A.5.11 Return of Assets
What is this control?
ISO 27001 control A.5.11 Return of Assets ensures the organisation’s assets are protected and systematically returned upon termination of employment or role changes. The control covers both digital asset revocation via Microsoft Entra ID account disabling and physical asset return via Microsoft Intune device wipe or retire actions. This is implemented as a core component of the formal Joiner, Mover, Leaver (JML) process ensuring all access rights, devices, and keys are recovered.
How to implement in Microsoft 365
Implement A.5.11 through the employee leaver process triggered by HR or line manager notification to IT. Upon the employee’s last day, disable their Microsoft Entra ID account by setting Block Sign-in to Yes. For returned corporate devices, execute the Wipe action from Microsoft Intune admin centre.
For BYOD devices, execute the Retire action from Intune. Maintain a central offboarding register or checklist documenting departure dates, account disable dates, and physical asset return confirmation. For third-party or supplier offboarding, disable Microsoft Entra B2B guest accounts when contracts end.
What an auditor looks for
Auditors will verify the disabled user accounts list showing sign-in is blocked for departed employees. They will review Intune audit logs documenting Wipe or Retire commands executed for offboarded devices. Auditors will examine the offboarding register with entries for recent departures, account disable dates, and asset return confirmation.
They will check third-party contracts containing asset return and destruction clauses. Auditors will verify that device removal from the asset inventory corresponds to leaver actions documented in the JML process.