How can I configure the policy in Intune or Entra ID to automatically delete and remove stale computers with the activity older than 6 months?

EnterpriseArchitect 4,741 Reputation points
2024-04-16T12:41:33.58+00:00

How do I set up the policy in Intune or Entra ID to automatically delete and remove stale computers with activity older than 6 months?

or any PowerShell script that I can safely run regularly to remove any Device in Entra ID with no activity for more than 6 months.

I am currently utilizing Hybrid Active Directory, which is synchronized with Azure AD Connect, along with an Entra ID Premium P2 license. I have a PowerShell script that allows me to delete any stale OnPremise AD Computer objects.

However, even after deleting these objects from OnPremise AD, the devices still exist in Entra ID (Azure AD).

Thank you

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,614 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,723 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,348 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,515 questions
0 comments
Accepted answer
  1. Crystal-MSFT 42,961 Reputation points Microsoft Vendor
    2024-04-17T02:21:12.3066667+00:00

    @EnterpriseArchitect, Thanks for posting in Q&A. To remove the stale devices in Microsoft Entra ID, you can run the script in the following link:

    https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices

    To automatically delete devices which haven't checked in for this many days. you can set Device cleanup rules in Intune.

    https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe#automatically-delete-devices-with-cleanup-rules

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. xenia 391 Reputation points
    2024-04-17T01:25:09.7233333+00:00

    @EnterpriseArchitect Intune has a feature called "Device cleanup rules". We can configure Intune to automatically remove devices that appear to be inactive, stale, or unresponsive. These cleanup rules continuously monitor your device inventory so that your device records stay current. Devices deleted in this way are removed from Intune management. Please refer to this article:

    https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe#automatically-delete-devices-with-cleanup-rules

    However, the device removal is only applicable to Intune portal and devices do not get removed from Entra ID. It is needed to perform the device cleanup task in Entra ID portal to remove the stale record permanently.

    https://www.tbone.se/2024/02/09/cleaning-up-inactive-intune-and-entra-id-devices/

    Hope it will help.

    1 person found this answer helpful.