How to Automatically Cleanup Intune Device | EndPoint Manager

by

This post will show how to configure cleanup intune device rules in the Intune portal (a.k.a Endpoint Manager portal). As Intune Admins, we often get many inactive and stale Intune records due to the nature of test device enrollments. To keep Intune environment and reports current by cleaning up these stale devices. You can configure the automatic Intune device cleanup rules, which cleans up inactive, orphaned, or obsolete devices and has not checked in recently.

The rule allows us to automatically choose between 30 and 270 days to remove inactive/obsolete device records from Intune. These cleanup rules continuously monitor your device inventory so that your device records stay current.

Before proceeding to next step, It’s important to know few points. According to Microsoft

  • Device cleanup rules don’t support Android Enterprise devices, including fully managed, dedicated, corporate-owned work profile, and personally-owned work profile.
  • If a removed device checks in before its device certification expires, it will reappear in the console.
  • The device clean-up rule doesn’t trigger a wipe or retire.

Intune Device Cleanup Rules

How to Automatically Cleanup Intune Device | Endpoint Manager
How to Automatically Cleanup Intune Device | Endpoint Manager
  • Under Device cleanup rules, In Delete devices based on last check-in date. Select Yes. When set to Yes, Intune deletes devices based on the custom number of days you specify.
  • In the Delete devices that haven’t checked in for this many days box, enter a number between 30 and 270.
How to Automatically Cleanup Intune Device | Endpoint Manager
How to Automatically Cleanup Intune Device | Endpoint Manager
  • Choose View affected devices. Based on the above specified days, you can see the list of devices that haven’t checked in for 60 days.
  • You can also export the list of inactive device records from Intune before configuring the device cleanup rules, By clicking the Export button located under Affected devices.

By clicking View affected devices, you can validate a list of inactive/obsolete device records from Intune that will automatically remove by device cleanup rules.

How to Automatically Cleanup Intune Device | Endpoint Manager
How to Automatically Cleanup Intune Device | Endpoint Manager
  • After you click Save, Once this rule is enabled, Intune will automatically remove all devices that have been inactive for the number of days you set.

⚠️Important – After you click Save, all devices that have been inactive for the specified number of days will immediately be deleted from Intune. Intune will continue to delete devices as they exceed the number of set days. Reports with data about the deleted devices may take up to 48 hours to refresh.

How to Automatically Cleanup Intune Device | Endpoint Manager
How to Automatically Cleanup Intune Device | Endpoint Manager

Intune Device Cleanup Rules FAQs

Microsoft listed out Intune Device Cleanup Rules Frequently Asked Questions (FAQs) to clarify device types affected from device cleanup configuration, I will recommend you to read once –

What happens behind the scene for Device Cleanup rules?

After the Intune Service Admins enable the rule, Intune services run a background job every few hours to remove all applicable devices from the Intune portal. They won’t show up in any Intune blade or device list anymore.

What device types get affected from this device cleanup?

Device cleanup rules aren’t available for Jamf-managed devices and Android Enterprise scenarios like Fully Managed, Dedicated, and Corporate-Owned with Work Profile. All other enrolled devices, including MDM, EAS/MDM, MDM/SCCM (Co-Management) devices, will be removed. This includes registered devices and devices whose approval is pending.

Does this device cleanup rule perform device wipe or retire?

No, this automatic rule only removes the devices from the Intune portal, which are inactive for the specified number of days.

Is it possible to have devices removed by the device cleanup rule to come back in some scenarios?

Yes, it is possible that some devices can come back in the Intune portal as there are service criteria to auto-recover the cleaned-up devices if they check-in to the Intune service recently. The purpose of this behavior is to recover devices owned by somebody that took a long leave (e.g., Extended vacation, sabbatical, maternity leaves). The grace period for the device to show up in the Intune portal again is before the device cert expires, which is 180 days.  If you do not want devices to check back in, consider filtering for stale devices, and bulk delete from the All devices view instead.

Resources

Leave a Comment