Bulk Deleting from Intune

I’ll be the first to admin, my dev tenant goes between two stages, messy or a disaster. When creating new scripts (especially my copy policy script), I’ll be testing them and end up with duplicate policies, faulty policies or if I have a runaway script, potentially many many duplicate applications.

Every now and then it reaches the point where it needs cleaning up to be manageable. I could go through the GUI, but that’s a lot of clicking about between menus to find everything.

Using my copy script as a very rough base, here is my new script to bulk delete items.

As usual, it’s available on github here

And PSGallery

Install-Script -Name bulk-delete-intune

When you run the script, it will go and loop through your environment and give a popup screen with a list of:

  • Policies (ADMX, Settings Catalog, Device Restrictions etc.)
  • Security Policies
  • Applications
  • Compliance Policies
  • Conditional Access Policies
  • Proactive Remediations
  • Azure AD Groups (not on-prem synchronised ones)
  • Autopilot Profile
  • Autopilot ESP

As you can see, the fourth column shows what each item is in case you have used the same name twice.

This has full support for multiple selection using arrays so Ctrl or Shift-click to select multiple

Then simply click OK and it will loop through and delete anything selected

Obviously be careful with this and if you don’t have any sort of backups in place, for anything other than a dev tenant, I would advise sorting those first (guide here)

Happy deleting!

12 thoughts on “Bulk Deleting from Intune”

  1. Gettings this error….:
    | ConditionalAccessPolicy with id 5c31c8cb-b5cb-46f4-a4f8-3dd5b7d4dd2b does not exist in the directory. Status:
    | 404 (NotFound) ErrorCode: ResourceNotFound Date: 2024-06-30T15:17:15 Headers: Cache-Control :
    | no-cache Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000
    | request-id : 8faba555-8f2b-49fd-8626-fa5d7896b89c client-request-id :
    | 0e9e1d5a-2d8a-4ae7-ba9c-2bc61e159fcd x-ms-ags-diagnostic : {“ServerInfo”:{“DataCenter”:”Norway
    | East”,”Slice”:”E”,”Ring”:”2″,”ScaleUnit”:”001″,”RoleInstance”:”OSL2EPF00000167″}} Date
    | : Sun, 30 Jun 2024 15:17:15 GMT

    Tried running the script locally and installed from PSgallery – same error 🙁

    Reply
  2. Thanks Andrew, I’m using this in my test environment to quickly cleanup config.

    I also got the “Get-MgIdentityConditionalAccessPolicy : You cannot perform the requested operation, required scopes are missing in the…”

    I found that explicitly changing the graph version to beta in your function fixed the issue for me.

    Reply
  3. I force installed 2.0.5 and re-ran bulk-delete-intune however I’m still getting the scopes error. I’ve confirmed I’m super admin.

    Reply
  4. Hey there, getting an error when using bulk delete script. Any ideas as to how to fix? Thanks.

    It’s a Settings Catalog
    aef2a0cc-3956-4d67-87f8-8f1a092a6315
    Get-MgIdentityConditionalAccessPolicy : You cannot perform the requested operation, required scopes are missing in the
    token.
    Status: 403 (Forbidden)
    ErrorCode: AccessDenied
    Date: 2024-02-16T00:45:39
    Headers:
    Transfer-Encoding : chunked
    Vary : Accept-Encoding
    Strict-Transport-Security : max-age=31536000
    request-id : 0fe7837f-cdb3-483b-8c92-992e33bc3096
    client-request-id : d2067ce9-4bc9-4edc-80f2-59d591abd228
    x-ms-ags-diagnostic : {“ServerInfo”:{“DataCenter”:”West
    US”,”Slice”:”E”,”Ring”:”4″,”ScaleUnit”:”001″,”RoleInstance”:”BY1PEPF0000669B”}}
    Cache-Control : no-cache
    Date : Fri, 16 Feb 2024 00:45:39 GMT
    At C:\Program Files\WindowsPowerShell\Scripts\bulk-delete-intune.ps1:244 char:17
    + … Get-MgIdentityConditionalAccessPolicy -ConditionalAccessP …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: ({ ConditionalAc… , Headers = }:f__AnonymousType22`4) [Get-MgIden
    tityC…ccessPolicy_Get], Exception
    + FullyQualifiedErrorId : AccessDenied,Microsoft.Graph.PowerShell.Cmdlets.GetMgIdentityConditionalAccessPolicy_Get

    Reply

Leave a Comment