Hi again

If you’re familiar with Winget or the new App version to be installed from Intune you might need this quick tip around “fixing an app deployment mistake”.

Summary

You target the wrong device group i.e.: All Windows Autopilot Devices instead of Pilot – All Windows Autopilot Devices

What would be your first action?

  1. go to the App deployed in Intune Admin Center \ Apps \ %App Name% \
  2. select the assignments and remove “targeted group” from the required
  3. add the “targeted group” assigned as Uninstall

What if that takes a lot to sync and fix the issue?

I’d rush to leverage Proactive Remediation to detect the app and quickly remove it using detection-app.ps1 and remediation-app.ps1 – Download here.

To begin this validation pick one affected machine

  1. and execute powershell.exe (as admin)
  2. run Get-AppxPackage | select * | where-object {$_ -like “*draw*”} , copy the package full name from the output
  3. create 2 files
    1. detect-drawio.ps1
      1. this file will detect draw.io using its full name and exit 0 or 1 accordingly to notify Intune service
    2. remediate-drawio.ps1
      1. this file will be used to also detect and remove the drawio package from the OS
        1. here we’re going to use Remove-AppxPackage -AllUsers -Package packageName, to remove the identified package
  4. go to Proactive Remediations in Intune Admin Portal
    1. create a new package
    2. under Basics: give it a name and description and click next
    3. under Settings:
      1. Search for the detect-drawio.ps1 file and assign to the “Detection script file”
      2. Search for the remediate-drawio.ps1 file and assign to the “Remediation script file”
      3. set “Run this script using the logged-on credentials to YES
      4. set “Run script in 64-bit PowerShell to YES
      5. click next
    4. under scope tags, leave default options, and client next
    5. under assignments
      1. click on + select groups to include
      2. click on daily under the schedule
      3. select the frequency: hourly
      4. set repeats every: 1 hour
      5. click apply
      6. then click next
    6. then click create under review and create
    7. wait of the Proactive Remediation script package to be published
    8. go back to the affected device and do the following:
      1. restart “Microsoft Intune Management Extension” or
      2. settings \ accounts \ access work or school \ “select the connect by or connected to” option depending on your device enrollment, scroll down and click on sync or,
      3. press the windows key, search for the company portal and click the option “sync this device” and wait

 

Screenshots (below)

 

 

Thanks,

Thiago Beier
Toronto, Canada