Automatic Intune Device Cleanup Rules Delete Stale Devices

Let’s learn how to set up automatic Intune Device Cleanup Rules to delete stale records. Stale records could create issues with Intune reporting, compliance reports, etc.

In this quick blog post, you will learn more details about how to set up Automatic Intune device cleanup rules. This cleanup task is similar to SCCM maintenance tasks.

Intune device clean-up rule to delete stale records helps Intune admins to choose between 30 and 270 days to remove the inactive device records from Intune automatically. I would recommend keeping these numbers as per your organization’s requirements.

Microsoft confirmed that you don’t need to worry about the device whose employees are on long leave such as medical, subatical, etc. Because even though the device is deleted from Intune portal, the backend will keep the devices until the device certificate expires.

Patch My PC

However, you don’t have the same (like SCCM) control on Intune maintenance tasks. It’s not mandatory to set the cleanup rules within your Intune tenant because of the default behavior explained below.

Video Automatic Intune Device Cleanup Rules Delete Stale Devices

Let’s discuss, Intune Device Clean-up Rules in Detail | Remove Stale Record from Intune and Azure AD | Automation of maintenance tasks for Intune in this video.

Intune Device Clean-up Rules in Details | Remove Stale Record from Intune and Azure AD | Automation

Intune Maintenance Activities

There are different types of maintenance activities in Intune. The infra side of maintenance activities is not visible to customers. Automatic Intune Device Cleanup Rules is Intune Maintenance Activity to clean up stale device records from Intune device management solution.

  • Manual maintenance activities such as cleaning old/legacy apps, policies, Wi-Fi, VPN profiles, etc.
Intune Maintenance Activities - Automatic Intune Device Cleanup Rules Delete Stale Devices - Fig 2
Intune Maintenance Activities – Automatic Intune Device Cleanup Rules Delete Stale Devices – Fig 2

Automatic Intune Device Cleanup Rules Delete Stale Devices

These Device Cleanup rules are available to automatically remove devices that haven’t checked in for several days you set. Go to the Intune pane, choose Devices, and select Device cleanup rules to see a new law.

Adaptiva

When setting this Intune Device Cleanup Rule to Yes, Intune deletes devices based on the custom number of days you specify.

  • Delete Devices based on last check-in DateYES.
  • Delete Devices that haven’t checked in for this many days90 Days (Checkout NOTE 1 for more details)
  • Click on the SAVE button to apply the rule (Checkout NOTE 2 for more information)
Automatic Intune Device Cleanup Rules Automatic Intune Device Cleanup Rules Delete Stale Devices
Delete Devices based on Last Check-in Date 1 Automatic Intune Device Cleanup Rules Delete Stale Devices

NOTE 1 – You can have custom days value between 90 to 270. Set your Intune device cleanup rules to delete Intune MDM enrolled devices that appear inactive, stale, or unresponsive. Intune applies cleanup rules immediately and continuously so that your device records remain current.

NOTE 2 – Once you click the Save button, all devices that have been inactive for the specified number of days will immediately be deleted from Intune. Intune will continue to delete devices as they exceed the number of set days. Reports with data about the removed devices may take up to 48 hours to refresh.

When you set Delete Devices based on the last check-in Date to No, Intune automatically deletes all devices that haven’t checked in to Intune for more than 270 days.

After you click Save, all devices that have been inactive for the specified number of days will immediately be deleted from Intune. Intune will continue to delete devices as they exceed the number of set days. Reports with data about the deleted devices may take up to 48 hours to refresh.

Intune Device Cleanup Rule is set to NO - Automatic Intune Device Cleanup Rules
Intune Device Cleanup Rule is set to NO 2 Automatic Intune Device Cleanup Rules Delete Stale Devices

Intune Device Cleanup Rules Behavior

Set your Intune device cleanup rules to delete Intune MDM Enrolled and Co-Managed SCCM devices that appear as any of the following conditions, then Intune applies cleanup rules immediately.

