Frustrated by time-consuming troubleshooting on managed mobile devices? No more troubleshooting headaches! Microsoft Intune's recently launched Remove apps and configuration (RAC) feature empowers IT admins to streamline the troubleshooting process for managed mobile devices. Suspect a specific app is causing problems? RAC allows for its temporary removal from
Frustrated by time-consuming troubleshooting on managed mobile devices? No more troubleshooting headaches! Microsoft Intune's recently launched Remove apps and configuration (RAC) feature empowers IT admins to streamline the troubleshooting process for managed mobile devices. Suspect a specific app is causing problems? RAC allows for its temporary removal from a device to isolate the issue. Need to pinpoint a troublesome configuration setting? Simply remove it temporarily with RAC and see if the problem persists.
Here's the beauty of RAC: removed items are automatically restored to the device within 8-24 hours. This ensures your devices stay compliant with your organization's security policies without requiring manual intervention. This translates to significant time savings and freed-up resources for your IT team.
Remove apps and configuration is a single-device action in Microsoft Intune that allows administrators to temporarily uninstall applications or remove configuration items from a device. This feature is designed to help resolve issues that occur outside of Intune, quickly restoring end-user productivity.
We just navigated through the process of removing apps and configurations from the Intune console, seeing how straightforward it can be from the administrator’s perspective. Now, let’s delve deeper into the rabbit hole and uncover the intricate details and magic happening behind the scenes. This includes examining the specific Graph API calls that Intune makes to manage these actions and exploring the corresponding logs generated on iOS devices, providing a comprehensive understanding of how these processes are executed and tracked.
GET https://graph.microsoft.com/beta/users('xxxxx')/mobileAppIntentAndStates('eda9809a-35bd-49bc-9bdb-b9e017785c7e')
Response:
{
"id": "a87b42f4-fb24--c11f8ac7a782",
"managedDeviceIdentifier": "eda9809a--b9e017785c7e",
"userId": "783a2608-104b-486d-90c3-157ea88ce73e",
"mobileAppList": [
{
"applicationId": "474eebe1-2691-4837-828b-dad25afe885b",
"displayName": "Microsoft Outlook",
"mobileAppIntent": "requiredInstall",
"installState": "installed"
},
{
"applicationId": "5bbb253d-974b-4ccb-ad7f-63206a44549b",
"displayName": "Intune Company Portal",
"mobileAppIntent": "requiredInstall",
"installState": "installed"
},
{
"applicationId": "bda2e243-8e7f-4ff0-ba12-55ddf5c6cd5d",
"displayName": "Microsoft Word",
"mobileAppIntent": "requiredInstall",
"installState": "installed"
},
{
"applicationId": "294f7356-25a7-42c4-a90d-92c2100f10e2",
"displayName": "Microsoft Authenticator",
"mobileAppIntent": "requiredInstall",
"installState": "installed"
},
{
"applicationId": "ea95a2b2-a2fd-4723-b952-50919a81ae65",
"displayName": "Microsoft Defender: Security",
"mobileAppIntent": "requiredInstall",
"installState": "installed"
},
{
"applicationId": "5dd3596c-8e53-49c4-9c63-0da83f15085c",
"displayName": "Adobe Acrobat Reader: Edit PDF",
"mobileAppIntent": "requiredInstall",
"installState": "installed"
},
{
"applicationId": "378d9604-9d2d-46db-a904-7bc77ccf3745",
"displayName": "Microsoft OneDrive",
"mobileAppIntent": "requiredInstall",
"installState": "installed"
},
{
"applicationId": "e1e87236-4af7-4e8d-bd25-37ffbd8d73a6",
"displayName": "Microsoft Teams",
"mobileAppIntent": "requiredInstall",
"installState": "installed"
}
]
}
The response includes detailed information about each installed application, such as the application ID, display name, and installation state.
When you removes an app, the following API call is initiated:
POST https://graph.microsoft.com/beta/deviceManagement/managedDevices('eda9809a-35bd-b9e017785c7e')/changeAssignments
This call changes the assignment of the app, indicating that it should be removed.
Response:
{
"managementState": "managed",
"deviceActionResults": [
{
"actionName": "changeAssignments",
"actionState": "active",
"startDateTime": "2024-07-29T09:02:12.5819891Z",
"deviceAssignmentItems": [
{
"itemId": "5dd3596c-8e53-49c4-9c63-0da83f15085c",
"itemType": "application",
"itemDisplayName": "Adobe Acrobat Reader: Edit PDF",
"assignmentItemActionIntent": "remove",
"assignmentItemActionStatus": "inProgress"
}
]
}
]
}
The response details the action status, showing the app is being removed.
After the app removal process is initiated, a follow-up API call checks the status:
GET https://graph.microsoft.com/beta/deviceManagement/managedDevices('eda9809a-35bd-b9e017785c7e')?$select=deviceactionresults,managementstate,lostModeState,deviceRegistrationState,ownertype
Response:
The response confirms that the app has been removed.
{
"managementState": "managed",
"deviceActionResults": [
{
"actionName": "changeAssignments",
"actionState": "active",
"startDateTime": "2024-07-29T09:02:12.5819891Z",
"deviceAssignmentItems": [
{
"itemId": "5dd3596c-8e53-0da83f15085c",
"itemType": "application",
"itemDisplayName": "Adobe Acrobat Reader: Edit PDF",
"assignmentItemActionIntent": "remove",
"assignmentItemActionStatus": "removed"
}
]
}
]
}
When an app is removed, the iOS device generates detailed logs. Below are logs that correspond to the removal of the Adobe Acrobat Reader app:
default mdmd Starting MDM power assertion with reason: mdmd-Request-RemoveApplication
default mdmd Processing command UUID: BE80C17A-A331-4C09-8021-2BE03010EBA0
default mdmd Attempting to perform Supervised request: RemoveApplication
default mdmd Handling request type: RemoveApplication
default dmd Fetch apps with bundle ids: ("com.adobe.Adobe-Reader"), store item id: (null)
default dmd Received request: <DMFRemoveAppRequest: 0x73888dae0>, from client
default dmd Operation will start: <DMDRemoveAppOperation: 0x73887dde0
default dmd Get bundle identifier for request: <DMFRemoveAppRequest: 0x73888dae0>
default dmd Start uninstalling app with bundle identifier: com.adobe.Adobe-Reader
default dmd Remove app with bundle identifier: com.adobe.Adobe-Reader
default mdmd Removed app “com.adobe.Adobe-Reader”.
default mdmd Command Status: Acknowledged
default mdmd Ending MDM power assertion with reason: mdmd-Request-RemoveApplication
These logs show the sequence of events on the iOS device, matching the actions initiated by the Graph API calls from the Intune console. This detailed look at the process helps in understanding the backend operations that make Intune a powerful tool for device and application management.
The Remove apps and configuration feature in Microsoft Intune offers a flexible and powerful tool for IT administrators to troubleshoot and manage devices more effectively. By allowing temporary removal of apps and configurations with automatic safeguards, Intune continues to evolve to meet the complex needs of modern device management.
As with any powerful tool, use this feature judiciously and always in accordance with your organization's policies and best practices for device management.