When you swap a device by reimaging or reinstalling, the Hardware ID stays the same. This results in multiple Device Entries in Azure AD and causes issues with Conditional Access as Intune thinks the older version isn’t actually compliant even though Intune just has 1 record.
Most methods (such as Nicola’s) to combat this is by cleaning up stale devices in Azure AD based on their last Active Date. However, the downside of this method is that it may touch devices which weren’t duplicates, just dormant during, e.g. a vacation. Additionally, a bug in AzureAD can cause the older duplicate’s active date to be updated instead of the correct device.
The following script detects duplicates based on the Hardware ID and registration date instead and disables all but the most recent entry. It can supplement stale device removal based on Last Activity.
Note: only works for Windows registered devices.
I’m Confused,
Your script found a lot of dupes, but some that it found I don’t see in Azure.
Example:
Should disable Stale device Intune-fz0Y0gsM with last active date: 08/29/2022 12:59:16
but Azure shows 2 devices and they do not have that active date:
Hi,
This is really useful. Would it be possible to get another version of this to clear up duplicate Android Phone devices as well please?
Hi Jos, Do you know it thereĀ“s any method/feature to prevent it, rather than have to run scripting from time to time to cleanup.
Thanks!
Hello Jos!
I am kind of new to scripting with PS.
That would make it really helpfull just to create an overview of the devices that are duplicated and afterwards take action.
I hop to hear soon from you!