Duplicate AzureAD Device Cleanup

When you swap a device by reimaging or reinstalling, the Hardware ID stays the same. This results in multiple Device Entries in Azure AD and causes issues with Conditional Access as Intune thinks the older version isn’t actually compliant even though Intune just has 1 record.

Most methods (such as Nicola’s) to combat this is by cleaning up stale devices in Azure AD based on their last Active Date. However, the downside of this method is that it may touch devices which weren’t duplicates, just dormant during, e.g. a vacation. Additionally, a bug in AzureAD can cause the older duplicate’s active date to be updated instead of the correct device.

The following script detects duplicates based on the Hardware ID and registration date instead and disables all but the most recent entry. It can supplement stale device removal based on Last Activity.

Note: only works for Windows registered devices.

Git: disable-duplicateAzureAdDevices.ps1

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

5 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Eduardo Pardo Blasco
Eduardo Pardo Blasco
8 months ago

Hi Jos, Do you know it thereĀ“s any method/feature to prevent it, rather than have to run scripting from time to time to cleanup.
Thanks!

Nick
Nick
8 months ago

Hello Jos!

I am kind of new to scripting with PS.

  • Can I also just create an overview of devices that are duplicated instead of disabling them directly etc?

That would make it really helpfull just to create an overview of the devices that are duplicated and afterwards take action.

I hop to hear soon from you!