Back in August this year, a new feature was released to control whether iOS apps was removed or retained when a device is unenrolled from Microsoft Intune. This feature works for both iOS Store apps and iOS VPP apps, which is a great addition when it comes to managing VPP licenses on devices or for users.
When the feature was flighted in every tenant, a new property setting for the assignments named Uninstall on device removal was added. For iOS apps with existing assignments the value of this new feature would by default be empty, as shown in the below screenshot:
Click on the assignment, in this case the one that’s Available for enrolled devices, would bring up a pop-out window giving you the option to select either Yes or No for this property.
This requires us to go through every eligible iOS app with existing assignments and select the desired Uninstall on device removal behavior. Now, if you only have a handful of apps, you’d most likely click through the portal a few times and be done with it. However, let’s say that there’s over 100’s or even more apps that you want to configure for this new feature, would you really like to click through the portal then?
Continue to read on in case you’re interested in a solution that sorts this out for you, or stop reading now if you want to click a few (hundreds or so of) times.
List all eligible iOS apps
In order to help you out and set the desired behavior for all your apps at once, it’s a great start to get an idea of how many apps that are eligible for setting this new feature to a given value in the first place.
Download the following script:
With the script downloaded, execute the following command where you replace the value for the TenantName parameter with your own tenant name:
.\Get-IntuneiOSManagedAppAssignment.ps1 -TenantName name.onmicrosoft.com
If your tenant has any iOS apps with assignments, something similar to the following will be return from running the above script:
As we can see, the UninstallOnDeviceRemoval property is empty or null, and that’s our aim to change.
Update all eligible iOS apps with desired behavior
Since we have Get-IntuneiOSManagedAppAssignment.ps1, wouldn’t it make sense to also have Set-IntuneiOSManagedAppAssignment.ps1? You’re absolutely right.
Download the following script:
Set-IntuneiOSManagedAppAssignment.ps1
Before you execute the following command below, know this. The UninstallOnDeviceRemoval property can be either $true or $false. Take note though, this script will not change the property value for assignments where it has previously been set. So let’s say that you have 100 iOS apps where the UninstallOnDeviceRemoval property is only set to $true for 2 out those apps. Without specifying the Force parameter, the 98 apps out of 100 would be updated, not making any changes to the app assignments that has already been configured. Just like the previous script, ensure you replace the tenant name here too.
Execute the following command to only change the value for app assignments that are currently empty or null:
.\Set-IntuneiOSManagedAppAssignment.ps1 -TenantName name.onmicrosoft.com -UninstallOnDeviceRemoval $true -Verbose
Execute the following command to update all eligible app assignments with the desired value:
.\Set-IntuneiOSManagedAppAssignment.ps1 -TenantName name.onmicrosoft.com -UninstallOnDeviceRemoval $true -Force -Verbose
When the script is executed, no output is returned unless the Verbose parameter is passed on the command line, which would show something similar to this:
As shown above, the PowerPoint iOS app was detected with an existing assignment. This tells the script to attempt to update the property value with what’s passed to it. Now if we would invoke the Get-IntuneiOSManagedAppAssignment.ps1 script again after setting the desired uninstall on device removal behavior, the changes should present themselves similar to this:
Hopefully this will save you some time and as always, if you have feedback, please contact me on twitter or by email.
Add comment