How can I delete or remote stale devices in Azure AD using Policy or PowerShell ?

EnterpriseArchitect 4,741 Reputation points
2022-08-19T11:45:40.497+00:00

Folks,

How can I delete or remove the old device in Azure AD with ApproximateLastLogonTimeStamp older than 120 days?

Is there any PowerShell or Azure Policy to do that automatically?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,582 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,465 questions
0 comments
Accepted answer
  1. Carlos Solís Salazar 16,531 Reputation points
    2022-08-19T12:05:51.39+00:00

    Hi @EnterpriseArchitect

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    It will be this script in PowerShell: 

    $dt = (Get-Date).AddDays(-120)  
$Devices = Get-AzureADDevice -All:$true | Where {($_.ApproximateLastLogonTimeStamp -le $dt) -and ($_.AccountEnabled -eq $false)}  
foreach ($Device in $Devices) {  
Remove-AzureADDevice -ObjectId $Device.ObjectId  
}

    The following documentation has more details

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
    NOTE: To answer you as quickly as possible, please mention me in your reply.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest