If you’re managing Windows 365 (W365) Cloud PCs using Intune in a large Enterprise environment, you may run into a scenario where you need to decommission a large number of Cloud PCs at once. This could be for any number of reasons, but Microsoft doesn’t give you a Bulk Device action in the Intune GUI to be able to End Grace Period. This is where PowerShell comes in!
I struggled with this one a little bit because the Stop-MgDeviceManagementVirtualEndpointCloudPcGracePeriod cmdlet wasn’t working for me in my early efforts. I ended up trying a couple other methods to end the grace period, but nothing worked. I came back to the script the next morning and tried Stop-MgDeviceManagementVirtualEndpointCloudPcGracePeriod again and it worked!
While I was trying to figure things out, I had tried installing and importing a couple different modules as you’ll see in the code below. I have them commented out, but if the script doesn’t work for you as-is, you may need to install and import these additional modules.
But alas! We have a working script!
$MaximumFunctionCount = 32768
$MaximumVariableCount = 32768
# Install Module(s)
#Install-Module Microsoft.Graph -Scope AllUsers -AllowClobber -Force
#Install-Module Microsoft.Graph.Beta -Scope AllUsers -AllowClobber -Force
Install-Module Microsoft.Graph.DeviceManagement -Scope CurrentUser -AllowClobber -Force # Use this
# Import Module(s)
#Import-Module Microsoft.Graph -Force
#Import-Module Microsoft.Graph.Beta -Force
#Import-Module Microsoft.Graph.DeviceManagement
Import-Module Microsoft.Graph.Beta.DeviceManagement.Administration # Use this
# Sign In to Azure
Connect-MgGraph -Scopes "CloudPC.ReadWrite.All"
# Above here you should only need to run once via PowerShell ISE.
# Highlight and run the code below this line to process any Cloud PCs you want to end grace period for.
# Get CloudPCs in Grace Period
$cloudPCsInGracePeriod = Get-MgBetaDeviceManagementVirtualEndpointCloudPc -All | Select-Object Id, AadDeviceId, ManagedDeviceId, GracePeriodEndDateTime, DisplayName | Where-Object { $_.GracePeriodEndDateTime -ne $null }
# End Grace Perdiod
$max = 100 # Set this to whatever number of devices you want to end Grace Period on at a time.
if ($cloudPCsInGracePeriod) {
Write-Host "Found $($cloudPCsInGracePeriod.Count) CloudPCs in Grace Period. Processing $max Cloud PCs..." -ForegroundColor Yellow
$i = 1
forEach ($cloudPC in $cloudPCsInGracePeriod) {
try {
if ($i -le $max) {
Write-Host "Processing $($cloudPC.Id)..." -ForegroundColor Cyan
Stop-MgDeviceManagementVirtualEndpointCloudPcGracePeriod -CloudPcId $($cloudPC.ID) #-WhatIf
Write-Host "Grace period ended for $($cloudPC.DisplayName)" -ForegroundColor DarkGray
}
}
catch {
Write-Host "Error ending grace period for $($cloudPC.Id): $($_.Exception.Message)"
}
$i++
}
}
else {
Write-Host "No CloudPCs currently in Grace Period." -ForegroundColor Yellow
return
}You can find more info about the Microsoft.Graph.Beta.DeviceManagement modules at https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.devicemanagement.administration/?view=graph-powershell-1.0.
Happy computing!