cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Question: Script to remove a specific device from MEM (Intune) and Azure AD

%3CLINGO-SUB%20id%3D%22lingo-sub-3291011%22%20slang%3D%22en-US%22%3EQuestion%3A%20Script%20to%20remove%20a%20specific%20device%20from%20MEM%20(Intune)%20and%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3291011%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20looking%20for%20a%20script%20to%20fully%20remove%20an%20(Autopilot)%20device%20from%20a%20Microsoft%20tenant.%20%3CSTRONG%3EThe%20goal%20is%20to%20remove%20a%20specific%20device%20that%20I%20have%20physical%20access%20to%20from%20both%20Microsoft%20Endpoint%20Manager%20(Intune)%20and%20Azure%20AD.%3C%2FSTRONG%3E%20I%20want%20to%20accomplish%20this%20by%20running%20a%20(PowerShell)%20script%20on%20the%20device%20itself.%20The%20script%20should%20return%20output%20to%20indicate%20success%20or%20failure.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20keep%20the%20following%20parameters%20in%20mind%3A%20Before%20running%20the%20script%2C%20I%20have%20access%20to%20the%20physical%20device%20and%20I%20know%20the%20serial%20number%20of%20the%20device.%20I%20do%20not%20know%20the%20deviceID%20or%20tenant%20of%20the%20specific%20device%2C%20but%20I%20do%20have%20an%20Intune%20Admin%20account%20in%20the%20tenant%20where%20the%20device%20sits.%20The%20device%20is%20an%20Autopilot%20device.%20I%20do%20not%20want%20to%20log%20into%20the%20Microsoft%20tenant%20directly%20but%20only%20run%20scripts%20from%20the%20device%20itself.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20very%20much%2C%20looking%20forward%20to%20any%20tips%20this%20community%20has%20to%20offer!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3291011%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Intune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20PowerShell%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3301281%22%20slang%3D%22en-US%22%3ERe%3A%20Question%3A%20Script%20to%20remove%20a%20specific%20device%20from%20MEM%20(Intune)%20and%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3301281%22%20slang%3D%22en-US%22%3EWhen%20running%20it%20on%20the%20computer%20that%20you%20want%20to%20remove%2C%20the%20%24ENV%3ACOMPUTERNAME%20will%20give%20you%20the%20computername%20of%20the%20computer.%20The%20computername%20should%20be%20the%20samen%20as%20the%20AzureAD%20object%20AFAIK.%20Let%20us%20know%20if%20it%20worked%2C%20I%20tested%20it%20myself%20in%20my%20CDX%20tenant%20and%20it%20works%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3301275%22%20slang%3D%22en-US%22%3ERe%3A%20Question%3A%20Script%20to%20remove%20a%20specific%20device%20from%20MEM%20(Intune)%20and%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3301275%22%20slang%3D%22en-US%22%3EThank%20you%20Harm!%20Quick%20question%2C%20I%20believe%20in%20the%20script%20you%20posted%20for%20the%20removal%20of%20the%20Azure%20AD%20device%20we%20would%20need%20the%20COMPUTERNUME%20variable%2C%20right%3F%20What%20if%20we%20don't%20have%20that%3F%3CBR%20%2F%3E%3CBR%20%2F%3EI've%20received%20multiple%20possible%20solutions%20through%20other%20channels%20as%20well%20and%20will%20test%20these%20May%2012th.%20I%20will%20report%20back%20afterwards.%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3298589%22%20slang%3D%22en-US%22%3ERe%3A%20Question%3A%20Script%20to%20remove%20a%20specific%20device%20from%20MEM%20(Intune)%20and%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3298589%22%20slang%3D%22en-US%22%3E%3CP%3EDid%20this%20work%20out%20for%20you%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3293655%22%20slang%3D%22en-US%22%3ERe%3A%20Question%3A%20Script%20to%20remove%20a%20specific%20device%20from%20MEM%20(Intune)%20and%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3293655%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1082419%22%20target%3D%22_blank%22%3E%40AEchtermeijer%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere's%20a%20module%20for%20autopilot%20things%20here%26nbsp%3B%20(%3CA%20href%3D%22https%3A%2F%2Fwww.powershellgallery.com%2Fpackages%2FWindowsAutoPilotIntune%2F5.0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.powershellgallery.com%2Fpackages%2FWindowsAutoPilotIntune%2F5.0%3C%2FA%3E)%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20installing%20(Install-Module%20-Name%20WindowsAutoPilotIntune.)