Remove Windows Device from Azure AD Join | Intune Management

Learn how to remove Windows device from Azure AD join. If you remove a Windows 10/11 device from AzureAD join, you won’t be able to view or manage the devices from the Intune and Azure portals.

The Windows devices Joined only to Azure AD requiring an organizational account to sign in to the Windows 11 or Windows 10 device. This is supported for All Windows 11 and Windows 10 devices except Home editions.

Remove a registered, Windows device from management when you no longer want or need to use your device for work or school and Access work or school email, apps, or other resources. The devices won’t be able to access their company’s corporate resources.

Here is the manual process of Windows 11 Intune enrollment for the scenario. In the post, you will learn how to join Windows 10 or Windows 11 to Azure AD manually. Yes, you can perform Windows 10 Azure AD entry manually.

We often get many inactive and stale Intune records due to the nature of test device enrollments. To keep Intune environment and reports current by cleaning up these stale devices. You can configure the automatic Intune device cleanup rules, which clean up inactive, and have not checked in recently.

• Windows 10/11 Azure AD Join Manual Process Step by Step
• Remove Work Profile from Intune Managed Android Devices

What happens if you remove the device from Intune

Make sure to go through the points to know What happens if you remove the device from Intune before unenrolling your device and how your device and access to work or school will change after you remove your device running Windows 11, and Windows 10 from Intune.

• Your device is removed, can’t install apps from Company Portal.
• Intune client software (if installed) will be removed from your computer.
• Your computer no longer receives automatic software updates or antivirus software updates from the Intune service.

Remove Windows Device from Azure AD Join

Let’s follow the steps to remove a Windows device from Azure AD Join. After you unregister the windows 10/11 device, you will lose device access to school or work resources.

• Login to Windows 11 with your organizational account.
• Go to Start and click the Start button -> Settings.
• Select Accounts > Access work or school.

Select Access work or school, select the connected Azure AD domain account that you want to remove, and click Disconnect.

Click Yes to confirm the removal of the account. This will remove your access to resources like email, apps, networks, and all content associated with it. Your organization might also remove some data stored on this device.

Click on Disconnect, After disconnecting you won’t be able to sign in to this PC with your organization’s account.

If this PC has BitLocker installed and running, make sure you save a copy of the BitLocker recovery key somewhere other than this PC.

Enter the sign-in info for a local administrator account. This can be a Microsoft account or a local account. Here Enter the username and password for an existing account, If you don’t have one, you will need to create a new account, click OK.

Click on Restart now or Restart later to remove windows device from Azure AD join, After restarting, your PC won’t be joined to Azure AD. You will need to sign in with another user account.

Once you are done with the restart, You can validate the settings account information. Here you can see the account is successfully removed and the device is no longer part of Azure AD join.

You can validate the Join Status – Command Line Option. Open Command prompt as an administrator in the Cloud PC and type dsregcmd /status. In the output, you will see AzureAdJoined field value should be NO.

Remove Windows Device from Azure AD using Command Line

When you remove a device, you can also remove it from Azure Active Directory (Azure AD) and Microsoft Intune. The following steps help you to remove Windows devices from Azure AD join using the command line.

• Sign In to Azure Portal https://portal.azure.com/.
• Navigate to the Azure AD, Select the device from the list which you want to remove.

Note – Here you can also confirm that a device was either removed from or added to Intune and AzureAD, You will see all the lists of active devices depending on the syncing the device also be automatically removed from the Azure AD portal.

The place to look at Windows 10 or 11 Azure AD Join results is from the Azure AD portal – Users or Devices pane or Intune blade. In the device properties, get the device’s Object ID.

You can use the Azure Active Directory PowerShell module, To Install Azure AD Module, Type the following command in PowerShell.

Install-Module AzureAD

You will be prompted to confirm the installation and import of the NuGet provider. Enter Y in all confirmation dialogs. The package installation will take a few minutes, wait for the installation to finish, then close the PowerShell window.

Type the Connect-AzureAD cmdlet to connect an authenticated account to use for Azure Active Directory cmdlet requests. You can use this authenticated account only with Azure Active Directory cmdlets.

Once you connected, the details for your account and connected tenant domain will be displayed here, you can see the information and validate.

Type the Remove-AzureADDevice cmdlet to remove a device from Azure Active Directory (AD). This command removes the specified windows device from Azure AD Join.

Remove-AzureADDevice -ObjectId "99a1915d-298f-42d1-93ae-71646b85e2fa"

-ObjectId
Specifies the object ID of a device in Azure AD.
-Remove-AzureADDevice
Remove Windows device from Azure AD Join. 

Important – The command does not provide a warning. Running this command will delete devices without prompting, and remove windows device from Azure AD Join.

Author