-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRemove-IntuneDevices.ps1
201 lines (174 loc) · 7.15 KB
/
Remove-IntuneDevices.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
[CmdletBinding(DefaultParameterSetName = "All")]
Param (
[Parameter(HelpMessage = "Path to CSV file with column named SerialNumber", Position = 0)]
[string] $CSVPath,
[Parameter(HelpMessage = "Also remove devices from Autopilot and Azure AD (True or False)")]
[switch] $AutopilotAAD,
[Parameter(HelpMessage = "Interactive mode (True or False)")]
[switch] $Interactive
)
# Function to get path of a CSV file using a graphical file picker
function Get-CsvPath {
param (
[string]$Title = "Choose .CSV file with SerialNumber column"
)
$FileBrowser = New-Object System.Windows.Forms.OpenFileDialog -Property @{
InitialDirectory = [Environment]::GetFolderPath("Desktop")
Filter = "CSV files (*.csv)|*.csv"
Multiselect = $False
Title = $Title
}
# Send to null to avoid "Cancel" or "OK" being prepended to return value
$null = $FileBrowser.ShowDialog()
Return $FileBrowser.FileName
}
# Open file picker if path is not specified
Add-Type -AssemblyName System.Windows.Forms
if (-Not $CSVPath -and -Not $Interactive) {
$AutopilotAAD = $false
$CSVPath = Get-CsvPath -Title "CSV to remove from Intune (or Cancel for Autopilot/AAD removal). Must have SerialNumber column."
if (-Not $CSVPath) {
$AutopilotAAD = $true
$CSVPath = Get-CsvPath -Title "CSV to remove from Intune, Autopilot, and AzureAD. Must have SerialNumber column."
}
}
# Import CSV
if (-Not $Interactive) {
Try {
$ImportedData = Import-Csv $CSVPath
# Output type of removal
Write-Host "Import succesful. Devices will be removed from " -NoNewline
if ($AutopilotAAD) {
Write-Host "Intune, Autopilot, and Azure AD" -ForegroundColor Cyan -NoNewline
}
Else {
Write-Host "Intune" -ForegroundColor Cyan -NoNewline
}
Write-Host "."
}
Catch {
Write-Host "Error importing CSV" -ForegroundColor Red
$Interactive = $true
}
}
# Get serial numbers from user interactively
if ($Interactive) {
# Interactive mode
Write-Host "Interactive mode. Enter serial numbers to remove from Intune. Enter a blank line when finished."
$ImportedData = @()
$SerialNumber = "-"
# Get serial numbers until user enters blank line
while ($SerialNumber -ne "") {
$SerialNumber = Read-Host "Enter serial number"
if ($SerialNumber -ne "") {
$ImportedData += [PSCustomObject]@{
SerialNumber = $SerialNumber
}
}
}
}
# Make sure CSV contains proper column
if ("SerialNumber" -notin ($ImportedData[0].psobject.Properties).name) {
Write-Host "CSV does not contain column SerialNumber" -ForegroundColor Red
Exit
}
# Set logging path and output to terminal
try {
$LogPath = $(Split-Path $(Resolve-Path $CSVPath)) + "\Log_" + $(Get-Date -Format "yyyy-MM-dd_hh-mm-ss") + ".csv"
}
catch {
$LogPath = $PSScriptRoot + "\Log_" + $(Get-Date -Format "yyyy-MM-dd_hh-mm-ss") + ".csv"
}
Write-Host "Results will be logged to " -NoNewline
Write-Host $LogPath -ForegroundColor Cyan
# Load required modules
Write-Host "Importing Graph..."
Import-Module Microsoft.Graph.Intune –ErrorAction Stop
# Authenticate with Intune
Write-Host "Authenticating with MS Graph..."
Connect-MgGraph -Scopes "DeviceManagementServiceConfig.ReadWrite.All", "DeviceManagementManagedDevices.ReadWrite.All", "Directory.AccessAsUser.All" -ErrorAction Stop
# Iterate through computers
foreach ($CurrentComputer in $ImportedData) {
$SerialNumber = $CurrentComputer.SerialNumber.ToUpper()
# Info for logging
$DeviceLog = [PSCustomObject]@{
SerialNumber = $SerialNumber
Intune = "Not attempted"
Autopilot = "Not attempted"
AzureAD = "Not attempted"
}
Write-Host "Processing " -NoNewline
Write-Host $($SerialNumber) –ForegroundColor Cyan -NoNewline
Write-Host "..."
# Delete from Intune
Try {
# Find device/s in Intune
$DeviceLog.Intune = "Not found"
$IntuneDevices = Get-MgDeviceManagementManagedDevice –Filter "SerialNumber eq '$SerialNumber'" –ErrorAction SilentlyContinue
# Delete from Intune
foreach ($IntuneDevice in $IntuneDevices) {
$DeviceLog.Intune = "Found"
Try {
Remove-MgDeviceManagementManagedDevice –ManagedDeviceId $IntuneDevice.Id –ErrorAction SilentlyContinue
$DeviceLog.Intune = "Deleted"
Write-Host "Deleted $($IntuneDevice.deviceName) from Intune" –ForegroundColor Green
}
Catch {
$DeviceLog.Intune = "Error deleting"
Write-Host "Error deleting $($IntuneDevice.deviceName) from Intune" –ForegroundColor Red
$_
}
}
}
Catch {
$DeviceLog.Intune = "Error finding"
Write-Host "Error finding $SerialNumber in Intune" –ForegroundColor Red
$_
}
# Delete from Autopilot and AAD if -AutopilotAAD
if ($AutopilotAAD) {
Try {
# Find in Autopilot
$DeviceLog.Autopilot = "Not found"
$AutopilotDevices = Get-MgDeviceManagementWindowsAutopilotDeviceIdentity -Filter "contains(SerialNumber,'$SerialNumber')"
# Remove from Autopilot if found; also attempts AAD removal
foreach ($AutopilotDevice in $AutopilotDevices) {
$DeviceLog.Autopilot = "Found"
Try {
Remove-MgDeviceManagementWindowsAutopilotDeviceIdentity -WindowsAutopilotDeviceIdentityId $AutopilotDevice.Id -ErrorAction SilentlyContinue
$DeviceLog.Autopilot = "Deleted"
Write-Host "Deleted $($AutopilotDevice.Id) from Autopilot" -ForegroundColor Green
}
Catch {
$DeviceLog.Autopilot = "Error deleting"
Write-Host "Error deleting $($AutopilotDevice.Id) from Autopilot" -ForegroundColor Red
$_
}
# Look for device in AAD
$DeviceLog.AzureAD = "Not found"
$AADDevice = Get-MgDevice -Filter "DeviceId eq '$($AutopilotDevice.AzureActiveDirectoryDeviceId)'"
# Delete device if found
if ($AADDevice) {
$DeviceLog.AzureAD = "Found"
Try {
Remove-MgDevice -DeviceId $AADDevice.Id -ErrorAction SilentlyContinue
$DeviceLog.AzureAD = "Deleted"
Write-Host "Deleted $($AADDevice.Id) from Azure AD" -ForegroundColor Green
}
Catch {
$DeviceLog.AzureAD = "Error deleting"
Write-Host "Error deleting $($AADDevice.Id) from Azure AD" -ForegroundColor Red
$_
}
}
}
}
Catch {
$DeviceLog.Autopilot = "Error finding"
Write-Host "Error finding $SerialNumber in Autopilot"
$_
}
}
# Add to log file
Export-Csv -Path $LogPath -InputObject $DeviceLog -Append -NoTypeInformation
}