%2C%20you%20could%20use%20this%20to%20remove%20the%20device%20from%20the%20Autopilot%20devices%20%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3EConnect-MSGraph%0AGet-AutoPilotDevice%20%7C%20Where-Object%20SerialNumber%20-eq%20(Get-WmiObject%20-class%20Win32_Bios).SerialNumber%20%7C%20Remove-AutopilotDevice%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20deletes%20the%20device%20based%20on%20the%20serialnumber%20of%20the%20machine%20that%20you're%20logged%20into%2C%20this%20could%20take%20a%20few%20minutes%20to%20process%20in%20the%20background.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20the%20removal%20of%20the%20Azure%20AD%20device%2C%20you%20can%20use%20this%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3EConnect-Azuread%0AGet-AzureADDevice%20%7C%20Where-Object%20DisplayName%20-Match%20%24env%3ACOMPUTERNAME%20%7C%20Remove-AzureADDevice%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3374740%22%20slang%3D%22en-US%22%3ERe%3A%20Question%3A%20Script%20to%20remove%20a%20specific%20device%20from%20MEM%20(Intune)%20and%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3374740%22%20slang%3D%22en-US%22%3EDid%20it%20work%20out%20for%20you%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3378898%22%20slang%3D%22en-US%22%3ERe%3A%20Question%3A%20Script%20to%20remove%20a%20specific%20device%20from%20MEM%20(Intune)%20and%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3378898%22%20slang%3D%22en-US%22%3EHi%20Harm%2C%20thank%20you%20very%20much.%20This%20worked%20beautifully!%20I%20like%20this%20particular%20script%20because%20the%20number%20of%20lines%20of%20code%20is%20limited%20and%20it%20only%20took%20%2B%2F-%205%20minutes%20of%20waiting%20time%20for%20the%20removal%20of%20the%20device%20to%20take%20effect%20in%20the%20tenant.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20two%20additional%20questions%20though%3A%3CBR%20%2F%3E1.%20After%20running%20the%20%22%5B...%5D%20Remove-AutopilotDevice%22-command%2C%20it%20prompts%20me%20to%20log%20in%20with%20a%20user%20account.%20While%20the%20company%20branding%20is%20showing%2C%20it%20does%20not%20specify%20the%20exact%20tenant%20(e.g.%20contoso.onmicrosoft.com).%20Would%20there%20be%20a%20command%20to%20show%20the%20current%20tenant%20of%20the%20device%3F%3CBR%20%2F%3E2.%20The%20%22%5B...%5DRemove-AzureADDevice%22-command%20relies%20on%20the%20COMPUTERNAME%20and%20the%20Azure%20AD%20Object%20name%20to%20be%20identical.%20Could%20there%20be%20a%20possibility%20that%20these%20are%20not%20identical%20and%20if%20so%2C%20how%20could%20we%20go%20about%20this%3F%3CBR%20%2F%3E%3CBR%20%2F%3EAgain%2C%20many%20thanks%20for%20your%20input!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3378920%22%20slang%3D%22en-US%22%3ERe%3A%20Question%3A%20Script%20to%20remove%20a%20specific%20device%20from%20MEM%20(Intune)%20and%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3378920%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1082419%22%20target%3D%22_blank%22%3E%40AEchtermeijer%3C%2FA%3E%26nbsp%3BNo%20problem%2C%20sometimes%20short%20scripts%20can%20be%20effective%20and%20easy%20to%20read%20too%20%3B)%3C%2Fimg%3E%20Not%20sure%20if%20you%20can%20show%20the%20tenant%20name%2C%20it's%20a%20Modern%20Auth%20prompt..%20But%20you%20do%20see%20the%20company%20branding%2C%20there's%20no%20info%20in%20the%20username%20hint%20field%20or%20sign-in%20page%20text%3F%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Harm_Veenstra_0-1652692109730.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F371813i2E270074BA8252CF%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Harm_Veenstra_0-1652692109730.png%22%20alt%3D%22Harm_Veenstra_0-1652692109730.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EAnd%20I%20don't%20think%20that%20there's%20a%20possibility%20that%20these%20two%20are%20different%2C%20if%20the%20computername%20is%20changed%20on%20the%20computer%20itself%2C%20it%20updates%20the%20Azure%20AD%20registration%20AFAIK%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
AEchtermeijer
New Contributor

