I’ll be the first to admin, my dev tenant goes between two stages, messy or a disaster. When creating new scripts (especially my copy policy script), I’ll be testing them and end up with duplicate policies, faulty policies or if I have a runaway script, potentially many many duplicate applications.
Every now and then it reaches the point where it needs cleaning up to be manageable. I could go through the GUI, but that’s a lot of clicking about between menus to find everything.
Using my copy script as a very rough base, here is my new script to bulk delete items.
As usual, it’s available on github here
And PSGallery
Install-Script -Name bulk-delete-intuneWhen you run the script, it will go and loop through your environment and give a popup screen with a list of:
- Policies (ADMX, Settings Catalog, Device Restrictions etc.)
- Security Policies
- Applications
- Compliance Policies
- Conditional Access Policies
- Proactive Remediations
- Azure AD Groups (not on-prem synchronised ones)
- Autopilot Profile
- Autopilot ESP
As you can see, the fourth column shows what each item is in case you have used the same name twice.
This has full support for multiple selection using arrays so Ctrl or Shift-click to select multiple
Then simply click OK and it will loop through and delete anything selected
Obviously be careful with this and if you don’t have any sort of backups in place, for anything other than a dev tenant, I would advise sorting those first (guide here)
Happy deleting!
Hey there, getting an error when using bulk delete script. Any ideas as to how to fix? Thanks.
It’s a Settings Catalog
aef2a0cc-3956-4d67-87f8-8f1a092a6315
Get-MgIdentityConditionalAccessPolicy : You cannot perform the requested operation, required scopes are missing in the
token.
Status: 403 (Forbidden)
ErrorCode: AccessDenied
Date: 2024-02-16T00:45:39
Headers:
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 0fe7837f-cdb3-483b-8c92-992e33bc3096
client-request-id : d2067ce9-4bc9-4edc-80f2-59d591abd228
x-ms-ags-diagnostic : {“ServerInfo”:{“DataCenter”:”West
US”,”Slice”:”E”,”Ring”:”4″,”ScaleUnit”:”001″,”RoleInstance”:”BY1PEPF0000669B”}}
Cache-Control : no-cache
Date : Fri, 16 Feb 2024 00:45:39 GMT
At C:\Program Files\WindowsPowerShell\Scripts\bulk-delete-intune.ps1:244 char:17
+ … Get-MgIdentityConditionalAccessPolicy -ConditionalAccessP …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ ConditionalAc… , Headers = }:f__AnonymousType22`4) [Get-MgIden
tityC…ccessPolicy_Get], Exception
+ FullyQualifiedErrorId : AccessDenied,Microsoft.Graph.PowerShell.Cmdlets.GetMgIdentityConditionalAccessPolicy_Get
I have just updated the scopes, can you try the latest version please?
Does running this require a specific Microsoft SKU/license?
No, it shouldn’t do
I force installed 2.0.5 and re-ran bulk-delete-intune however I’m still getting the scopes error. I’ve confirmed I’m super admin.
When you authenticated, did it prompt for the additional scopes?