  • Inactive
  • Stale
  • Unresponsive

NOTE 1 – Intune will also make sure the device is relevant by performing this cleanup task continuously so that your device records remain current.

NOTE 2 – This deletion action won’t remove or delete or clean up the device from Azure Active Directory. More details are in the Resources section.

How to Find Out Affected Devices

Intune provides an option to find out and export the affected devices with the Device Cleanup rules you just implemented above.

Once you click the Save button on Device Cleanup Rules, all devices that have been inactive for the specified number of days (90 Days in the above example) will immediately be deleted from Intune.

NOTE! To ensure that you are deleting the correct devices, I recommend clicking on the “View Affected Devices” link and confirming whether you want to remove those devices.

These are the devices that haven’t checked in for 90 Days.

Affected Devices with Intune Device Cleanup Rules -  Automatic Intune Device Cleanup Rules Delete Stale Devices
Affected Devices with Intune Device Cleanup Rules 3 Automatic Intune Device Cleanup Rules Delete Stale Devices

Do we have the option to delete only Windows Devices?

We don’t have the option to delete only Windows Devices at this point in time. This clean-up rule in Intune is for all the stale records from Intune Devices node.

Intune Device Certificate Validity Dependency?

Dependencies on Reappearance of devices into Intune console. Microsoft Intune MDM Device CA certificate is valid for 1 year.

The threshold for devices to show up in the Intune portal is 180 days provided the Intune device certificate is not expired. if you have configured Delete devices that haven’t checked in for this many days as 90 days.

Intune Device Certificate Validity Dependency?
Intune Device Certificate Validity Dependency?

Resources

8 thoughts on “Automatic Intune Device Cleanup Rules Delete Stale Devices”

  1. One of the Microsoft articles says if device checks in before 180 days, it can be auto recovered. Is it 180 days or 365 days. As we have MDM certificate valid for 1 year?
    Reference – techcommunity.microsoft.com/t5/device-management-in-microsoft/using-intune-device-cleanup-rules-amp-160/ba-p/377272

    Reply
  2. Hi Anoop,

    Thank you for sharing a Nice blog about remove stale devices from Intune. Can you please share me the blog which you have created for Autopilot troubleshooting & Monitoring.

    Thanks
    Narayanan

    Reply
  3. Hi Anoop, Thanks for sharing your deep and impressive knowledge of Intune and Cloud management. Like many of us techies who use your articles I haven’t posted my thanks (until now). I do wonder about when the devices that get cleaned up (deleted) from Intune will be removed from the Azure AD database also…? Would this happen automatically after the year long certificate validity expires, or do we need to remove these devices with a script somehow?
    I also wonder about Autopilot device objects (by serial number) in Intune – are these device objects also removed at the same time as the computer hostname Intune object is cleaned by this rule?
    Thanks for your assistance understanding how this works,
    Andy

    Reply
  4. Hi Anoop, I am looking to clarify something I can’t find out for sure. If you pre-provision a windows device via Autopilot, and the device never reaches a user before the clean up rule kicks in, will that device be removed as well?

    We build stock way in advance on occasion so wondering how aggressive we should be with the clean ups.

    Thanks

    Reply
  5. I am curious what is the user experience like for a device returns from being inactive?

    Does the device automatically re-appear in Intune, or would it need to go through re-enrollment with Intune either via ADE/Autopilot/Automatic or manual onboarding?

    From an educational standpoint we may devices that are offline for a few months then suddenly pop up online again, would be very curious to better understand how that all works from a administrator and user perspective side of things.

    Also would the experience be different for a Hybrid vs AAD Environment?

    Reply
  6. Bonjour,
    J’aimerais savoir s’il y’a une possibilité de faire une exception sur certains appareils dont on souhaite encore garder pour des raisons de sensibilités des données.

    Si oui, avez vous une méthode ?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.