‎Apr 21 2022 12:06 AM - edited ‎Apr 21 2022 12:11 AM

‎Apr 21 2022 12:06 AM - edited ‎Apr 21 2022 12:11 AM

Question: Script to remove a specific device from MEM (Intune) and Azure AD

I am looking for a script to fully remove an (Autopilot) device from a Microsoft tenant. The goal is to remove a specific device that I have physical access to from both Microsoft Endpoint Manager (Intune) and Azure AD. I want to accomplish this by running a (PowerShell) script on the device itself. The script should return output to indicate success or failure.

 

Please keep the following parameters in mind: Before running the script, I have access to the physical device and I know the serial number of the device. I do not know the deviceID or tenant of the specific device, but I do have an Intune Admin account in the tenant where the device sits. The device is an Autopilot device. I do not want to log into the Microsoft tenant directly but only run scripts from the device itself.

 

Thank you very much, looking forward to any tips this community has to offer!

226 Views
0 Likes
7 Replies
Reply
7 Replies
best response confirmed by AEchtermeijer (New Contributor)
Harm_Veenstra

‎Apr 25 2022 12:53 AM

‎Apr 25 2022 12:53 AM

Solution

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

@AEchtermeijer

 

There's a module for autopilot things here  (https://www.powershellgallery.com/packages/WindowsAutoPilotIntune/5.0),

 

After installing (Install-Module -Name WindowsAutoPilotIntune.), you could use this to remove the device from the Autopilot devices : 

 

Connect-MSGraph
Get-AutoPilotDevice | Where-Object SerialNumber -eq (Get-WmiObject -class Win32_Bios).SerialNumber | Remove-AutopilotDevice

 

This deletes the device based on the serialnumber of the machine that you're logged into, this could take a few minutes to process in the background.

 

For the removal of the Azure AD device, you can use this:

 

Connect-Azuread
Get-AzureADDevice | Where-Object DisplayName -Match $env:COMPUTERNAME | Remove-AzureADDevice
1 Like
Reply
Harm_Veenstra

‎Apr 29 2022 02:43 AM - edited ‎May 01 2022 03:28 AM

‎Apr 29 2022 02:43 AM - edited ‎May 01 2022 03:28 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

Did this work out for you ?

0 Likes
Reply
AEchtermeijer

‎May 03 2022 04:55 AM

‎May 03 2022 04:55 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

Thank you Harm! Quick question, I believe in the script you posted for the removal of the Azure AD device we would need the COMPUTERNUME variable, right? What if we don't have that?

I've received multiple possible solutions through other channels as well and will test these May 12th. I will report back afterwards. :)
0 Likes
Reply
Harm_Veenstra

‎May 03 2022 05:02 AM

‎May 03 2022 05:02 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

When running it on the computer that you want to remove, the $ENV:COMPUTERNAME will give you the computername of the computer. The computername should be the samen as the AzureAD object AFAIK. Let us know if it worked, I tested it myself in my CDX tenant and it works
1 Like
Reply
Harm_Veenstra

‎May 14 2022 03:18 AM

‎May 14 2022 03:18 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

Did it work out for you?
0 Likes
Reply
AEchtermeijer

‎May 16 2022 02:01 AM

‎May 16 2022 02:01 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

Hi Harm, thank you very much. This worked beautifully! I like this particular script because the number of lines of code is limited and it only took +/- 5 minutes of waiting time for the removal of the device to take effect in the tenant.

I have two additional questions though:
1. After running the "[...] Remove-AutopilotDevice"-command, it prompts me to log in with a user account. While the company branding is showing, it does not specify the exact tenant (e.g. contoso.onmicrosoft.com). Would there be a command to show the current tenant of the device?
2. The "[...]Remove-AzureADDevice"-command relies on the COMPUTERNAME and the Azure AD Object name to be identical. Could there be a possibility that these are not identical and if so, how could we go about this?

Again, many thanks for your input!
1 Like
Reply
Harm_Veenstra

‎May 16 2022 02:11 AM

‎May 16 2022 02:11 AM

Re: Question: Script to remove a specific device from MEM (Intune) and Azure AD

@AEchtermeijer No problem, sometimes short scripts can be effective and easy to read too ;) Not sure if you can show the tenant name, it's a Modern Auth prompt.. But you do see the company branding, there's no info in the username hint field or sign-in page text?

Harm_Veenstra_0-1652692109730.png

And I don't think that there's a possibility that these two are different, if the computername is changed on the computer itself, it updates the Azure AD registration AFAIK

 

0 Likes
Reply