Remove-Entra-Group-Assignments

1.0

This script connects to Microsoft Graph and removes a specified device object
(from Entra ID / Azure AD) from all directly assigned group memberships.

The script performs the following operations:
- Retrieves all directory objects the device is a member of
- Filters results to only include Entra ID groups
- Identifies and skips dynamic membership groups (cannot be modified)
- Removes the device from all eligible (static) group memberships
- Skips non-group objects such as directory roles or administrative units

This is useful for:
- Device offboarding
- Cleanup of legacy or incorrect group assignments
- Preparing devices for reassignment or re-enrollment workflows
- Maintenance window orchestration scenarios (e.g., kiosk devices)

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name Remove-Entra-Group-Assignments

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More