Hey everyone, we’re currently managing a fleet of about 10,000 devices, but lately, we keep hitting our Hexnode license cap. After digging in, I realized a huge chunk of our roster consists of “ghost devices”—basically hardware that hasn’t synced in months because the employee left, the device got lost, or it’s just sitting dead in a drawer somewhere. Has anyone tackled a massive database cleanup for this? I need to figure out how to filter these out and free up our licenses, but doing it manually is completely out of the question at this scale.
69 Views
Replies (3)
Marked SolutionPending Review
Participant
4 months ago
Jan 19, 2026
Marked SolutionPending Review
Hey man! I ran into the exact same headache last year during our annual hardware audit. What saved my sanity was setting up an inactivity baseline and automating the reporting.
First, you’ll want to go to Admin > General Settings > Inactivity Settings and define your threshold, we use 30 days. After that, head over to your built-in reports for Inactive Devices. You can export that list and run a quick VLOOKUP against your Identity Provider (like Okta or Entra ID) to spot the “orphaned” devices where the user is already gone from the company directory.
Also, a huge pro-tip: you can tie this straight into your compliance rules. If you create a new Compliance Policy and enable the “Device becomes inactive” rule, Hexnode will automatically flag them as non-compliant the moment they cross your 30-day threshold. You can set it up so they automatically drop into a dynamic group for you to review.
Marked SolutionPending Review
Participant
4 months ago
Jan 20, 2026
Marked SolutionPending Review
Oh man, nice to hear.
How do you actually handle the cleanup part without shooting yourself in the foot? I’m terrified of just highlighting that entire dynamic group and hitting “Delete,” only to find out a regional manager was on a long sabbatical or a tablet was just left uncharged in a warehouse, and now I’ve completely disconnected their setup. What’s your workflow for safely clearing them out?
Marked SolutionPending Review
Participant
4 months ago
Jan 21, 2026
Marked SolutionPending Review
Totally valid fear! You definitely don’t want to just nuke everything on day 31. We use a “Tiered Cleanup Protocol” to handle this safely, all done via bulk actions from the Manage tab.
Here is how we break it down:
- Tier 1 (30–60 Days Inactive) – Quarantine: They sit in that dynamic group we talked about. We halt automated app and policy updates to save server bandwidth and isolate the device, but we don’t wipe anything. Our IT team uses this window to send an automated Slack/Email warning to the user.
- Tier 2 (60–90 Days Inactive) – Enforcement: If it stays dark this long, we select the group and issue a bulk Corporate Wipe. This immediately secures company data if the device was lost, but leaves the base OS intact just in case the hardware turns up later and needs to be re-deployed.
- Tier 3 (90+ Days Inactive) – Sanitization: The final stage. We use the Disenroll Device bulk action, followed by Delete Device. This permanently purges the record from the database and officially reclaims that UEM license seat.
Doing it in stages guarantees that anyone who is just on extended leave has plenty of time to turn their device back on to sync, keeping you completely safe from accidental wipes!
Save
