Forum Discussion

Copper Contributor

Apr 21, 2022

Solved

Question: Script to remove a specific device from MEM (Intune) and Azure AD

I am looking for a script to fully remove an (Autopilot) device from a Microsoft tenant. The goal is to remove a specific device that I have physical access to from both Microsoft Endpoint Manager (I...

azure active directory

microsoft intune

Windows PowerShell

Harm_Veenstra
Apr 25, 2022
AEchtermeijer

There's a module for autopilot things here (https://www.powershellgallery.com/packages/WindowsAutoPilotIntune/5.0),

After installing (Install-Module -Name WindowsAutoPilotIntune.), you could use this to remove the device from the Autopilot devices :

Connect-MSGraph Get-AutoPilotDevice | Where-Object SerialNumber -eq (Get-WmiObject -class Win32_Bios).SerialNumber | Remove-AutopilotDevice

This deletes the device based on the serialnumber of the machine that you're logged into, this could take a few minutes to process in the background.

For the removal of the Azure AD device, you can use this:

Connect-Azuread Get-AzureADDevice | Where-Object DisplayName -Match $env:COMPUTERNAME | Remove-AzureADDevice

Harm_Veenstra

MVP

May 14, 2022

Did it work out for you?

AEchtermeijer

Copper Contributor

May 16, 2022

Hi Harm, thank you very much. This worked beautifully! I like this particular script because the number of lines of code is limited and it only took +/- 5 minutes of waiting time for the removal of the device to take effect in the tenant.

I have two additional questions though:
1. After running the "[...] Remove-AutopilotDevice"-command, it prompts me to log in with a user account. While the company branding is showing, it does not specify the exact tenant (e.g. contoso.onmicrosoft.com). Would there be a command to show the current tenant of the device?
2. The "[...]Remove-AzureADDevice"-command relies on the COMPUTERNAME and the Azure AD Object name to be identical. Could there be a possibility that these are not identical and if so, how could we go about this?

Again, many thanks for your input!

Harm_Veenstra
MVP
May 16, 2022
AEchtermeijer No problem, sometimes short scripts can be effective and easy to read too 😉 Not sure if you can show the tenant name, it's a Modern Auth prompt.. But you do see the company branding, there's no info in the username hint field or sign-in page text?
And I don't think that there's a possibility that these two are different, if the computername is changed on the computer itself, it updates the Azure AD registration AFAIK
- AEchtermeijer
  Copper Contributor
  May 20, 2022
  Harm_Veenstra Just reaching out as we're having some issues with the script you previously shared. In short, when using the 'Remove-AutopilotDevice'-script, we receive an error when the device was pre-provisioned through Autopilot.
  
  It's a "400 Bad Request"-error that reads "Cannot delete device with ztd id [...] and accountId [...] and device Id [...] because it has registration status as Registered with IsManaged status True"
  
  Any tips?
  - Harm_Veenstra
    MVP
    May 20, 2022
    Hmmm.. Pre-provisioned is not Azure AD Joined and registered, didn't test it like that... Perhaps you can contact the creator of the script if he has a GitHub page or contact detail in the PowerShell gallery?