I would like to draw your attention once again to the topic of device clean-up of cloud computer objects. It is extremely important that the devices in a Modern Workplace infrastructure are also maintained cleanly, since there is often a dynamic rollout process behind it. To understand the big picture where which device can be deleted and how the dependencies look like I would like to point out in this blog article. For more detailed explanations or questions, I’m happy to help on my social media.
Table of Contents
Building Device Objects in the Microsoft Cloud (MDM)
When a device is added to Microsoft Intune Management and installed using the Autopilot facility, there are several places where a device object is created for management. The problem is that when the device is deleted via Intune Device Clean Up Rules, corpses are created in the Azure Active Directory and Autopilot database.
To illustrate this, the following basic drawing was created.
In order to keep the overview, the following three locations must be checked.
- Intune –> Devices –> All Devices
- Intune –> Devices | Enroll devices –> Enroll devices | Windows Enrollment
- Azure AD –> Devices –> All Devices
If you want to remove a device manually, you should probably do this manually. Until Microsoft builds a solution to perform the deletion process across multiple services.
Intune Device Clean-Up Rules
First, let’s take a look at Intune Device Clean-Up Rules.
What are Intune Device Clean-up Rules?
You can specify criteria for removing devices from your Intune console using the Microsoft Intune feature known as Intune Device Clean-up Rules. The last time a device checked in, the OS version, and other factors can be used to set rules.
A device will be automatically removed from your device inventory when it satisfies the criteria you’ve specified by Intune. The device won’t appear in your Intune console anymore, which will make it simpler for you to manage and keep track of your active devices. I recommend this other Blog Aritcel from Prajwal Desai
How do Intune Device Clean-up Rules work?
According to the rules you’ve established, Intune Device Clean-up Rules analyze your device inventory. For instance, you could create a rule that deletes any devices that haven’t logged into Intune in the previous 30 days. Then, Intune will automatically review your device inventory and remove any matching devices.
There are the following conditions:
Attention: This deletion action won’t remove or delete or clean up the device from Azure Active Directory.
Following the establishment of your Intune Device Clean-up Rules, Intune will automatically review your device inventory on a regular basis and remove any devices that satisfy the criteria you’ve established.
How can I use Intune Device Clean-up Rules?
Your Intune console can kept tidy and uncluttered by using Intune Device Clean-up Rules. Here are some pointers for effectively utilizing Intune Device Clean-up Rules. Establish standards that are reasonable for your organization. For instance, you might set a rule to remove devices that haven’t checked in to Intune in the past 90 days if you have a lot of infrequently used devices.
Before applying your rules, make sure they work. Make sure you don’t unintentionally take away active devices.
Watch your device inventory. Even with Intune Device Clean-up Rules in place, it’s crucial to periodically review your device inventory to ensure you aren’t overlooking anything crucial.
Intune Autopilot Clean-Up Devices
The device in the Autopilot database must manually deleted at the current time. This can be done using the following mask. Attention the deletion process may take a few minutes, after completion I definitely recommend to start a manual sync again.
From the community there are also Powershell approaches which automate this. To learn more about this I recommend the article by Oliver Kieslbach – Cleanup Windows Autopilot registrations.
Azure Active Directory – Remove Stale Devices
In Azure Active Directory, it is relatively easy to delete a device, provided the previous steps have performed correctly.
After a certain time, devices display in the AAD with a stale status. How this can be easily fixed via PowerShell I have already described in a separate blog article. Here is a screenshot excerpt.
Intune Device Clean-up Rules are a useful tool for keeping your Intune-managed devices clean and organized, to sum up. You can streamline your device management and maintain an up-to-date device inventory by establishing criteria for removing inactive and out-of-date devices. Now is the ideal time to start using Intune Device Clean-up Rules, if you haven’t already.
In addition, however, it is enormously important to understand the complete structure so that no old device objects show up in the dashboards.