Asset Management
Device Tracking

How to check if a laptop is stolen: a guide for IT teams

nico@preyhq.com
Nico P.
Sep 29, 2025
0 minute read
How to check if a laptop is stolen: a guide for IT teams
Table of Contents
Heading H2
Lost devices? Turn the tables on device theft
Share
About the Author
nico@preyhq.com
Nico P.

Nicolas Poggi was the head of mobile research at Prey, Inc. Nico’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also served as Prey’s communications manager, overseeing the company’s brand and content creation.

Buying used laptops for your team doesn’t have to be a gamble. Treat it like a quick intake: confirm ownership, make sure the seller has unlinked any cloud accounts, check for activation or management locks, and do a clean OS reset before enrollment. 

Use these checklists below to spot red flags fast and confirm a device is safe to buy—then turn on your policies so this doesn’t become the same issue a month from now.

How to find red flags before you buy a used device

Buying second-hand for your team isn’t a leap of faith—it’s a quick intake. Verify ownership, check for locks, do a fast health check, and decide calmly. Here’s a clear, step-by-step flow.

1) Proof of ownership (non-negotiable)

  • Ask for a bill of sale/receipt with the seller’s name and the laptop’s serial number.
  • Match the serial on the chassis with the one in the OS (About/System Info).
  • Person-to-person? Take one photo showing the device, the on-screen serial, and the receipt in the same frame—no edits.
  • If there’s an asset tag from another company, treat it as a clue: ask for documentation proving lawful resale.

Green light: Serial matches, receipt provided, seller answers confidently.
Red flag: “Lost the receipt,” serial is scratched off, or photos don’t match.

2) Cloud account & activation locks (do it on the spot)

Before any money changes hands, ask the seller to unlink the device in front of you:

  • Windows: seller opens account.microsoft.com/devices and removes the Windows device.
  • Apple/macOS: seller turns off Find My / Activation Lock and signs out of iCloud.
  • You verify the device no longer appears under their account.

If they can’t or won’t remove locks in real time, walk away.

3) Leftover management profiles (MDM)

  • Check for any device management profile present (workplace/MDM profiles).
  • If the laptop is still enrolled to another organization, that org can push policies or wipe it.
  • For B2B buyers, that’s an automatic no.

4) Firmware & tamper signs

  • Enter BIOS/UEFI: confirm there’s no unknown admin password, Secure Boot is enabled, and date/time look normal.
  • Look for “scars”: mismatched screws, removed labels, prying marks, misaligned panels, loose ports.
  • Parts that don’t match the model or a sanded serial are grounds to pass.

5) Two-minute health check

  • Boot with a temporary local account and reach the desktop.
  • Test basics: Wi-Fi, keyboard, webcam, USB, charging.
  • You’ll still reset the OS after purchase; this just confirms it’s functional now.

6) When to walk away (no guilt)

  • No serial, or serial doesn’t match documents/photos.
  • Seller refuses to unlink accounts in front of you.
  • Pressure to pay before verification or evasive answers.
  • Multiple listings with the same issue (identical photos, vague specs).

Team tip (Procurement + IT)

Treat every unit as business device intake:

  • Capture photos, save serials and documents, and attach them to the asset record (CMDB).
  • This speeds warranty checks, keeps your device security story clean, and preserves chain of custody if questions arise later.

Mini-checklist (yes/no)

  • I have a receipt/bill of sale and the serial matches chassis + OS.
  • Seller unlinked the device from their Microsoft account / Apple ID while I watched.
  • BIOS/UEFI has no unknown password; Secure Boot is on.
  • Device booted to desktop and passed a quick I/O test.
  • Photos + docs stored with the asset record.

Quick myths vs. reality

  • “An IP address will prove it’s stolen.” Not by itself. IPs don’t prove ownership or replace proper documentation.
  • “No receipt, but trust me.” In B2B, lack of proof is a deal-breaker.
  • “It’s locked, but I’ll sort it later.” A cloud/MDM lock you don’t control can turn into an expensive paperweight.

Windows checks: unlink from your Microsoft account and verify the Windows device

Buying a Windows laptop second-hand? Do these steps in front of the seller so you leave with a device you control—and only you.

1) Unlink the PC from the seller’s account (on-site)

  • Ask the seller to open account.microsoft.com/devices → select the PC → Remove/Unlink.
  • Have them sign out of the Microsoft account on the laptop, then restart.
  • You confirm the device no longer appears under their account online.

Green light: The PC disappears from their device list within a minute or two.
Red flag: It still shows under their account—don’t proceed.

