I was wondering if it's possible to automate add/remove group memberships from devices?
Basic concept: I have a bunch of devices with a certain group-role. I want to remove this group role from a device if the device display name matches a record in a .csv file. How would I approach this?
extra info: Azure AD joined devices.
• Yes, you can add/remove devices which is a member of multiple groups in Azure AD. But you need to maintain a file, i.e., a csv file as you said for each group that exists in your environment. You can also create a custom role assignment for this purpose and assign it the ‘microsoft.directory/groups/members/update’ permissions so that the user which is assigned this role assignment will have privileges to only update(add/delete/modify) the groups in Azure AD.
• For this purpose, you can use the below script by logging into Azure Powershell through the custom role assigned user id and executing it by locating the correct csv file for the respective groups to remove the device from the respective group. Also, request you to download the updated CSV file for the group from which devices are to be removed from Azure AD.
‘ $cred=Get-credentials
Connect-AzureAD $cred
$devices=Import-Csv -Path ‘<Path of the csv file containing group members
details>’
foreach($device in $devices){
Remove-AzureADGroupMember -ObjectId “ObjectID of the Group” -MemberID
$device.ObjectId
} '
• However, you will have to use ‘Object ID’ parameter of the device rather than ‘Display Name’ as display name as an argument is not supported in ‘Remove members from group’ operation.
Please refer the below link for more details: -