TLP: WHITE | Alert ID: 371c31ef | March 17, 2026, 04:23 PM
On March 17, 2026, Health-ISAC aggregated resources for configuring Microsoft Intune to prevent accidental device wipes. These resources were shared by health sector members to help other community members prevent unwanted device wipes and operational disruptions.
Microsoft Intune is prevalent in many health sector organizations and environments.
Organizations and their Managed Service Providers (MSPs) should consider the following best practices:
Implement Multi-Admin Approval (MAA) by default. Administrators must enable a second approver requirement for all destructive Intune commands, including remote wipe, retire, and bulk policy deployments.
Role-Based Access Control (RBAC). Remove the bulk Wipe permission from day-to-day adminstractor RBAC roles to ensure the ability to issue destructive commands is restricted to the most privileged accounts.
Scope Tags. Assign scope tags to devices and assign those tags to specific administrator roles, ensuring administrators can only wipe devices within their assigned scope.