2) Confirm you can reach a clean desktop

  • Create a temporary local account and sign in.
  • Make sure there’s no user data or apps you don’t recognize; check Settings → Accounts for any work/school accounts attached.
  • Quick sanity checks: Wi-Fi connects, Device Manager has no critical errors, and the device security page (Windows Security) opens normally.

3) Check for leftover work/school management (MDM)

  • Go to Settings → Accounts → Access work or school. There should be no connected organization.
  • If installed, Company Portal or other management agents should be absent.
  • (Optional, advanced) In a Command Prompt: dsregcmd /status → AzureAdJoined should be NO on a clean, consumer device.

If you see any enrollment or “managed by your organization” banners, treat it as someone else still holding the keys.

4) After purchase: reset and enroll like any other fleet device

  • Reset this PC: Settings → System → Recovery → Reset this PC → Remove everything (cloud download preferred).
  • On first boot, enroll in your MDM, enable BitLocker, apply your baseline, and assign a new local admin via your standard process.
  • Record the serial number and purchase docs in your CMDB/asset record.

5) If something doesn’t add up

  • If the laptop still shows under another account after unlink attempts, stop and contact support (OEM/Microsoft) with the serial and proof of purchase.
  • If you spot management profiles you can’t remove, don’t try to “work around” it—return or reject the device.

Quick checklist (yes/no)

  • Seller removed/unlinked the PC from their Microsoft account.
  • I can sign in to a local account and reach a clean desktop.
  • No work/school accounts or MDM enrollment remain.
  • Full Reset this PC completed; device enrolled to our MDM; BitLocker on.
  • Serial + documents stored in CMDB.

How to check if a laptop is stolen (a guide for all OS)

1. Ask for the receipt

Whenever you buy an item in the formal market, you get a receipt which is the written record that you have bought an item. It is advisable to keep it, especially regarding electronics, as it can become proof of ownership.
Consequently, you should ask for the device's receipt whenever you buy a used device. If the seller is able to give you the receipt, then you can be sure that they are the legitimate owner of the device or that they acquired the electronic in a good manner. Thieves rarely, if ever, steal the device with the receipt.

2. Ask for a copy of their ID

Identification documents to help verify a person's information, physical appearance, and different facts which prove that the person is who he says he is. Moreover, every identifier is unique and helps distinguish one person from another. As a result, If you need further proof of the seller's validity, ask for a photocopy of an ID card. Possible con artists will never agree to that since it will compromise them in case you go to the police.

3. Ask for the device's serial number and track it

Serial numbers are like IDs for electronic devices. They are unique for each laptop. Consequently, they can be used to track and determine if a device has been reported as stolen. You can do that by contacting your local police or visiting the manufacturers' website. Most major laptop companies, such as Dell, have their own database of stolen devices, which you can check.

4. Schedule a meeting with the seller beforehand

Chances are, if it's a serious seller, you will be able to meet with them beforehand to make sure that everything is in order with the laptop. This will give you the opportunity to check the device for physical damage, e.g., dead pixels or defunct hardware, that may or may not have been commented on the classified ad.

5. Check for password protection

Always try to check if the laptop you are going to buy is password protected and whether or not the seller knows the password. If the seller does not know the device's password, it may have been stolen. On the other hand, if they know the access passwords, you can be sure they did not acquire them from theft.

6. Check the folders for data

While you have access to the device, check the folders for existing data, e.g., pictures, documents, etc. You can even ask for the story behind some pictures or documents. Most likely, if it was robbed, the seller will not appear in any of them and will most likely have a dumb explanation as to why. Nevertheless, consider that people who sell their laptops will make sure to erase all their data so nobody will have access to their information.

Verify device security and discover seller claims vs. reality

It’s easy for a listing to look “clean” on paper. This quick pass helps you confirm what’s true—and spot what’s missing—before the laptop joins your fleet.

Firmware / UEFI (the gatekeeper)

  • No unknown admin passwords: If Setup or BIOS is locked and the seller can’t remove it on the spot, stop.
  • Secure Boot: ON: In UEFI, confirm Secure Boot is enabled and TPM is present/ready.
  • Clock sanity: Wild date/time or reset loops can hint at board work or battery issues.

Why it matters: A locked firmware can block imaging, MDM enrollment, and even encryption policies later.

Disk encryption (you’ll enforce it—just make sure you can)

  • Your baseline will enable BitLocker (Windows) or FileVault (macOS) at intake.
  • Today’s goal: ensure the machine can Reset/Clean install without errors and that the storage reports healthy (e.g., no SMART warnings).
  • If the device can’t complete a reset or throws storage errors, it’s not ready for business use.

