Share via

How can I configure the policy in Intune or Entra ID to automatically delete and remove stale computers with the activity older than 6 months?

EnterpriseArchitect 6,041 Reputation points
2024-04-16T12:41:33.58+00:00

How do I set up the policy in Intune or Entra ID to automatically delete and remove stale computers with activity older than 6 months?

or any PowerShell script that I can safely run regularly to remove any Device in Entra ID with no activity for more than 6 months.

I am currently utilizing Hybrid Active Directory, which is synchronized with Azure AD Connect, along with an Entra ID Premium P2 license. I have a PowerShell script that allows me to delete any stale OnPremise AD Computer objects.

However, even after deleting these objects from OnPremise AD, the devices still exist in Entra ID (Azure AD).

Thank you

Microsoft Security | Intune | Configuration
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Intune | Other
Microsoft Security | Microsoft Graph
Microsoft Security | Microsoft Entra | Other
0 comments
Accepted answer
  1. Crystal-MSFT 53,991 Reputation points Microsoft External Staff
    2024-04-17T02:21:12.3066667+00:00

    @EnterpriseArchitect, Thanks for posting in Q&A. To remove the stale devices in Microsoft Entra ID, you can run the script in the following link:

    https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices

    To automatically delete devices which haven't checked in for this many days. you can set Device cleanup rules in Intune.

    https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe#automatically-delete-devices-with-cleanup-rules

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. xenia 391 Reputation points
    2024-04-17T01:25:09.7233333+00:00

    @EnterpriseArchitect Intune has a feature called "Device cleanup rules". We can configure Intune to automatically remove devices that appear to be inactive, stale, or unresponsive. These cleanup rules continuously monitor your device inventory so that your device records stay current. Devices deleted in this way are removed from Intune management. Please refer to this article:

    https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe#automatically-delete-devices-with-cleanup-rules

    However, the device removal is only applicable to Intune portal and devices do not get removed from Entra ID. It is needed to perform the device cleanup task in Entra ID portal to remove the stale record permanently.

    https://www.tbone.se/2024/02/09/cleaning-up-inactive-intune-and-entra-id-devices/

    Hope it will help.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.