What happens to devices when an employee leaves and their IdP account is deleted?Solved

Hey @margaret! Fellow Hexnode admin here. We went through this exact same thing when we first set up our IdP sync 

Because hexnode syncs with your IdP, it actually automates a lot of this for you. 

The trick is making sure your policies are assigned to Users or User groups, instead of individual devices. If you did it that way, the moment you delete the user in your IdP, Hexnode recognizes it during the sync and disassociates those policies. So, all those corporate Wi-fi profiles, VPNs, and managed apps are automatically stripped from the iPad and laptop, securing your data before you even get the hardware back. 

The devices themselves stay enrolled, but they drop into an Unassigned state. To find them, just go to Manage > Devices, click the User assignment filter, and select Unassigned. 

From there, you can just click on the devices and take action based on who owns the hardware. If it is a Byod device, you can do a Corporate data wipe (by disenrolling it or removing the policies) to securely destroy the work container, leaving their personal photos and apps totally untouched. If it is corporate owned hardware, you can send a full Wipe Device action to erase the entire hard drive and clear all settings so it is completely clean and ready to be reprovisioned. 

Awesome, that makes perfect sense! I actually did assign all of our baseline configurations to User groups, so it is a huge relief to know those policies will automatically strip themselves. 

Thanks for breaking that down for me, that saves me a ton of manual tracking!