Forum Discussion
Question: Script to remove a specific device from MEM (Intune) and Azure AD
I am looking for a script to fully remove an (Autopilot) device from a Microsoft tenant. The goal is to remove a specific device that I have physical access to from both Microsoft Endpoint Manager (Intune) and Azure AD. I want to accomplish this by running a (PowerShell) script on the device itself. The script should return output to indicate success or failure.
Please keep the following parameters in mind: Before running the script, I have access to the physical device and I know the serial number of the device. I do not know the deviceID or tenant of the specific device, but I do have an Intune Admin account in the tenant where the device sits. The device is an Autopilot device. I do not want to log into the Microsoft tenant directly but only run scripts from the device itself.
Thank you very much, looking forward to any tips this community has to offer!
There's a module for autopilot things here (https://www.powershellgallery.com/packages/WindowsAutoPilotIntune/5.0),
After installing (Install-Module -Name WindowsAutoPilotIntune.), you could use this to remove the device from the Autopilot devices :
Connect-MSGraph Get-AutoPilotDevice | Where-Object SerialNumber -eq (Get-WmiObject -class Win32_Bios).SerialNumber | Remove-AutopilotDeviceThis deletes the device based on the serialnumber of the machine that you're logged into, this could take a few minutes to process in the background.
For the removal of the Azure AD device, you can use this:
Connect-Azuread Get-AzureADDevice | Where-Object DisplayName -Match $env:COMPUTERNAME | Remove-AzureADDevice
There's a module for autopilot things here (https://www.powershellgallery.com/packages/WindowsAutoPilotIntune/5.0),
After installing (Install-Module -Name WindowsAutoPilotIntune.), you could use this to remove the device from the Autopilot devices :
Connect-MSGraph Get-AutoPilotDevice | Where-Object SerialNumber -eq (Get-WmiObject -class Win32_Bios).SerialNumber | Remove-AutopilotDeviceThis deletes the device based on the serialnumber of the machine that you're logged into, this could take a few minutes to process in the background.
For the removal of the Azure AD device, you can use this:
Connect-Azuread Get-AzureADDevice | Where-Object DisplayName -Match $env:COMPUTERNAME | Remove-AzureADDeviceHarm_Veenstra Is there a way to remove devices in bulk via PowerShell or Graph? My company is about to ewaste a large number of devices and would like to know if bulk removal is possible.
- Something like this if you have a file containing just the serial numbers that you want to remove:
foreach ($serialnumber in get-content serialnumbers.txt) {
Get-AutoPilotDevice | Where-Object SerialNumber -eq $serialnumber | Remove-AutopilotDevice
}
Did this work out for you ?
- Thank you Harm! Quick question, I believe in the script you posted for the removal of the Azure AD device we would need the COMPUTERNUME variable, right? What if we don't have that?
I've received multiple possible solutions through other channels as well and will test these May 12th. I will report back afterwards. 🙂- When running it on the computer that you want to remove, the $ENV:COMPUTERNAME will give you the computername of the computer. The computername should be the samen as the AzureAD object AFAIK. Let us know if it worked, I tested it myself in my CDX tenant and it works
