Cleanup stale devices in Microsoft Intune

I have a tenant I haven’t used in quite some time and the devices that are currently registered no longer exist. They were VMs that have long since been discarded. It is possible to cleanup devices that haven’t triggered any activity in a set amount of time.

In the Intune blade, go to Devices – Azure AD Devices. Under setup, click Device cleanup rules. Here you can configure what triggers device cleanup. It is hard to say what is the best threshold to pick. That depends on user habits within an organization. Some devices are purposely only active during specified periods and you may not want them to be removed. The consequence of deleting the devices is that as an administrator, you lose control of the device (such as the ability to reboot it, or wipe it) and as a user, you lose access to corporate resources (such as Office 365). In my lab, I’m ok with 30 days as these devices are just VMs, and are solely for testing scenarios.

If you want more information about device cleanup, there is a great article available about managing stale devices: https://docs.microsoft.com/en-us/azure/active-directory/devices/manage-stale-devices

An important takeaway from the article is that the timestamp is for device lifecycle and isn’t as current as the timestamp you’ll find in the sign-in audit log. If your threshold for deleting devices doesn’t take this into consideration, you could accidentally delete a device that is still active.