If you are using Azure AD and the time passess you'll have a lot of old device entries. If you enable the automatic device cleanup rule in Microsoft Intune the device is only removed within MDM and the Azure AD entry still exists.
For this reason I created a tiny PowerShell snippet to create a report with all devices which didn't contact your Azure AD tenant since the treshold date specified. If you confirm the operation you can also delete all affected devices.
Please be careful when running the script because when removing a device from Azure AD the stored Bitlocker recovery keys are also removed. I can recommend Roger Zander's Azure table-based Bitlocker recovery key solution.