Forum Discussion

Copper Contributor

Apr 21, 2022

Solved

Question: Script to remove a specific device from MEM (Intune) and Azure AD

I am looking for a script to fully remove an (Autopilot) device from a Microsoft tenant. The goal is to remove a specific device that I have physical access to from both Microsoft Endpoint Manager (I...

azure active directory

microsoft intune

Windows PowerShell

Harm_Veenstra
Apr 25, 2022
AEchtermeijer

There's a module for autopilot things here (https://www.powershellgallery.com/packages/WindowsAutoPilotIntune/5.0),

After installing (Install-Module -Name WindowsAutoPilotIntune.), you could use this to remove the device from the Autopilot devices :

Connect-MSGraph Get-AutoPilotDevice | Where-Object SerialNumber -eq (Get-WmiObject -class Win32_Bios).SerialNumber | Remove-AutopilotDevice

This deletes the device based on the serialnumber of the machine that you're logged into, this could take a few minutes to process in the background.

For the removal of the Azure AD device, you can use this:

Connect-Azuread Get-AzureADDevice | Where-Object DisplayName -Match $env:COMPUTERNAME | Remove-AzureADDevice

AEchtermeijer

Copper Contributor

May 16, 2022

Hi Harm, thank you very much. This worked beautifully! I like this particular script because the number of lines of code is limited and it only took +/- 5 minutes of waiting time for the removal of the device to take effect in the tenant.

I have two additional questions though:
1. After running the "[...] Remove-AutopilotDevice"-command, it prompts me to log in with a user account. While the company branding is showing, it does not specify the exact tenant (e.g. contoso.onmicrosoft.com). Would there be a command to show the current tenant of the device?
2. The "[...]Remove-AzureADDevice"-command relies on the COMPUTERNAME and the Azure AD Object name to be identical. Could there be a possibility that these are not identical and if so, how could we go about this?

Again, many thanks for your input!

Harm_Veenstra

MVP

May 16, 2022

AEchtermeijer No problem, sometimes short scripts can be effective and easy to read too 😉 Not sure if you can show the tenant name, it's a Modern Auth prompt.. But you do see the company branding, there's no info in the username hint field or sign-in page text?

And I don't think that there's a possibility that these two are different, if the computername is changed on the computer itself, it updates the Azure AD registration AFAIK

AEchtermeijer
Copper Contributor
May 20, 2022
Harm_Veenstra Just reaching out as we're having some issues with the script you previously shared. In short, when using the 'Remove-AutopilotDevice'-script, we receive an error when the device was pre-provisioned through Autopilot.

It's a "400 Bad Request"-error that reads "Cannot delete device with ztd id [...] and accountId [...] and device Id [...] because it has registration status as Registered with IsManaged status True"

Any tips?
- Harm_Veenstra
  MVP
  May 20, 2022
  Hmmm.. Pre-provisioned is not Azure AD Joined and registered, didn't test it like that... Perhaps you can contact the creator of the script if he has a GitHub page or contact detail in the PowerShell gallery?
  - Akashdhalle
    Copper Contributor
    Jun 12, 2023
    Harm_Veenstra Hi Harm,
    
    I have a question. I want to create a automation where Intune check the AD for Object or Computer already exist before enrolling it. If the computer name is present in AD then first delete it and then enrollment process starts. Do you have any idea if it is possible in Intune?