What Are Stale Devices in Azure—and Why You Should Clean Them Up

As your organization grows and users come and go, so do their devices. But what happens to all those old laptops, virtual machines, and test devices that are no longer in use? Often, they stick around in Azure Active Directory (now called Microsoft Entra ID) like digital ghosts. These are what we call stale devices—and they can quietly become a security risk or a compliance headache if left unmanaged.

In this post, we’ll break down what stale devices are, how to spot them using Entra ID’s built-in tools, how to delete them manually, and how to automate cleanup if needed.

What Are Stale Devices?

Stale devices are:

• Devices that haven’t signed in for a long time.

• Duplicates from re-enrollment or improper joining.

• Leftovers from offboarded users.

• Machines that are no longer actively managed.
  

These devices still exist in your directory, cluttering it up and potentially leaving behind identity and access vulnerabilities.

Spotting Stale Devices in Entra ID

Built-in “Stale Devices” View in Microsoft Entra ID

Microsoft has made it simple to find stale devices with a dedicated dashboard:

1. Go to the Microsoft Entra admin center

2. Navigate to Identity > Devices > Overview

3. Click the “Stale devices” section on the right
   

This automatically filters and displays devices that haven’t signed in within your organization’s defined inactivity threshold (commonly 90 days). No PowerShell required.

This is the fastest way to get a real-time view of inactive devices in your directory.

PowerShell Option

For advanced scenarios or custom reporting, PowerShell can also help:

Connect-AzureAD
Get-AzureADDevice | Where-Object { $_.ApproximateLastLogonTimeStamp -lt (Get-Date).AddDays(-90) }

You can also use the Microsoft Graph PowerShell module (Get-MgDevice) for more modern, flexible queries.

How to Delete Stale Devices Manually

1. Go to Identity > Devices > Overview

2. Click “Stale devices”

3. Select one or more devices you want to remove

4. Click Delete
   

This action removes the device object from your Entra ID tenant, helping you clean up the environment and reduce clutter.

Automating Device Cleanup

To configure automatic removal of stale devices:

1. Go to Microsoft Entra ID > Devices > Device Settings

2. Enable the setting: "Delete devices after x days of inactivity"

3. Set your desired threshold (for example, 90 or 180 days)
   

This setting ensures Entra ID automatically deletes devices that haven't signed in within the configured period.

Make sure you review your stale devices list before enabling auto-deletion in production environments.

Final Tips

• Review and clean stale devices on a regular schedule, such as quarterly.

• Document your cleanup policy, especially your inactivity threshold.

• Tag essential or test devices with a naming convention or metadata to avoid accidental deletion.
  

Conclusion

With the built-in Stale Devices view in Microsoft Entra ID, managing inactive or forgotten devices has never been easier. Regular cleanup reduces risk, improves reporting, and helps you maintain a secure and organized cloud environment.

If you'd like help creating scripts, reports, or policies to streamline this process, feel free to reach out.