cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Question: Script to remove a specific device from MEM (Intune) and Azure AD

AEchtermeijer
Copper Contributor

‎Apr 21 2022 12:06 AM - edited ‎Apr 21 2022 12:11 AM

‎Apr 21 2022 12:06 AM - edited ‎Apr 21 2022 12:11 AM

Question: Script to remove a specific device from MEM (Intune) and Azure AD

I am looking for a script to fully remove an (Autopilot) device from a Microsoft tenant. The goal is to remove a specific device that I have physical access to from both Microsoft Endpoint Manager (Intune) and Azure AD. I want to accomplish this by running a (PowerShell) script on the device itself. The script should return output to indicate success or failure.

 

Please keep the following parameters in mind: Before running the script, I have access to the physical device and I know the serial number of the device. I do not know the deviceID or tenant of the specific device, but I do have an Intune Admin account in the tenant where the device sits. The device is an Autopilot device. I do not want to log into the Microsoft tenant directly but only run scripts from the device itself.

 

Thank you very much, looking forward to any tips this community has to offer!

25.7K Views
0 Likes
15 Replies
Reply
15 Replies
best response confirmed by AEchtermeijer (Copper Contributor)
Harm_Veenstra

‎Apr 25 2022 12:53 AM

‎Apr 25 2022 12:53 AM

Solution

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

@AEchtermeijer

 

There's a module for autopilot things here  (https://www.powershellgallery.com/packages/WindowsAutoPilotIntune/5.0),

 

After installing (Install-Module -Name WindowsAutoPilotIntune.), you could use this to remove the device from the Autopilot devices : 

 

Connect-MSGraph
Get-AutoPilotDevice | Where-Object SerialNumber -eq (Get-WmiObject -class Win32_Bios).SerialNumber | Remove-AutopilotDevice

 

This deletes the device based on the serialnumber of the machine that you're logged into, this could take a few minutes to process in the background.

 

For the removal of the Azure AD device, you can use this:

 

Connect-Azuread
Get-AzureADDevice | Where-Object DisplayName -Match $env:COMPUTERNAME | Remove-AzureADDevice
1 Like
Reply
Harm_Veenstra

‎Apr 29 2022 02:43 AM - edited ‎May 01 2022 03:28 AM

‎Apr 29 2022 02:43 AM - edited ‎May 01 2022 03:28 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

Did this work out for you ?

0 Likes
Reply
AEchtermeijer

‎May 03 2022 04:55 AM

‎May 03 2022 04:55 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

Thank you Harm! Quick question, I believe in the script you posted for the removal of the Azure AD device we would need the COMPUTERNUME variable, right? What if we don't have that?

I've received multiple possible solutions through other channels as well and will test these May 12th. I will report back afterwards. :)
0 Likes
Reply
Harm_Veenstra

‎May 03 2022 05:02 AM

‎May 03 2022 05:02 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

When running it on the computer that you want to remove, the $ENV:COMPUTERNAME will give you the computername of the computer. The computername should be the samen as the AzureAD object AFAIK. Let us know if it worked, I tested it myself in my CDX tenant and it works
1 Like
Reply
Harm_Veenstra

‎May 14 2022 03:18 AM

‎May 14 2022 03:18 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

Did it work out for you?
0 Likes
Reply
AEchtermeijer

‎May 16 2022 02:01 AM

‎May 16 2022 02:01 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

Hi Harm, thank you very much. This worked beautifully! I like this particular script because the number of lines of code is limited and it only took +/- 5 minutes of waiting time for the removal of the device to take effect in the tenant.

I have two additional questions though:
1. After running the "[...] Remove-AutopilotDevice"-command, it prompts me to log in with a user account. While the company branding is showing, it does not specify the exact tenant (e.g. contoso.onmicrosoft.com). Would there be a command to show the current tenant of the device?
2. The "[...]Remove-AzureADDevice"-command relies on the COMPUTERNAME and the Azure AD Object name to be identical. Could there be a possibility that these are not identical and if so, how could we go about this?

