Microsoft Office 365

Lock and wipe devices using Microsoft Graph in Power Automate

On a recent project I needed to be able to lock and wipe devices. I used Microsoft Graph, Power Automate and HTTP requests to get this done. In this post the details.

Big Warning

This post should have a big “Don’t try this at home (or work)” warning as you wouldn’t want to wipe a device that someone is actually using for the wrong reasons.

In my case we are managing 1000s of laptops for an organization who should get laptops back and as a last resort the devices that aren’t returned will be wiped.

The Graph API

If you are new to the Graph API then please have a look at my series about the Graph API and the Power Platform.

I’m going to make use of the Managed Devices endpoints in this post. These endpoints can be used to do things to devices that are managed within Intune.

There are many operations possible

On Microsoft Learn you can find the following overview of the operations.

MethodReturn TypeDescription
List managedDevicesmanagedDevice collectionList properties and relationships of the managedDevice objects.
Get managedDevicemanagedDeviceRead properties and relationships of the managedDevice object.
Create managedDevicemanagedDeviceCreate a new managedDevice object.
Delete managedDeviceNoneDeletes a managedDevice.
Update managedDevicemanagedDeviceUpdate the properties of a managedDevice object.
retire actionNoneRetire a device
wipe actionNoneWipe a device
resetPasscode actionNoneReset passcode
remoteLock actionNoneRemote lock
requestRemoteAssistance actionNoneRequest remote assistance
disableLostMode actionNoneDisable lost mode
locateDevice actionNoneLocate a device
bypassActivationLock actionNoneBypass activation lock
rebootNow actionNoneReboot device
shutDown actionNoneShut down device
recoverPasscode actionNoneRecover passcode
cleanWindowsDevice actionNoneClean Windows device
logoutSharedAppleDeviceActiveUser actionNoneLogout shared Apple device active user
deleteUserFromSharedAppleDevice actionNoneDelete user from shared Apple device
syncDevice actionNoneNot yet documented
windowsDefenderScan actionNoneNot yet documented
windowsDefenderUpdateSignatures actionNoneNot yet documented
updateWindowsDeviceAccount actionNoneNot yet documented

So how do we use this in Power Automate.

List managed devices

In my examples, I will skip the authentication part. But please do remember to setup the App Registration in Azure. This App registration will require the DeviceManagementManagedDevices.PrivilegedOperations.All permission.

Now we can look at listing all devices using the GET method with following end point

However if you are using more than 1000 devices you will need to enable paging on this HTTP action as you can only collect 1000 items at a time.

In my case I’m after just one device that I want to lock and I have the serialNumber of the device in question available to me. As shown below I can query the devices using a simple filter query,

Now that I’ve got the device I can collect the id of the device.

Get Device

Although the above will give me the device details, I could also query the device using the id of the device.

Once again it is all quite easy to configure.

Wipe and Lock devices

Now depending on if you want to wipe a device or if you want to lock a device I’ve created a switch. You will find that for the remote lock, there is no need to supply any parameters in the body, but for a wipe you can control what is removed from the device and what isn’t.

Notice that if you call the wipe method without any body all parameters are assumed false. So once again be very careful as you might want to keep you autopilot image to re-utilize your laptop at some point.


I’ve noticed that the remote lock often return the following error. However the wipe is very effective.


  “error”: {

    “code”: “BadRequest”,

    “message”: “{\r\n  \”_version\”: 3,\r\n  \”Message\”: \”An error has occurred – Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 – Activity ID: 6010c011-c21e-4724-b937-c87626fc1215 – Url:‘e83b9c69-f34c-404c-bc34-2af1dc84f645’)/\”,\r\n  \”CustomApiErrorPhrase\”: \”\”,\r\n  \”RetryAfter\”: null,\r\n  \”ErrorSourceService\”: \”\”,\r\n  \”HttpHeaders\”: \”{}\”\r\n}”,

    “innerError”: {

      “date”: “2023-04-25T13:23:04”,

      “request-id”: ” 6010c011-c21e-4724-b937-c87626fc1215″,

      “client-request-id”: ” 6010c011-c21e-4724-b937-c87626fc1215″




The above error is quite annoying as it isn’t locking the device. If you come across this error and do find the cause of it then please let me know. The wipe operation however is very effective!


Ok, so we’ve got a bit of an issue with the locking of the devices. I found out that remoteLock is supported on Android devices but not on Windows. Hmm, that is a pain.

The best solution I have found so far is the /rebootNow endpoint. It works in a similar way as the other operations, but it will reboot the device instead of locking.

Pieter Veenstra

Business Applications Microsoft MVP working as a Principal Architect at HybrIT Services Ltd. You can contact me using

Recent Posts

1 Step to create the REPT function in Power Automate

Today I was asked on the chat about how to create a REPT function in…

2 weeks ago

4 avoidable pitfalls of Low Code development?

Low Code Development is all about anybody can do it! But what are the pitfalls…

4 weeks ago

Implement booking availability in Power Apps in less than 5 minutes

Today I was asked how to implement a booking availability solution in Power Apps. The…

3 months ago

Delegation with SharePoint lists Power Apps vs Power Automate

We all know about delegation warnings in Power Apps, but how about delegation with SharePoint…

3 months ago

Timing issues in relation to App OnStart, Screen OnVisible, Timers and user interruptions in Power Apps

When you create apps, it is important to understand the timing issues that may happen.…

3 months ago

Implement a PDF preview in a Model Driven Apps

Recently I needed to implement a PDF preview in a Model Driven App. This should…

3 months ago