In this post, you will learn how to delete windows autopilot device from Intune. Let’s review the steps to clean up your Intune Windows autopilot devices more quickly.
You may need to perform the cleanup in several scenarios when you need to use devices for testing or assign to the users depending on the situation whether you are deleting the device from Azure Active Directory (Azure AD) or need to keep it for other purposes.
Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. Windows Autopilot can be used to deploy Windows PCs or HoloLens 2 devices.
With the help of Intune and AutoPilot, you can pre-configure, reset, re-purpose, and recover your devices. You can do the customization, and deploy the setting without re-imaging, which saves you a lot of time. There is no days limit and the re-registration is needed to complete a successful deployment if the device is registered and not enrolled.
If you are looking for a simple way to export and import your Windows Autopilot devices, there are multiple methods available, and Intune has a built-in option. Learn how to export the windows autopilot devices in Intune.
- Windows AutoPilot Process End To End Guide
- PS Script To Add Or Modify Group Tag Of Autopilot Devices In Intune
Points to Consider
Removing a device from your tenant requires you to delete the Intune device, the Azure Active Directory device, and the Windows Autopilot device records. This can all be done from Intune portal.
- If the devices are enrolled in Intune, you must first delete them from the Intune All devices blade.
- Delete the devices in Azure Active Directory devices at Devices > Azure AD devices.
Delete Windows Device from Intune
When you register a device with Windows Autopilot, an Azure AD device object will be created corresponding to that Azure AD device.
Starting in Intune Service Release 2307, Windows Autopilot is making it easier to manage devices by adding one step removal of a device in Autopilot devices in Intune. One step removal of a device means that you can now remove the Autopilot registration of a device without needing to delete the record in Intune.
If your device is enrolled in Intune, you must first follow the step to delete from All devices node. If you haven’t enrolled yet, You can delete the device from the Windows Autopilot section.
- Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com/.
- Navigate to Devices > Windows. Under Windows devices, Search for the device from the list you want to delete.
- Click on the device to get inside the overview tab.
Once you click on Delete, you will see the message appears as shown below. You can read the impact of deleting the device and Click on Yes to proceed.
If you delete this device, you will no longer be able to view or manage the device from the Intune portal. The device will no longer be allowed to access your company’s corporate resources. Company data may be wiped from the device if the device tried to check-in after it is deleted.
Once you clicked on delete, you will receive a message Delete initiated. It will take a few minutes to complete the process, you can back and hit refresh. You will find, the device is no longer available on Windows devices.
Delete Windows Autopilot Device From Intune
The next step is to perform the deletion of Windows Autopilot devices. You can use the following steps to delete Windows Autopilot Device from Intune.
- Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com/.
- To delete the Windows Autopilot devices, Navigate to Devices > Windows > Windows enrollment. Click on Devices to see managed windows autopilot devices.
Note – You can delete Windows Autopilot devices that aren’t enrolled in Intune directly from here.
In Windows Autopilot Deployment Program, Choose the devices you want to delete, then choose Delete.
Once you click on Delete. A prompt message will appear Are you sure you want to delete the selected device? Click on Yes to continue the deletion process.
Windows Autopilot device deletion can take a few minutes to complete. You can wait to get the successful deletion message.
Note – You might need to delete Windows Autopilot devices from Azure AD due to communication issues or missing devices.
Click on the Notifications icon to get the status. Once the successfully deleted the selected device, you will receive a message Device record successfully deleted. You see the selected device has been successfully deleted from Windows Autopilot devices.
Note – You may experience the notification message sometimes resulting in Deletion took longer than normal. Try refreshing the devices list in a little while. In this scenario, please refresh and wait for a moment. You will find the device has been deleted.
thank you, however no-one follows up by sayinbg what happens to the device and its user experience after deletion, what if someone leaves the org but is given the laptop? what do they have to do to have a working laptop that previously only had a azure AD login?
Complete a Windows reset on the laptop and then it will be available for any normal login.
How do you identify the device if it has been deleted from devices within Intune but Appears in Azure AD.
We have many devices showin in Azure AD with old device names that no longer correspond with any device name in Intune.
And because there is no identifying object such as a serial number you cannot identify the device in the Windows Autopilot Deployment Program.
Garry — I had this question for months and I think I finally got an answer to it in another forum. People kept answering it incorrectly (by giving me Intune queries).
Copy the Device ID from Azure Portal.Open Microsoft Graph Explorer – https://developer.microsoft.com/en-us/graph/graph-explorer.
Authenticate to your tenant if not automatically logged in.In the query window select Get and enter the following query: https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities?$filter=azureActiveDirectoryDeviceId eq ‘Azure Device ID’.
Where ‘Azure Device ID’ is the one you copied from the Azure Portal. This will return the Autopilot id, group tag, serial number and a bunch of other information to locate the device in Autopilot.
Note that an admin with proper permissions will have to CONSENT for this query and may need to assign it to your user.
I’m looking for a solution to exactly what Charlie mentioned above. The device in question is 3 hours away from me. I can walk the end user through a manual reset after it’s removed from our tenant but this really doesn’t feel like the right answer
Hi,
Actually I’m literally tried to find what is correct solution for below 2 scenerio.
Below is my problem
In the first scenario, the entry of hybrid AP devices in Intune displays the join type as Azure AD Joined or Azure AD Registered, and their Azure ID doesn’t matches with the Hybrid entry in AZURE, and the devices are locally hybrid Joined. However, when I perform a local sync, the correct information is retrieved, and the join type changes to Hybrid Azure AD Joined from Azure AD Joined or Azure AD Registered.
In the second scenario, the hybrid devices’ entries in Intune show the join type as Azure AD Joined or Azure AD Registered, but their Azure ID matches with the hybrid entry in Azure, and the devices are locally hybrid. However, performing a local sync does not provide a resolution in this case.
I also have a concern regarding the conditional access MFA of Azure, specifically “Microsoft Intune Enrollment.” Could you please provide a document related to this topic to help me understand its role in more detail? About this I want to know beacuse after enrolled hybrid autopolit when user reached at home screen of device window ask and pop message appears to verify the account and after verifying for some devices ( of case 1)which have HAAD entry in azure initially some columns are missing like owner, upn ,MDM scope is none but when i hit sync button and verify my account credentials then all the information appears in Azure and intune join type change from Azure AD joined or azureadjoined registered to hybrid azure Ad joined (this for 1st scenario)that is why I am doubting on it and if it’s root cause so i can exclude it from azure ad conditional access MFA.
For 2nd second scenario MS team suggested like we can delete 1st record their my join type in Intune will replicate as hybrid azure Ad joined.
But in internet I’m confusing so much no authenticating documents what their impact on devices
@Dinesh, In Hybrid Azure AD scenario, you will always find 2 entries of same device name – one is of Azure AD joined which is created when autopilot starts and other one is created when device object is created in on prem AD and then sync back to Azure AD on Azure AD connect sync cycle (usually within 30 mins) post on prem AD authentication. I would suggest you remove “Microsoft Intune” app from MFA policy as it holds back device sync to Intune unless user has authenticated (you will get error like failed to get AAD token). So dont exclude “Microsoft Intune Enrollment” app but instead exclude “microsoft Intune” app and you should be good.
@Suraj, You might be Lil incorrect here, we don’t need to exclude Microsoft intune MFA rather than we need to exclude Microsoft intune enrollment MFA.
Microsoft intune MFA is must for security reason if you want 2nd layer of authentication for the out the organisation environment.
Well I get all the answer of my queries what are reason behind of it and how i can delete 1st record and reason of cause of incorrect join type of hybrid records in intune.