janegilring · July 12, 2021 17:45
diff --git a/Invoke-UserOffboarding.ps1 b/Invoke-UserOffboarding.ps1
 param(
    $UserPrincipalName
 )

 try {

    Import-Module -Name AzureAD -ErrorAction Stop
    Import-Module -Name MSGraphIntuneManagement -ErrorAction Stop


 }
 catch {

    throw 'Prerequisites not installed (AzureAD or MSGraphIntuneManagement PowerShell module not installed'

 }

 $IntuneCredential = Get-AutomationPSCredential -Name Intune
 $IntuneClientId = Get-AutomationVariable -Name Intune-Client-Id

 $Token = Get-MSGraphAuthenticationToken -Credential $IntuneCredential -ClientId $IntuneClientId

 Write-Output "Authenticating to Microsoft Graph API"

 # Get an Azure Active Directory User we want to retrieve Intune devices for
 $AzureADUser = Get-MSGraphAzureADUser -UserPrincipalName $UserPrincipalName -AuthenticationToken $Token

 Write-Output "Found user $($AzureADUser.displayName) in Azure AD"

 # User`s devices for targeting a remote action
 $Devices = Get-MSGraphIntuneUserDevice -UserID $AzureADUser.Id -AuthenticationToken $Token
 
 # Invoke a reboot action (other available actions include RemoteLock,ResetPasscode, and FactoryReset)
 $Devices | Foreach-Object {

    switch ($PSItem.chassisType) {

        'mobile' {

            Write-Output "Invoking action RemoveCompanyData on device $($PSItem.deviceName)"
            Invoke-MSGraphIntuneDeviceAction -RemoveCompanyData -DeviceID $PSItem.id -AuthenticationToken $Token
                                
        }

        default {

            Write-Output "Invoking action FactoryReset on device $($PSItem.deviceName)"
            Invoke-MSGraphIntuneDeviceAction -FactoryReset -DeviceID $PSItem.id -AuthenticationToken $Token

        }
    }
 }

 # Remove user
 Write-Output "Removing user from Azure Active Directory"

 Connect-AzureAd -Credential $IntuneCredential

 Start-Sleep 1800 # Allow some time to remote wipe to be initiated - won`t succeed if user is deleted

 Remove-AzureADUser -ObjectId $AzureADUser.Id
	param(
	$UserPrincipalName
	)

	try {

	Import-Module -Name AzureAD -ErrorAction Stop
	Import-Module -Name MSGraphIntuneManagement -ErrorAction Stop


	}
	catch {

	throw 'Prerequisites not installed (AzureAD or MSGraphIntuneManagement PowerShell module not installed'

	}

	$IntuneCredential = Get-AutomationPSCredential -Name Intune
	$IntuneClientId = Get-AutomationVariable -Name Intune-Client-Id

	$Token = Get-MSGraphAuthenticationToken -Credential $IntuneCredential -ClientId $IntuneClientId

	Write-Output "Authenticating to Microsoft Graph API"

	# Get an Azure Active Directory User we want to retrieve Intune devices for
	$AzureADUser = Get-MSGraphAzureADUser -UserPrincipalName $UserPrincipalName -AuthenticationToken $Token

	Write-Output "Found user $($AzureADUser.displayName) in Azure AD"

	# User`s devices for targeting a remote action
	$Devices = Get-MSGraphIntuneUserDevice -UserID $AzureADUser.Id -AuthenticationToken $Token

	# Invoke a reboot action (other available actions include RemoteLock,ResetPasscode, and FactoryReset)
	$Devices \| Foreach-Object {

	switch ($PSItem.chassisType) {

	'mobile' {

	Write-Output "Invoking action RemoveCompanyData on device $($PSItem.deviceName)"
	Invoke-MSGraphIntuneDeviceAction -RemoveCompanyData -DeviceID $PSItem.id -AuthenticationToken $Token

	}

	default {

	Write-Output "Invoking action FactoryReset on device $($PSItem.deviceName)"
	Invoke-MSGraphIntuneDeviceAction -FactoryReset -DeviceID $PSItem.id -AuthenticationToken $Token

	}
	}
	}

	# Remove user
	Write-Output "Removing user from Azure Active Directory"

	Connect-AzureAd -Credential $IntuneCredential

	Start-Sleep 1800 # Allow some time to remote wipe to be initiated - won`t succeed if user is deleted

	Remove-AzureADUser -ObjectId $AzureADUser.Id