How to Remove Linked Devices from Your Microsoft Account

Learning how to remove linked devices from your Microsoft account helps you control access, speed up offboarding, and keep audits manageable. For most IT teams and MSPs, though, this work spans personal Microsoft accounts, Entra ID–joined devices, and cross-device features like Phone Link, often across hundreds or thousands of endpoints.

When device cleanup is inconsistent, your old devices stay associated with user accounts longer than they should. Those devices then continue syncing data, appear in access reviews, or retain valid tokens. Over time, that leads to additional audit findings, longer offboarding cycles, and unnecessary security exposure.

Managing this well means knowing how to unlink Windows devices from Microsoft accounts, unlink Phone Link connections, and automate device removal so cleanup doesn’t depend on manual effort.

Why remove linked devices from a Microsoft account

Every linked device represents ongoing trust. When a device is no longer in use, that trust needs to end just as reliably as user access does.

Devices that remain tied to Microsoft accounts after a user leaves or hardware is replaced can:

• Complicate conditional access enforcement
• Appear as exceptions during audits
• Trigger sync issues and support tickets
• Blur the line between managed and unmanaged assets

Removing linked devices from a Microsoft account helps you keep sign-in control tight, maintain accurate inventories, and close out access cleanly during offboarding. It also reduces the time spent reconciling device lists during reviews because only active assets remain associated with accounts.

How to remove linked devices from the Microsoft account portal

For individual users or one-off cleanup, the Microsoft account portal lets you quickly remove a device from your account. This method works well when you’re handling a small number of devices, but doesn’t scale for larger environments.

Unlink a Windows device from a Microsoft account

To manually unlink a Windows device from a Microsoft account:

1. Sign in to the Microsoft account devices page.
2. Under “Your devices,” find the device you want to remove.
3. Select “Remove device” and confirm.

This removes the device from the Microsoft account and disables features like “Find my device.” It does not wipe the device or sign the user out of Windows.

In managed environments, follow up by retiring or unjoining the device from Entra ID or Intune, since removing the portal entry alone doesn’t fully remove access for managed endpoints.

Microsoft Phone Link: Remove a device

Phone Link creates a separate connection between a Windows device and a mobile phone. This connection often survives hardware refreshes or role changes if it isn’t addressed directly.

To remove a Phone Link connection, sign out of the Phone Link app on the Windows device. This stops notifications, calls, messages, shared clipboard access, and app streaming between the phone and the PC.

Use this step whenever you need to ensure messages and notifications no longer appear on a Windows session after a user changes roles or leaves the organization.

Automating removal of linked devices at scale

Manual cleanup doesn’t really work when you manage many endpoints or multiple tenants. Automation gives you a consistent way to remove linked devices from a Microsoft account without relying on individual follow-through.

Prepare Microsoft Graph API access for device removal

Microsoft Graph gives you control over Entra ID devices, including the ability to delete device objects. Set up a least-privilege app registration and lock down credentials before you script anything.

1. Register an app in Entra ID and configure redirect URIs.
2. Grant Device.ReadWrite.All application or delegated permissions, then grant admin consent (Microsoft Graph permissions reference).
3. Store the client secret or certificate in a secure vault and set short-lived credentials.

Use managed identities where possible to avoid handling secrets. Limit who can run the app and monitor usage with Entra ID sign-in logs.

Bulk remove devices from Microsoft account using PowerShell

With Graph access in place, you can automate device removal. For example, the script below removes devices already marked as disabled.

Connect-MgGraph -Scopes “Device.ReadWrite.All”

$devices = Get-MgDevice -Filter “accountEnabled eq false”

foreach ($device in $devices) {

Remove-MgDevice -DeviceId $device.Id -Confirm:$false

}

Test scripts in a non-production tenant before running them broadly. If you use Intune or Autopilot, confirm how device deletion affects enrollment and re-provisioning. You can refine filters based on last sign-in activity, operating system, or naming conventions and schedule the script to run on a defined cadence.

This gives you a repeatable way to delete device Microsoft account entries without manual review.

Integrate device removal into RMM workflows

Device cleanup works best when it runs as part of your normal operations.

With an RMM like NinjaOne, you can:

• Flag inactive endpoints based on last check-in or user status
• Trigger Graph-based device removal automatically
• Run cleanup during offboarding workflows
• Log removal actions for audit evidence

By embedding device removal into your RMM, you can be sure that cleanup happens even during busy periods or staff changes. Every removal follows the same process and leaves a clear record.

Best practices for ongoing device management

Keeping device access under control requires regular monitoring and standardized removal during key lifecycle events.

Here are some of the best practices you can follow.

Monitor device activity and status

Use Entra ID device records, Intune compliance state, and sign-in logs to identify devices that are no longer active or no longer associated with a current user. Many teams start with a 90-day inactivity threshold, then adjust based on role, device type, and access level to avoid unnecessary disruption.

Centralize these signals in your RMM or SIEM so teams review the same data. When a device crosses your inactivity threshold, trigger removal as part of a defined workflow instead of relying on manual checks. This keeps cleanup consistent and prevents devices from remaining linked simply because no one followed up.

Standardize device removal during offboarding

Access gaps appear most often during offboarding, especially when user, device, and account cleanup happen in different systems. Keeping a consistent checklist will make sure devices lose access at the same time user credentials do.

A standard offboarding flow should include:

• Disabling or blocking the user account
• Revoking active sessions when required
• Deleting device entries through Microsoft Graph
• Removing Phone Link connections
• Removing personal Microsoft accounts from Windows settings

Automating these steps reduces missed actions, shortens offboarding timelines, and gives you clear evidence during access reviews and audits.

Keep asset hygiene consistent

Removing linked devices from your Microsoft account should be an ongoing hygiene practice. Devices get replaced, users change roles, and access requirements evolve. If cleanup only happens when someone remembers to do it, old devices will continue to show up where they shouldn’t.

Use the portal when you need to remove a device from a Microsoft account for a single user. Use Graph and scheduled jobs to bulk delete devices across the tenant. Include Microsoft Phone Link removal, so cross-device features stop when access ends.

Simplify device management with NinjaOne

NinjaOne brings endpoint management, monitoring, patching, and helpdesk workflows into one platform. That makes it easier to unlink Windows devices from Microsoft accounts, enforce consistent offboarding, and maintain clean audit trails across all your environments.

Try NinjaOne free to see how integrated IT management helps you remove devices reliably and keep access under control without adding manual work.