A quick look at the “Retire MY PC” app

Posted on June 23, 2021 by ncbrady

Introduction

I tweeted about this recently and it gained a LOT of attention, so I thought I better do a video showing what this actually does.

When your users get a new Windows Autopilot PC, their old computer will usually be handed back to a support person to clear company data or secure the device by say wiping the drive or clearing the TPM. Wouldn’t it be great if you could get the users to retire their old PC by themselves at their own convenience?

Well now you can !

Retire My PC provides your users with a self service method of securing company data on soon to be disposed (or sold on…) devices.

The app performs a series of checks to ensure that the device is BitLocker protected and that an internet connection is present, it then requests confirmation from the end user that the PC should be retired before showing them a final warning.

The important line there is “Windows will not be able to start any more.

If they choose to continue the app then does the following:

* stops the ConfigMgr client agent service
* stops the MBAM agent service
* rotates the BitLocker key
* WIPEs the BCD registry entries
* joins a workgroup
* clears the TPM protectors
* adds a record of all this to Azure Tables
* emails the log to a support inbox

After the wipe, booting the old retired PC gives you this.

Enjoy, please follow me on twitter where I’ll release the blog post shortly. @ncbrady

I’ve tested this in MBAM environments and in ConfigMgr BitLocker Management environments. Please give me your feedback.

This entry was posted in 2103, AzureAD, BitLocker, BitLocker Management over CMG, httptrigger, sendgrid. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.