Again, many thanks for your input!
1 Like
Reply
Harm_Veenstra

‎May 16 2022 02:11 AM

‎May 16 2022 02:11 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

@AEchtermeijer No problem, sometimes short scripts can be effective and easy to read too ;) Not sure if you can show the tenant name, it's a Modern Auth prompt.. But you do see the company branding, there's no info in the username hint field or sign-in page text?

Harm_Veenstra_0-1652692109730.png

And I don't think that there's a possibility that these two are different, if the computername is changed on the computer itself, it updates the Azure AD registration AFAIK

 

0 Likes
Reply
AEchtermeijer

‎May 20 2022 07:58 AM

‎May 20 2022 07:58 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

@Harm_Veenstra Just reaching out as we're having some issues with the script you previously shared. In short, when using the 'Remove-AutopilotDevice'-script, we receive an error when the device was pre-provisioned through Autopilot.

 

It's a "400 Bad Request"-error that reads "Cannot delete device with ztd id [...] and accountId [...] and device Id [...] because it has registration status as Registered with IsManaged status True"

Any tips? 

0 Likes
Reply
Harm_Veenstra

‎May 20 2022 08:23 AM

‎May 20 2022 08:23 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

Hmmm.. Pre-provisioned is not Azure AD Joined and registered, didn't test it like that... Perhaps you can contact the creator of the script if he has a GitHub page or contact detail in the PowerShell gallery?
0 Likes
Reply
Akashdhalle

‎Jun 12 2023 01:46 AM

‎Jun 12 2023 01:46 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

@Harm_Veenstra Hi Harm,

 

I have a question. I want to create a automation where Intune check the AD for Object or Computer already exist before enrolling it. If the computer name is present in AD then first delete it and then enrollment process starts. Do you have any idea if it is possible in Intune?

 

0 Likes
Reply
Harm_Veenstra

‎Jun 12 2023 02:47 AM

‎Jun 12 2023 02:47 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

The Intune Connector doesn't have that feature, you have to reset the or remove the computer account prior to deployment
0 Likes
Reply
2legit2intune

‎Feb 29 2024 06:54 AM

‎Feb 29 2024 06:54 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

@Harm_Veenstra  Is there a way to remove devices in bulk via PowerShell or Graph? My company is about to ewaste a large number of devices and would like to know if bulk removal is possible. 

 

0 Likes
Reply
Harm_Veenstra

‎Feb 29 2024 07:13 AM

‎Feb 29 2024 07:13 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

Something like this if you have a file containing just the serial numbers that you want to remove:
foreach ($serialnumber in get-content serialnumbers.txt) {
Get-AutoPilotDevice | Where-Object SerialNumber -eq $serialnumber | Remove-AutopilotDevice
}

1 Like
Reply
2legit2intune

‎Feb 29 2024 10:13 AM

‎Feb 29 2024 10:13 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

@Harm_Veenstra Awesome, thank you! I will give this a shot and report back.

1 Like
Reply
2legit2intune

‎Feb 29 2024 11:14 AM

‎Feb 29 2024 11:14 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

It worked, thanks again!
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by AEchtermeijer (Copper Contributor)
Harm_Veenstra

‎Apr 25 2022 12:53 AM

‎Apr 25 2022 12:53 AM

Solution

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

@AEchtermeijer

 

There's a module for autopilot things here  (https://www.powershellgallery.com/packages/WindowsAutoPilotIntune/5.0),

 

After installing (Install-Module -Name WindowsAutoPilotIntune.), you could use this to remove the device from the Autopilot devices : 

 

Connect-MSGraph
Get-AutoPilotDevice | Where-Object SerialNumber -eq (Get-WmiObject -class Win32_Bios).SerialNumber | Remove-AutopilotDevice

 

This deletes the device based on the serialnumber of the machine that you're logged into, this could take a few minutes to process in the background.

 

For the removal of the Azure AD device, you can use this:

 

Connect-Azuread
Get-AzureADDevice | Where-Object DisplayName -Match $env:COMPUTERNAME | Remove-AzureADDevice

View solution in original post

1 Like
Reply