Basic Offboarding in 15 Minutes

When an employee leaves, every minute a company-issued device stays active is a security hole. Here’s how to get Macs and PCs locked, wiped, and ready for the next hire in 15 minutes.

1. Revoke access (0–2 min)

   Trigger a single-click workflow in Jamf Pro + Intune: disables AD/Okta account, rotates FileVault/BitLocker keys, and logs the device out of Google Workspace/M365.

2. Lock & locate (2–5 min)

   Send a remote lock + “return instructions” message. GPS ping proves custody; a courier label auto-generates in ShipStation.

3. Secure wipe (5–12 min)

   
   

   • Mac: Erase-All-Content-and-Settings via MDM command—no USB stick required.

   • PC: Intune Autopilot Fresh Start to nuke local profiles and malware in one shot.

   
   

4. Re-enroll (12–15 min)

   Device boots into DEP or Autopilot, auto-installs your baseline apps, and lands in inventory as “Ready.” No desk-side IT visit needed.

Result: the ex-employee is locked out, the device is sanitized, and your next hire can unbox a “new” laptop—total elapsed time: a quarter-hour.

Need help automating this? Let’s chat—Mann turns manual checklists into one-click workflows. Go to mann.com/hello and let's see if we can help.