IT Operations & Cybersecurity Encyclopedia
Workstation decommissioning checklist for IT administrators
Workstation decommissioning removes a computer from service without leaving behind business data, active accounts, licenses, certificates, device records, management agents, encryption keys, or asset ownership confusion. A professional checklist protects data, supports compliance, and proves that endpoint retirement was handled correctly.
Why it matters
Retire endpoints without leaving data, access, or inventory behind
Old workstations often hold cached files, browser data, email profiles, VPN clients, certificates, local admin accounts, BitLocker recovery keys, security agents, and application licenses. If a device is handed off, recycled, donated, or stored without a process, it can create data exposure and asset confusion.
Decommissioning should connect HR/offboarding, IT asset management, Microsoft Intune, Microsoft Entra ID, Active Directory, endpoint security, backup, legal hold, and disposal workflows. The goal is to preserve what the business must keep, securely remove what should not remain, and document the result.
Practical rule: Do not dispose, reassign, donate, or recycle a workstation until data retention, wipe/sanitization, identity cleanup, license recovery, asset update, and chain-of-custody evidence are complete.
Review scope
What workstation decommissioning should cover
Ownership and inventory
Confirm serial number, asset tag, assigned user, department, location, warranty, and decommission reason.
Data retention
Check legal hold, business records, local files, OneDrive sync, backups, and required approvals.
Device management cleanup
Review Intune, Autopilot, Microsoft Entra ID, Active Directory, EDR, RMM, and management agents.
Credential and key cleanup
Remove certificates, VPN profiles, Wi-Fi profiles, local accounts, cached credentials, and BitLocker records as appropriate.
Sanitization or redeployment
Choose wipe, reset, redeploy, sanitize, destroy, recycle, or return-to-vendor based on risk and business need.
Evidence and disposal
Keep wipe status, destruction records, vendor certificates, chain of custody, asset updates, and ticket closure.
Review matrix
Workstation decommissioning decision matrix
| Area | What to verify | Questions to answer | Evidence |
|---|---|---|---|
| Reassign internally | A workstation will be wiped and given to another employee. | Back up required data, wipe/reset, remove old user association, re-enroll, and update asset ownership. | Is the prior user's data fully removed? |
| Dispose or recycle | A device is leaving company control. | Sanitize or destroy storage using documented method and keep chain-of-custody evidence. | Can data be recovered after disposal? |
| Return to vendor | A leased or warranty device must be returned. | Capture asset details, remove data, wipe storage, document shipping, and keep proof of return. | What proof shows the device was sanitized before return? |
| Legal hold | The device may contain records needed for legal, HR, or investigation purposes. | Preserve data before wiping and coordinate with the appropriate business or legal owner. | Who approved data preservation or release? |
| Lost or unavailable device | The workstation cannot be physically recovered. | Use remote wipe/retire where possible, revoke sessions, rotate credentials, mark asset status, and document risk. | What data or tokens may still be exposed? |
Step-by-step review
Workstation decommissioning runbook
Confirm device identity
Record serial number, asset tag, hostname, user, department, location, warranty, and decommission reason.
Decide data handling
Check legal hold, user data, OneDrive sync, local files, backup needs, and business owner approval.
Remove access and management records
Update Intune, Entra ID, Active Directory, Autopilot, EDR, RMM, VPN, certificates, and local accounts.
Wipe or sanitize storage
Perform Intune wipe, local reset, secure erase, cryptographic erase, or physical destruction based on risk.
Recover licenses and assets
Reclaim software licenses, accessories, docking stations, chargers, warranty records, and inventory status.
Close with evidence
Save screenshots, wipe status, destruction certificate, chain of custody, ticket notes, approvals, and final disposition.
Common risks
Common workstation decommissioning mistakes
Data not preserved
Important business or legal records may be lost if retention decisions are skipped.
Device records remain active
Old Entra, AD, Intune, Autopilot, EDR, or RMM records create inventory and security noise.
Storage not sanitized
Deleting files is not the same as sanitizing or destroying storage.
Licenses not recovered
Software, warranty, and subscription costs can remain tied to retired devices.
No chain of custody
Disposal evidence matters when devices leave company control.
Lost devices ignored
Unavailable devices still need remote actions, session revocation, and documented risk review.
Related support
Where IT Perfection can help
IT Perfection can help manage workstation decommissioning through managed IT, endpoint management, Intune, asset inventory, help desk, and data protection support.
When endpoint disposal affects compliance, privacy, legal hold, cyber insurance evidence, or audit readiness, OC Security Audit can assist with endpoint and data security assessment support.
Created by Ali Hassani, CISO
Endpoint decommissioning perspective from Ali Hassani
Ali Hassani brings 25+ years of hands-on experience across IT operations, cybersecurity, Microsoft infrastructure, network security, compliance readiness, cloud services, healthcare IT, MSP services, and business technology leadership.
This guide is for initial education and planning. It does not replace a professional cybersecurity audit, compliance assessment, penetration test, legal review, vendor engineering review, or Microsoft professional services engagement.
Retiring a workstation is a security process, not only an inventory task
Ali Hassani, CISO and IT infrastructure consultant, has 25+ years of experience across endpoint management, data protection, Microsoft infrastructure, cybersecurity, compliance, and managed IT. Decommissioning should protect data, remove access, update inventory, and preserve evidence.
FAQ
Workstation decommissioning FAQ
What is workstation decommissioning?
It is the controlled process of removing a computer from service while preserving required data, removing access, wiping or sanitizing storage, and updating asset records.
Should data be backed up before wiping a workstation?
Yes, if business records, legal hold, user data, or operational files must be retained.
Is deleting files enough before disposal?
No. Devices leaving company control should follow an appropriate sanitization, cryptographic erase, or destruction process.
Which records should be cleaned up?
Review Intune, Autopilot, Microsoft Entra ID, Active Directory, EDR, RMM, asset inventory, licenses, and warranty records.
Can IT Perfection help with workstation decommissioning?
Yes. IT Perfection can help document, wipe, recover licenses, update device records, and preserve decommissioning evidence.