How MSPs Can Identify and Manage Unused Devices Without Dedicated Inventory Tools

This guide demonstrates how to manage unused devices without dedicated inventory tools for your organization, or in an MSP client environments. This allows you to find stale devices that are underutilized, freeing up hardware for use. Identifying unused devices also ensures that software licenses and subscriptions are not wasted, and prevents unused devices from becoming a security vulnerability through lack of updates and oversight.

Instructions are provided for using PowerShell to query Microsoft Entra ID and Intune, as well as Active Directory (AD), to find unused devices without dedicated third-party inventory software.

Why you need to detect unused devices in the enterprise

IT teams and managed service providers (MSPs) should regularly scan for unused devices so that they can be recalled or re-assigned to other users. Unused (or ‘stale’) devices increase costs, consuming software licenses and support or warranty contracts with no productivity benefit. They also present an ongoing security and compliance risk as they will be unpatched against the latest threats if they have been offline for a significant amount of time.

While many ITSM and MSP tools include inventory scanning and management, smaller organizations or those still deciding on which platform they’ll base their IT management on may want a lightweight solution for detecting unused devices that doesn’t require third-party tools.

What you need before you start

To perform the steps in this guide, you’ll need the following:

• Admin access to client AD or Azure AD environments
• PowerShell and basic proficiency with PowerShell scripting
• A secure repository for report storage (for example, SharePoint, IT Glue, or NinjaOne Docs)
• Agreement with client stakeholders on thresholds for “inactive” devices
• Optional remote monitoring and management (RMM), such as NinjaOne, for scheduled script execution and reporting

Step #1. Define criteria for an unused device

Before you can tailor the example scripts below for detecting unused devices, you must establish exactly what criteria must be met for a device to be considered stale. This will depend on your organization (or client, if you’re an MSP): some organizations will expect devices to be seen online more regularly than others, and there may be classes of devices that are expected to be offline for longer periods, for example devices used by roaming employees, or spare devices that may need to be periodically brought online for updates.

Frequently used criteria for an inactive device include:

• No sign-in or activity in 60–90 days
• Devices still registered, but offline/stale in AD or Entra ID
• Orphaned AD computer objects (i.e., with no last logon)
• Missing RMM agent check-ins beyond SLA

Step #2. Detect inactive devices via PowerShell

Once you have established these criteria, you can tailor and extend the PowerShell scripts below to automate the detection of unused devices.

Finding unused devices using Microsoft Entra (Azure AD / Intune):

Connect-Entra -Scopes “Device.Read.All”

$threshold = (Get-Date).AddDays(-90)

Get-EntraDevice -All | Where-Object { $_.ApproximateLastSignInDateTime -le $threshold } |

Select DisplayName, ApproximateLastSignInDateTime |

Export-Csv .\stale-devices.csv -NoTypeInformation

Finding unused devices using Active Directory:

$days = 90

$time = (Get-Date).AddDays(-$days)

Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonDate |

Select Name, LastLogonDate |

Export-Csv .\inactive-computers.csv -NoTypeInformation

You can then add other criteria that are specific to your use-case.

Step #3. Consolidate, automate, and report findings

Once you have generated CSV data listing unused devices using PowerShell scripting, you can store it in a consistent format for later reporting. For example, you may store this information in the following format:

You can then upload this data to a secure location and leverage analysis and reporting tools like Excel or Power BI to track the status of unused devices.

Automation eliminates the recurring task of identifying stale devices, allowing you to receive generated reports that tell you if there are unused devices that need to be removed, wiped, or recalled. This can be done using Windows’ built-in scheduling tools, or using your RMM platform to take inventory, generate reports, and send alerts. RMM with integrated ticketing can also automatically create tickets when thresholds are exceeded to ensure support action is taken promptly.

Best practices for managing stale devices

To prevent data loss and to stop devices from unintentionally becoming unmanaged, you should avoid immediately deleting devices that are detected as unused or inactive. Instead, they should be moved into a separate organizational unit for tracking, and then any permissions or access granted to the device (and optionally, the user account of its primary user if that is also inactive) revoked. If the device was erroneously marked inactive, the user will no doubt notify you of the mistake once they can no longer use it. After a set period of time (for example, 30-60 days), the device can then be fully removed from your systems if it has not been seen, recalled, or reassigned.

MSPs should integrate the reporting of unused devices into quarterly business reviews (QBRs), presenting stale device trends, validating the current thresholds, and agreeing on what is to be done with detected devices.

The lightweight stale-device detection methods described in this article provide the following benefits, following best practices:

Whenever an unused device is identified or removed, you should ensure that asset records and support tickets are updated with the decision and final action.

NinjaOne automates device inventory, helps you track down unused devices, and improves IT cost efficiency

The NinjaOne suite of IT and MSP tools includes RMM, mobile device management (MDM), and endpoint management with built-in hardware and software inventory and automated reporting. You can filter devices by status, type, and role, as well as add custom fields and tag devices for quick differentiation. This can be done for a single organization or across tenants for MSPs.

NinjaOne also lets you deploy PowerShell scripts via policies to collect additional device data to determine whether they are fully utilized, and create automated alerts and tickets when devices breach defined thresholds. You can send consolidated information to NinjaOne Docs for long-term evaluation, and embed unused device metrics in your QBR dashboards for client visibility.

Many MSPs choose RMM platforms with built-in inventory rather than relying on heavy, dedicated inventory platforms to detect stale devices and track hardware lifecycles. For those who are working with small deployments and do not need to scale, PowerShell scripting offers a workable, lightweight alternative.