Forum Discussion

JeremyTBradshaw's avatar
JeremyTBradshaw
Steel Contributor
Dec 23, 2020

Inability to delete Autopilot devices leads to endless supply of never cleaned up devices in AAD

I realize that the ability to delete Autopilot-enabled devices in Azure AD is by design, but I think I might be missing something.

 

In Microsoft Store for Business, or in Endpoint Manager under Devices > Enroll Devices > Windows Autopilot Devices - I have my true list of unique hardware devices that are registered for Autopilot.  I don't want to delete any of these that are not actually decommissioned.

 

The problem I'm seeing, is with either regular Autopilot or Hybrid Autopilot, since/when devices are getting named with random characters (which for Hybrid Autopilot cannot be changed), I end up with orphaned AAD devices that cannot be deleted from anywhere.  I haven't tested, but I believe with regular Autopilot, I could take advantage of the ability to always set the same device name.  If so, then this issue I'm reporting is only a thing for Hybrid Autopilot.

 

Is there any solution to delete old copies of the same machine.  For example, I've reset the device, now it has two instances in AAD which cannot be deleted, but still just one instance in the MS Business Store or under Autopilot Devices in Endpoint Manager.  If I again reset the device down the road, I'll have 3, and so on.

 

Any suggestions/clues?  Thanks in advance.

 

 

  • millermike's avatar
    millermike
    Copper Contributor

    JeremyTBradshaw 1500 views later and still nobody has come to the rescue. 

     

    I can compound this issue. In a hybrid domain joined environment, if a machine comes in and needs to be re-imaged or have its OS re-installed, when it rejoins the domain with the same hostname, local AD creates a new credential, Azure creates a new credential, and Endpoint/MEM still has the old entry because it never removes entries. This causes device-based licensing to break for Office 365, because while everything looks good on paper, the object must be removed from MEM manually first, which tech-level staff has no access to.

     

    Its absolutely awful.

    • JeremyTBradshaw's avatar
      JeremyTBradshaw
      Steel Contributor

      Sorry I'm not ignoring, I just have been on a hiatus from this topic so wanted a chance to test thing out freshly. Agree it's lackluster, but I don't know the reasoning behind it. I do know that straight up Azure AD Join can suffice in place of Hybrid AAD Join in many cases, and in that case this issue disappears. It could be worth giving it a try on some brave users and ironing out the kinks before committing to it entirely. This guy covers the AADJ vs HAADJ comparison quite well.  It's also worth noting that the stale devices issue with HAADJ is temporary and will eventually be possible to cleanup when those devices are retired as Autopilot-registered.  So it's not a permanent issue at least.

Resources