Forum Discussion

AEchtermeijer's avatar
AEchtermeijer
Copper Contributor
Apr 21, 2022
Solved

Question: Script to remove a specific device from MEM (Intune) and Azure AD

I am looking for a script to fully remove an (Autopilot) device from a Microsoft tenant. The goal is to remove a specific device that I have physical access to from both Microsoft Endpoint Manager (I...
azure active directory
microsoft intune
Windows PowerShell
  • Harm_Veenstra's avatar
    Harm_Veenstra
    Apr 25, 2022

    AEchtermeijer

     

    There's a module for autopilot things here  (https://www.powershellgallery.com/packages/WindowsAutoPilotIntune/5.0),

     

    After installing (Install-Module -Name WindowsAutoPilotIntune.), you could use this to remove the device from the Autopilot devices : 

     

    Connect-MSGraph
Get-AutoPilotDevice | Where-Object SerialNumber -eq (Get-WmiObject -class Win32_Bios).SerialNumber | Remove-AutopilotDevice

     

    This deletes the device based on the serialnumber of the machine that you're logged into, this could take a few minutes to process in the background.

     

    For the removal of the Azure AD device, you can use this:

     

    Connect-Azuread
Get-AzureADDevice | Where-Object DisplayName -Match $env:COMPUTERNAME | Remove-AzureADDevice
AEchtermeijer's avatar
AEchtermeijer
Copper Contributor
May 03, 2022
Thank you Harm! Quick question, I believe in the script you posted for the removal of the Azure AD device we would need the COMPUTERNUME variable, right? What if we don't have that?

I've received multiple possible solutions through other channels as well and will test these May 12th. I will report back afterwards. 🙂
Harm_Veenstra's avatar
Harm_Veenstra
MVP
May 14, 2022
Did it work out for you?
  • AEchtermeijer's avatar
    AEchtermeijer
    Copper Contributor
    May 16, 2022
    Hi Harm, thank you very much. This worked beautifully! I like this particular script because the number of lines of code is limited and it only took +/- 5 minutes of waiting time for the removal of the device to take effect in the tenant.

    I have two additional questions though:
    1. After running the "[...] Remove-AutopilotDevice"-command, it prompts me to log in with a user account. While the company branding is showing, it does not specify the exact tenant (e.g. contoso.onmicrosoft.com). Would there be a command to show the current tenant of the device?
    2. The "[...]Remove-AzureADDevice"-command relies on the COMPUTERNAME and the Azure AD Object name to be identical. Could there be a possibility that these are not identical and if so, how could we go about this?

    Again, many thanks for your input!
    • Harm_Veenstra's avatar
      Harm_Veenstra
      MVP
      May 16, 2022

      AEchtermeijer No problem, sometimes short scripts can be effective and easy to read too 😉 Not sure if you can show the tenant name, it's a Modern Auth prompt.. But you do see the company branding, there's no info in the username hint field or sign-in page text?

      And I don't think that there's a possibility that these two are different, if the computername is changed on the computer itself, it updates the Azure AD registration AFAIK

       

      • AEchtermeijer's avatar
        AEchtermeijer
        Copper Contributor
        May 20, 2022

        Harm_Veenstra Just reaching out as we're having some issues with the script you previously shared. In short, when using the 'Remove-AutopilotDevice'-script, we receive an error when the device was pre-provisioned through Autopilot.

         

        It's a "400 Bad Request"-error that reads "Cannot delete device with ztd id [...] and accountId [...] and device Id [...] because it has registration status as Registered with IsManaged status True"

        Any tips? 

Resources