top of page
Search

You can't delete a Windows Autopilot deployment profile in Intune






This article helps resolve the error message that occurs when you try to remove a Windows Autopilot deployment profile in Microsoft Intune.



Symptoms


When you try to delete a Windows Autopilot deployment profile in Intune, you receive the following error message:

Cannot delete <Autopilot Profile Name>The profile is assigned to groups. You must unassign all groups from this profile before you can delete it.


Cause


This issue occurs for either of the following reasons:

  • The Windows Autopilot deployment profile is still assigned to one or more groups in Microsoft Entra ID.

  • The group that the Windows Autopilot deployment profile was assigned to was deleted from Microsoft Entra ID before the group was removed from the Included groups of the deployment profile.


    Note

    In this scenario, you can use Solution 2 to delete the profile immediately. Or, you can wait until the assignment to the deleted group is removed (this usually occurs within seven days), and then delete the profile in Intune.


To fix the issue, use one of the following solutions, depending on whether the group that the Windows Autopilot deployment profile was assigned to still exists in Microsoft Entra ID.


Solution 1


If the group the deployment profile was assigned to still exists in Microsoft Entra ID, use the following steps to resolve the issue.

  1. Sign in to the Microsoft Intune admin center.

  2. Select Devices > Windows > Windows enrollment > Deployment Profiles.

  3. Select the Windows Autopilot deployment profile that you want to delete, and then select Assignments.

  4. Remove all groups in Included groups, and select Save.

After you delete the assignment, you can delete the Windows Autopilot deployment profile.



Solution 2


If the group the deployment profile was assigned to was deleted from Microsoft Entra ID, complete the following procedures.

Step 1: Find the AutopilotProfileID

To find the AutopilotProfileID, follow these steps:

  1. Sign in to the Microsoft Intune admin center.

  2. Select Devices > Windows > Windows enrollment > Deployment Profiles.

  3. Select the Autopilot deployment profile that you want to delete, and then copy the AutopilotProfileID from the following URL in the address bar:

    https://portal.azure.com/#blade/Microsoft_Intune_Enrollment/AutopilotMenuBlade/overview/id/<AutopilotProfileID>

Step 2: Find the GroupID of the assigned group that has been deleted

To find the GroupID, use one of the following methods:

Step 3: Delete the profile assignment in Graph Explorer

To delete the assignment, run the following query in Graph Explorer:

HTTPCopy

DELETE https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles/<AutopilotProfileID>/assignments/<AutopilotProfileID>_<GroupID>

You may receive the following error message when you run the DELETE query:

Failure - Status Code 403 - Looks like you may not have the permissions for this call. Please modify your permissions.

If this occurs, select Modify Permissions, and then select the DeviceManagementServiceConfig.ReadWrite.All permission.

Click Modify Permissions, log on again to the Graph Explorer, and then rerun the DELETE query.


Step 4: Delete the profile in Graph Explorer

To delete the profile, run the following query in Graph Explorer:

HTTPCopy

DELETE https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles/<AutopilotProfileID>




Have a question or need help! Contact me 😊❤️


Comments

bottom of page