears previous profile updates have failed to update for some time, with the Dashboard reporting "The MDM user needs to log in to the device for settings to be updated"
Searching online takes me to this post and response from Meraki - which states that "Agent-based actions can be executed regardless of which user is logged in, however, for MDM commands, the user account used to enrolled in MDM must be logged into the device."
Most of our devices are not enrolled with the actual user account (most are setup before we even know who the laptop will be issued to).
So is my assumption here that MDM on windows devices is essentially pointless because you can defeat security measures/updates simply by not logging in in the original user that enrolled to the organisation?
Yes I'm not too concerned about losing anything - data is all encrypted etc - It's more the discovery that Windows MDM only works at all when the specific user account that enrolled the device is logged in. This seems remarkably limited - its user enrolment and management, not device.