Thank you for posting this in Microsoft Q&A.
As I understand you want to delete large number of stale devices from Entra ID. You have already removed them from Intune. Now you want to remove them from Entra ID.
As Vasim Tamboli mentioned above you can browse to Entra ID portal and go to devices tab and filter the device based on your requirement and delete them in bulk by selecting the devices.
Or there is another option to perform this.
Identify the stale devices:
Devices that hasn't been used to access any cloud apps for a specific timeframe, detecting stale devices requires a timestamp-related property. In Microsoft Entra ID, this property is called ApproximateLastSignInDateTime or activity timestamp. If the delta between now and the value of the activity timestamp exceeds the timeframe you've defined for active devices, a device is considered to be stale. This activity timestamp is now in public preview.
You have two options to retrieve the value of the activity timestamp:
- The Activity column on all devices.
- The Get-MgDevice cmdlet.
While you can clean up stale devices in the Microsoft Entra admin center, it's more efficient to handle this process using a PowerShell script. Use the latest PowerShell V2 module to use the timestamp filter and to filter out system-managed devices such as Autopilot.
A typical routine consists of the following steps:
- Connect to Microsoft Entra ID using the Connect-MgGraph cmdlet
- Get the list of devices.
- Disable the device using the Update-MgDevice cmdlet (disable by using -AccountEnabled option).
- Wait for the grace period of however many days you choose before deleting the device.
- Remove the device using the Remove-MgDevice cmdlet.
Get the list of devices
To get all devices and store the returned data in a CSV file:
Get-MgDevice -All | select-object -Property AccountEnabled, DeviceId, OperatingSystem, OperatingSystemVersion, DisplayName, TrustType, ApproximateLastSignInDateTime | export-csv devicelist-summary.csv -NoTypeInformation
If you have a large number of devices in your directory, use the timestamp filter to narrow down the number of returned devices. To get all devices that haven't logged on in 90 days and store the returned data in a CSV file:
$dt = (Get-Date).AddDays(-90)
Get-MgDevice -All | Where {$_.ApproximateLastSignInDateTime -le $dt} | select-object -Property AccountEnabled, DeviceId, OperatingSystem, OperatingSystemVersion, DisplayName, TrustType, ApproximateLastSignInDateTime | export-csv devicelist-olderthan-90days-summary.csv -NoTypeInformation
You can also use below command to get the list of devices which were inactive for more that particular number of days, and then perform delete operation on them in bulk.
Below example is set to pull devices which were inactive for more than 120 days, and deleting all devices in the output list.
$dt = (Get-Date).AddDays(-120)
$Devices = Get-MgDevice -All | Where {($.ApproximateLastSignInDateTime -le $dt) -and ($.AccountEnabled -eq $false)}
foreach ($Device in $Devices) {
Remove-MgDevice -DeviceId $Device.Id
}
Reference article: https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices
Let me know if you have any further questions on this.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.