-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathRemove-MgStaleDevices.ps1
More file actions
129 lines (98 loc) · 3.57 KB
/
Remove-MgStaleDevices.ps1
File metadata and controls
129 lines (98 loc) · 3.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
<#
.DESCRIPTION
This script will delete stale devices (More than 180 days inactivity) from EntraID
This Script needs to be run from an Azure Automation runbook using Managed Identity
Author : Arnold Souadet
Version : 1.0
#>
##*===============================================
##* PRE-REQUISITES
##*===============================================
# Modules
# Install Module Microsoft.Graph.Identity.DirectoryManagement to azure Automation Account
# Install Module Microsoft.Graph.Authentication to azure Automation Account
# Install Module Microsoft.Graph.DeviceManagement to azure Automation Account
# Install Module Microsoft.Graph.DeviceManagement.Enrollment to azure Automation Account
#
# Managed Identity Permissions
# Microsoft Graph - Device.ReadWrite.All - Application
# Microsoft Graph - DeviceManagementServiceConfig.Read.All - Application
##*===============================================
##* END PRE-REQUISITES
##*===============================================
##*===============================================
##* IMPORT MODULES
##*===============================================
try {
Import-Module -Name Microsoft.Graph.Identity.DirectoryManagement
Import-Module -Name Microsoft.Graph.Authentication
Import-Module -Name Microsoft.Graph.DeviceManagement
Import-Module -Name Microsoft.Graph.DeviceManagement.Enrollment
Write-Output "Modules Imported with success"
}
catch {
Write-Error "Modules not imported with success"
Exit
}
##*===============================================
##* END IMPORT MODULES
##*===============================================
##*===============================================
##* VARIABLE DECLARATION
##*===============================================
#VARIABLE FOR STALE DATE
$StaleDate = (Get-Date).AddDays(-180)
##*===============================================
##* END VARIABLE DECLARATION
##*===============================================
##*===============================================
##* FUNCTIONS
##*===============================================
##*===============================================
##* END FUNCTIONS
##*===============================================
##*===============================================
##* START SCRIPT
##*===============================================
#Connect the mgGraph
try {
Write-Output "Connection to MgGraph..."
Connect-MgGraph -Identity
Write-Output "Connection established with success"
}
catch {
Write-Error "Error on MgGraph Connection"
Exit
}
# Get stale Devices
$Devices = Get-MgDevice -All | Where {$_.ApproximateLastSignInDateTime -le $StaleDate}
$AutopilotDeviceslist = Get-MgDeviceManagementWindowsAutopilotDeviceIdentity
$DevicesCount = $Devices.Count
Write-Output "There is $DevicesCount devices to remove"
#Loop to remove stale devices
foreach ($Device in $Devices) {
$DeviceName = $Device.DisplayName
$DeviceID = $Device.Id
If ($AutopilotDevicesList.AzureActiveDirectoryDeviceId -contains $DeviceID)
{
Write-Output "Device $DeviceName is Autopilot"
}
Else
{
try {
$DeviceName = $Device.DisplayName
Write-Output "Deleting device : $DeviceName - $DeviceID"
Remove-MgDevice -DeviceId $Device.Id
Write-Output "Device $DeviceName successfully deleted"
}
catch {
Write-Output "Device $DeviceName - $DeviceID can't be deleted"
}
}
}
#Disconnect MgGraph
Write-Output "Disconnecting MgGraph"
Disconnect-MgGraph
##*===============================================
##* END SCRIPT
##*===============================================