Quickly validate and enable manual application uninstall via Intune Company Portal using Graph API

I am back and the titles are getting longer!

If you are an Intune admin, you will probably be happy to know that one of the most required features has landed: Uninstall Win32 and Microsoft store apps using the Windows Company Portal. One thing you need to be aware of, is that this feature is off by default, which means you will have to manually enable it for every app (lots of clicks)! Or, we can automate with PowerShell and Graph API…

What’s the problem?

If you watch the official video walkthrough (pinned at the end of the post), you will see that not only you have to check the presence and correctness of the uninstall command, but also manually flip the switch to show the uninstall button to the user. Flipping this switch requires a lot of clicking and waiting. …for each app. Let’s automate it!

Using the fancy Edge Developer Tools I’ve tracked the MS Graph API requests that Intune GUI issues to the back-end and identified this new property of a mobile application:

{ "allowAvailableUninstall" : True }

Basically, that’s all there is to it. However, simply flipping the value might not be enough – we need to check if the app’s uninstall line is present and correct. Can we automate this too along the way?

How to use it

The script basically does the following:

  • Connects to Intune and pulls the app data for Win32 LOB Apps
  • Checks if there are any apps with no uninstall command
  • Checks the apps with an uninstall command and and optionally saves them to a CSV file
    • If an optional -Export parameter was specified, exports this data into two CSV files.
  • Updates the uninstall command line and the allowAvailableUninstall switch
    • Can do if from Intune directly via -UpdateFromIntune or from a CSV file via -UpdateFromFile <file>

Thus your workflows might be:

  • .\UninstallFromCompanyPortalHelper.ps1 -Export
  • [Review the CSV files, adjust the uninstall lines and feed them to the script again]
  • .\UninstallFromCompanyPortalHelper.ps1 -UpdateFromFile .\apps.csv
### Connecting to Microsoft Graph API with scopes: DeviceManagementApps.ReadWrite.All
Welcome To Microsoft Graph!
 ++ No apps without an uninstall command found. Seems legit (or you have no apps)
 -- Found 11 apps with an uninstall command
  - exporting to apps_with_uninstall.csv

Or, if you are sure that all your uninstall lines are 100% OK – just run the script straight away (hint: there’s more if you add -Verbose, but you won’t need it unless something goes wrong):

  • .\UninstallFromCompanyPortalHelper.ps1 -UpdateFromIntune
### UPDATE MODE SPECIFIED ###
 -- Processing [7-Zip]:
 -- Processing [7zip (System Context)]:
 -- Processing [Empty IntuneWin test]:
 -- Processing [Mozilla Firefox]:
 -- Processing [Notepad++]:
 -- Processing [RemoteHelp (Intune Suite)]:
 -- Processing [VC Redistributable]:
 -- Processing [XMLnotepad (WinGet System Context)]:
 -- Processing [XMLnotepad (WinGet User Context)]:
 -- Processing [XMLnotepad (WinGet usermode)]:
### UPDATE MODE COMPLETED ###
### ALL DONE ###

Other combinations of parameters and details are listed in help:

  • Get-Help .\UninstallFromCompanyPortalHelper.ps1 -Detailed

That’s it folks!

Download the script here

https://github.com/apcsb/PSscripts-public/tree/master/UninstallFromCompanyPortalHelper

I’ve tested the script with Graph PowerShell SDK 1.0, but it should also work with 2.0. It will attempt to install the required modules automatically from PSGallery.

Enjoy!

Video walkthrough of the new feature

Leave a comment

Create a free website or blog at WordPress.com.

Up ↑