Every time when you rebuild (reinstall Windows and Intune client) a corporate PC witch was already managed by Intune a duplicate computer record is added to Intune database. Now we manually removing duplicates every month. Can you automate it?
Noted? The systems ability to display devices, so those devices can be managed, is the core of what Intune is for. If we have duplicates, can't tell which device is which, we can't secure devices.
It seems it was implemented already, and as some people commented here, I see it more inconvenient, I prefer to identify the devices by ID.
So, I can enroll a device and have duplicate names, but each enrolled device will be unique.
Elliot Smith commented
+1 for this issue. IOS DEP enrolled devices have the same behaviour. If an IOS device is wiped from the device and the command is not sent from Intune, and then re-enrolled it creates a duplicate device record. It would be preferable if intune was able to match up the old record to the device and make the re-enrolled device use the old record.
we have 5000+ IOS devices and i'm constantly clearing out invalid records.
A lot of us use the data from intune for asset management too. which makes keeping the data in intune clean a priority for us.
Checkout this new Modern MDM tool we are using, they allow you to remove endpoints if any, because by design, they don't allow duplicate computer names, but if you have multiple computer names with same serial number, you can remove them one a time or in a bulk, plus you can setup a policy to remove devices that haven't checked in for a period of time.
The best thing would to not have dublicates appear in the first place.
An option to default set the field Management name to serial number instead of a value like
<user>_MacOS_3/9/2020_9:57 AM wich will create a dublicate every time a device is enrolled
Jim Blau commented
This is true not just for Windows devices, but for all supported OSes.
To respond to ON's input below, this issue has many impacts; the most important to me are:
- Reporting -- e.g. group membership numbers and app install data are not correct when duplicates are present.
- Licensing -- duplicate objects retain app licenses that they aren't using.
- Wasted time -- if you need to locate a specific device, e.g to remotely lock it, it's tedious to look through duplicates to find the correct one.
So it's not an issue of just seeing multiple object with the same name; that can certainly happen -- it's an issue of seeing multiple objects that have the same hardware info, including serial number, IMEI, etc, only one of which is "real" and current. It's true that these devices get different Device IDs, but that's not helpful in determining which are "dead" duplicates.
The dead objects will eventually get purged via Device Cleanup Rules, but there's no reason to keep known duplicates around in most use cases.
We could use PowerShell to do this by comparing the Last Contact attribute for devices with the same serial number, but it would be great to have a "remove duplicates" feature in the GUI to do this. (You would want to be able to review the results before committing them, of course...)
Brandon Peek commented
Adding another common for macOS devices which as suffering a similar fate.
I agree. I've removed the wrong device several times when attempting to clean this up.
I still do not get why these "duplicates entries" have an impact on your side... I get the point that some entries have an identical "deviceName" attribute, but technically, they have a different ID attribute!
If you run a GET query "https://graph.microsoft.com/v1.0/devicemanagement/managedDevices", you will certainly see/understand this. The fact that Azure Intune GUI shows you several devices with same string inside the "Device name" column, is sth you must deal with. The old times where you relied on AD/LDAP where you must had a unique computer name, is gone. Now it is the "ID" of the object that is unique.
The same would happen if you have 10 machines enrolled by 10 employees to Intune, and suddenly they all decide to rename their computer to "My computer" for fun : you will end up with 10 entries in Intune for your 10 computers having the same "Device Name", but what impact does it really have on your side?
So IMO, there is nothing to fix, nor to improve here.
Intune should retire devices based on Serial number & enrollment date. Move all dup. devices with older dates to a new "Retired" section?
Tristan van Onselen commented
Their is a possibility to remove the duplicated serial numbers via the PowerShell CMDlet. An example is described at the blog below.
@Brian : There is already a feature that deletes old devices, called "Automatic device cleanup". Unfortunately, we also found it is not working like explained in the docs, and have a ticket open since few days on this...
The stuff that you or Sergey noticed, is not a bug : every device is uniquely identified through its "device.id", not through its serial number.
Unfortunately, there is no technical way for Intune to magically guess if a device object must be immediately deleted from the DB, after you enroll it one more time.
For mobile devices, it is obviously difficult to "clone" such hardware. But if you are working with Windows VMs, and especially with snapshots, then you get the point that 1 serial number can represent more than 1 device from Intune device object point-of-view. Not even talking about working with snapshots, make it even more difficult to keep 1 unique Intune record.
FYI : nearest MDM Microsoft competitor operates the same way : if you enroll several times the same device, you end up with several times the same SN in your DB. This is just a habit to modify, compared to what you are used to in on-prem AD world.
Brian McFarlane commented
Same problem exists for MacOS devices. A setting that auto deleted duplicate serial number devices that haven’t been active in X days would do the trick.
Has anyone found a way to script this type of thing?
Julien HACQUARD commented
Same issue really painfull and my technical director expect really more from this product so at this time for him this is not ready to be use in a production environment. Sad situation. You have an easy way to discover the machines per their serial number so do a match should not be so ******* your side during the enrollment.
Please answer us. This request for Sergey has 2 years and since i know the product this has always be like that unfortunately.
Kaye Cee commented
We have the same issue. I raised a ticket with MS Intune support but it seems like they don't know the solution to this problem. (FYI we're not subscribed to MS Azure A.D.)
We are having the same issue but instead we are managing iphones, same as above it seems to duplicate when you try to enroll a device which was managed before. Also Intune does sometime say the device is being deleted but it takes such a long time for intune to remove a device. Any way to force the purge or to do a sync?