Delete AAD and Intune devices based on CSV and Graph API

  • last updated: Fri, 24 Mar 2023 10:05:50

The power of community is to collaborate and help others achieve goals. In this case, I got a question from Jeroen Burgerhout a good community friend to help write a script that removes over 6000 devices from Intune and Azure Active Directory. The base is a CSV file filled with Intune devices IDs.

In this blog post, I explain the steps of how the script works.

Get device information

The main goal is to remove devices from Intune and Azure Active Directory. That means we have to modify two different worlds. And that’s exactly what we see in the background. The first step is to get the needed device information based on the CSV file from both worlds. Luckily, both worlds are connected to the same front door called Graph API.

Let’s start with the CSV file that must be imported into PowerShell. The import-CSV read the CSV file content and creates an object for each column. The content is stored in a variable for later use.

$PathToCsv = './devices.csv'
$csv = Import-Csv -Path $PathToCsv

The CSV contains Intune device IDs. That is the first place to look for information. To get Intune device information I use the Graph API managedDevices endpoint. The permissions I need DeviceManagementManagedDevices.Read.All.

A part of the request:

$deleteDeviceIntuneUrl = "'{0}')" -f $intuneDeviceId
$deviceInfo = Invoke-RestMethod -Method Get -Uri $deleteDeviceIntuneUrl -Headers $AuthHeader

A part of the result of this request is shown below. intune-device-result

As shown below, the result contains also an AAD device object id. Because AzureAD device IDs differ from Intune IDs we also need to get the AzureAD information. intune-device-info

Based on that AAD ID we can search in the AAD for the correct device. To search for devices in AzureAD, I use the endpoint below.
$getAadDeviceUrl = "`$filter=deviceId eq '{0}'" -f $deviceInfo.azureADDeviceId
$deviceAadInfo = Invoke-RestMethod -Method Get -Uri $getAadDeviceUrl -Headers $AuthHeader

This request results in the information below.


Remove devices in Intune and Azure AD

We have the correct information from both worlds to delete devices. To delete devices we must send the DELETE method to the Graph API. Because of two worlds, we must send a DELETE request to two endpoints. Intune uses the endpoint below. To delete devices you need DeviceManagementManagedDevices.ReadWrite.All permission.

To point to the correct device just put the ID at the end of the URL between ().


Azure AD instead, uses this endpoint. To delete devices in Azure AD with the Graph API, you need Directory.ReadWrite.All permissions.

To point to the correct device just put the ID at the end of the URL after a /.



In the end, it results in a PowerShell script that accepts a path to CSV. The scripts use the MSAL.PS PowerShell to get an access token with the correct scope. Then, the script imports the CSV content, and per row. it searches for the correct device in Intune and Azure AD. In the same loop, the device is deleted in both worlds.

How to use

The script can be used by the following command:

.\remove-devices.ps1 -PathToCSV .\path\file.csv -Delimiter ";"

You can find the script at:

Thank you for reading my blog delete aad and intune devices based on csv and graph api.
I hope you got a bit inspired. Enjoy your day and happy automating 👋

comments powered by Disqus

Related Posts

Monitor Intune using Azure Functions, PowerShell, Graph API and MS Teams

Intune and the rest of Microsoft Intune are growing. To keep your environment nice, clean and secure it is a good idea to monitor your MEM environment.

Read more

Automate user sign-in experience with company branding

Recently Microsoft redesigned the company branding functionality. That means you have more flexibility in the main layout, full-screen background image for example. But also the ability to change the header, footer and even link relating to self-service password reset, privacy & cookies or Terms of Use.

Read more

Enable Azure Virtual Desktop Insights automated

Azure Virtual Desktop (AVD) Insights is a way to get sight into your AVD environment. In short (from Microsoft), Azure Virtual Desktop Insights is a dashboard built on Azure Monitor Workbooks that helps IT professionals understand their Azure Virtual Desktop environments.

Read more