Dealing with Jailbroken/Roted devices in ConfigMgr 2012 R2 & Intune

As you enroll a mobile device into Intune/ConfigMgr 2012 R2, inventory data will automatically be uploaded to the ConfigMgr database. One of the data being collected is the Jailbroken/rooted condition. In the below example the device is being detected as a jailbroken device.


One of the many benefits of using Intune as the MDM solution is the integration with System Center 2012 R2 Configuration Manager. Once data is in the database we can use the entire ConfigMgr engine to manage the device. MDM devices in ConfigMgr can be managed using the Application Model and the Compliance Management feature. Especially the Compliance Management feature is powerful and can be used to apply special security settings on a device or retire/wipe the device.

How to create the dynamic collection

  1. Create a new collection limited to All Mobile Devices
  2. Open the Collection Properties, select the Membership Rules tab, click Add Rule, Query Rule.
  3. Name the rule Jailbroken Devices and click Edit Query Statement.
  4. Select the Criteria tab and create a new criteria.
  5. Select Mobile Device Computer System as the Attribute Class and Jailbroken or rooted device as the Attribute


  6. Type 1 as the value and finish the collection


  7. With a collection it’s now up to your security policies to determine what should happen to the device. Right click the device and click Retire/Wipe to remove/wipe the device from Intune and by doing that prevent user access to data from the device.


  8. In the console you will also find a link to the primary user on the device. That way you can start deploying more restrictive security settings, block access to mail profiles, WIFI profiles etc.
By | 2014-04-10T10:18:04+00:00 April 10th, 2014|Configuration Manager (SCCM), General info|0 Comments

About the Author:

Kent Agerlund
Microsoft Regional Director, Enterprise Mobility MVP. Microsoft Certified Trainer and Principal consultant. I have been working with Enterprise client management since 1992. Co-founder of System Center User Group Denmark in 2009. Certified MCITP: Enterprise Administrator, MCSA+Messaing, and much more. Member of: Microsoft Denmark System Center Partner Expert Team The Danish Technet Influencers program System Center Influencers Program.

Leave A Comment