Delete Stale Devices in AzureAD with Microsoft.Graph PowerShell

Hi All,

While checking the Devices in my M365 Tenant i was stumbled over the Stale Devices.

The List shows Devices that have an acivity more than 6 Months ago

Let’s check if we can get that Information with Microsoft.Graph PowerShell

Connect-MgGraph -Scopes Directory.ReadWrite.All, Directory.AccessAsUser.All
Get-MgDevice

Now we need to get the Devices that are older than six Months

$Devices = Get-MgDevice
$Devices | where {$_.ApproximateLastSignInDateTime -lt (Get-Date).AddMonths(-6)}

We can format that a little better

$Devices | where {$_.ApproximateLastSignInDateTime -lt (Get-Date).AddMonths(-6)}  | ft DisplayName,AccountEnabled,OperatingSystem,OperatingSystemVersion,ProfileType,IsManaged,IsCompliant,OnPremisesSyncEnabled,ApproximateLastSignInDateTime

Let’s remove these Devices

$StaleDevices = $Devices | where {$_.ApproximateLastSignInDateTime -lt (Get-Date).AddMonths(-6)}
Foreach ($StaleDevice in $StaleDevices)
{
    Write-Host "DisplayName: $($StaleDevice.DisplayName) ApproximateLastSignInDateTime: $($StaleDevice.ApproximateLastSignInDateTime)"
    $DeviceId = $StaleDevice.Id
    Write-Host "Delete Id: $DeviceId" -ForegroundColor Yellow
    Remove-MgDevice -DeviceId $DeviceId 
}

These Devices have now been gone

• Microsoft Graph Delete device

Sadly there exists no “Application” Permission. This would enable to run a Sheduled Script or a Script in Azure Automation to handle such a Task.

Regards
Andres Bohren