MDM profiles (who actually controls the laptop?)

  • Check Settings → Accounts → Access work or school (Windows) or Profiles (macOS): there should be no lingering management or “workplace” profiles.
  • Look for “Managed by your organization” banners or auto-installing agents after reset.
  • If a device management profile is present and you can’t remove it legitimately, walk away—someone else holds the keys.

Special cases that change the math

  • Chromebooks: Watch for forced re-enrollment to a different domain after Powerwash. If it rebinds, it’s not yours to manage.
  • Cellular (LTE) models: Check the IMEI/MEID isn’t blocked/blacklisted. Mismatched labels or no modem detection can signal parts swaps.
  • Docking/graphics variants: Confirm the exact sub-model matches the listing—some SKUs drop discrete GPU or ports.

Procurement note (ex-lease lots & provenance)

  • If the seller claims “ex-lease” or “off-lease corporate laptops,” ask for the off-lease manifest and a sample serial list before payment.
  • Require a business invoice that includes serial numbers and a statement of lawful resale.
  • Keep everything—invoice, serials, seller contacts—in the asset record to preserve chain of custody.

Quick verification checklist (yes/no)

  • UEFI opens with no unknown admin password; Secure Boot enabled; TPM OK.
  • Device completes a clean Reset/OS install; storage health looks normal.
  • No residual MDM/workplace profiles; no “managed by” banners after reset.
  • Special cases cleared: Chromebook doesn’t force re-enroll; LTE IMEI not blacklisted.
  • Ex-lease claim backed by manifest + invoice listing serials.

Final Words

It's important to clarify that all these criteria will not necessarily be met. For example, the owner might have forgotten to keep the receipt. But if used wisely, it can give you the tools to identify suspicious behavior.

Finally, if you buy the laptop after much thought and reassurance from following the previous advice, it is always a good idea to save some specific documents in case something unforeseeable happens:

  • Make copies of any credit card transactions or money orders from the transaction.
  • Take a snapshot of the Craigslist's ad so that if it turns out to be stolen property, you can back your story with the police.
  • Keep a  copy of the seller's ID if given to you.

We can’t stress enough that if you doubt ever so slightly if you have any suspicion that the laptop may have been stolen, do not buy it. As the old saying goes, it is better to be safe than sorry.

Frequently asked questions

What is the technology strategy framework?

A technology strategy framework is essential for businesses to effectively leverage technology to enhance operational efficiency, customer experience, and foster innovation while managing risks. This framework is often referred to as IT strategy or digital strategy.

What is an IT strategy framework?

An IT strategy framework is essential for aligning technology initiatives with business objectives, providing a clear structure to achieve strategic goals. By implementing this framework, organizations can ensure that their IT investments effectively support their overall business strategy.

Why is aligning IT goals with business objectives important?

Aligning IT goals with business objectives is crucial because it ensures that IT initiatives directly support the overall business strategy, driving growth and efficiency. This alignment facilitates better resource allocation and maximizes the impact of technology on business performance.

How can emerging technologies be leveraged in an IT strategy?

Leveraging emerging technologies in your IT strategy can drive innovation and create competitive advantages through the development of new business models and increased market value. Embracing these technologies ensures your organization stays ahead in a rapidly evolving landscape.

What are some common challenges in IT strategy implementation?

Common challenges in IT strategy implementation include a lack of alignment with organizational goals, resistance to change from stakeholders, and the tendency to adopt new technologies without clear value, often referred to as "shiny object syndrome." Addressing these challenges is crucial for successful execution.

On the same issue

How to check if a laptop is stolen: a guide for IT teams
How to check if a laptop is stolen: a guide for IT teams

Learn expert tips on avoiding buying stolen laptops. We explain how to check if a laptop is stolen and what to do next. So stay safe, and read now!

Sep 29, 2025
Continue reading
How to track a stolen laptop: recovery & data protection for IT teams
How to track a stolen laptop: recovery & data protection for IT teams

Corporate laptops have become an essential part of work life, but sometimes they get lost or stolen. Here's what to do when that happens.

Sep 2, 2025
Continue reading
Geofencing for Businesses: How to Automate Device Security with Control Zones
Geofencing for Businesses: How to Automate Device Security with Control Zones

Discover how geofencing secures business devices with automated control zones. Enforce location-based policies, reduce risks, and support compliance.

Aug 31, 2025
Continue reading

Discover

Prey's Powerful Features

Protect your devices with Prey's comprehensive security suite.

Learn moreGet started