How can I delete or remote stale devices in Azure AD using Policy or PowerShell ?

EnterpriseArchitect 2,366 Reputation points
2022-08-19T11:45:40.497+00:00

Folks,

How can I delete or remove the old device in Azure AD with ApproximateLastLogonTimeStamp older than 120 days?

Is there any PowerShell or Azure Policy to do that automatically?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,504 questions
Microsoft Graph Identity API
Microsoft Graph Identity API
A Microsoft API to access Azure Active Directory (Azure AD) resources to enable scenarios like managing administrator (directory) roles, inviting external users to an organization, and, if you are a Cloud Solution Provider (CSP), managing your customer's data.
272 questions
Accepted answer
  1. Carlos Solís Salazar 10,971 Reputation points
    2022-08-19T12:05:51.39+00:00

    Hi @EnterpriseArchitect

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    It will be this script in PowerShell: 

    $dt = (Get-Date).AddDays(-120)  
$Devices = Get-AzureADDevice -All:$true | Where {($_.ApproximateLastLogonTimeStamp -le $dt) -and ($_.AccountEnabled -eq $false)}  
foreach ($Device in $Devices) {  
Remove-AzureADDevice -ObjectId $Device.ObjectId  
}

    The following documentation has more details

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
    NOTE: To answer you as quickly as possible, please mention me in your reply.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest