how to disassociate a device from specific user in Microsoft Entra without deleting the device itself ( there is an image of the problem attached )

Question

how to disassociate a device from specific user in Microsoft Entra without deleting the device itself ( there is an image of the problem attached )

62498367 5

the problem is highlighted

Navya 20,100 Reputation points Microsoft External Staff Moderator

2024-02-08T11:44:38.8966667+00:00

Hi @62498367 Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Navya 20,100 Reputation points Microsoft External Staff Moderator

2024-02-13T03:55:08.99+00:00

@62498367
Following up to see if the below answer was helpful. Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions. if you have any further query do let us know.

1 answer

Your answer

Navya 20,100 Reputation points Microsoft External Staff Moderator

2024-02-08T11:44:38.8966667+00:00

Hi @62498367 Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Navya 20,100 Reputation points Microsoft External Staff Moderator

2024-02-13T03:55:08.99+00:00

@62498367
Following up to see if the below answer was helpful. Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions. if you have any further query do let us know.

Answer 1

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Moderator

Hello @62498367 , to remove a registered user from Entra ID device you can leverage the Microsoft Graph PowerShell SDK and the MSAL.PS module. Eg.

# Replace the following variables
$TenantId = "string"
$DeviceObjectId = "guid"
$UserId = "guid"

$ClientId = "17a6e0ad-a3ea-4364-9b1a-f0bdc4af8dde"

$token = Get-MsalToken -ClientId $ClientId -TenantId $TenantId -Interactive  -Scopes ".default"

Connect-MgGraph -AccessToken ($token.AccessToken | ConvertTo-SecureString -AsPlainText -Force) -NoWelcome

Remove-MgDeviceRegisteredUserByRef -DeviceId $DeviceObjectId -DirectoryObjectId $UserId

Full PowerShell function available here.

Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

62498367 5 Reputation points

2024-01-30T05:46:43.61+00:00

@Alfredo Revilla - Upwork Top Talent | IAM SWE SWA thank you for your response. i tried it, first time no output showed just some info, i checked the user and the device it's there. then i ran the script again but the time this error showed ( image attached )
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator

2024-01-31T04:58:06.2+00:00

Hello @62498367 , 404 will happen on a second attempt after the first one was successful. The user should not appear in the list of registered users anymore, however depending on the client or connection you may see some delay in data replication.

Share via

how to disassociate a device from specific user in Microsoft Entra without deleting the device itself ( there is an image of the problem attached )

1 answer

Your answer