Setting Apps to Self-Service Uninstall in Company portal using PowerShell

In 2307 Intune release, users now have the ability to uninstall apps themselves in Company Portal.

I’m not going to show you how to do that manually as that’s well covered by others like this one from Prajwal:

https://www.prajwaldesai.com/intune-uninstall-apps-in-company-portal/

Instead, I am going to give you a quick way to switch as many apps as you like without having to click lots of buttons.

Introducing my latest script, available here:

https://github.com/andrew-s-taylor/public/blob/main/Powershell%20Scripts/Intune/set-apps-uninstall-true.ps1

Also available on the PowerShell gallery here:

Install-Script -Name set-apps-uninstall-true

As usual, you can send app reg details to automate it and if doing so, make sure to give the “-selected All” parameter or it will prompt for a selection.

When launching interactively, first it will ask if you want to set All apps, or just select the ones to configure:

If you select All it will change every app deployed.

Alternatively, pick Select and you will be presented with a grid-view output where you can select as many as you like. Then click ok and let it work its magic!

Et Voila:

4 thoughts on “Setting Apps to Self-Service Uninstall in Company portal using PowerShell”

  1. I appreciate this script Andrew, it works great.
    I can confirm that the script still works for selected Apps using the reduced scope you mentioned “DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All”.
    I did get an error when I selected only one app to update but it still works (line 302) “Attempted to divide by zero”, I commented out this line & it still works fine!
    This script works really well if you are using Patch My PC for application management.
    Cheers
    Jeff

    Reply
  2. That is a big list of scopes, are they all actually required?

    Connect-ToGraph -Scopes “Policy.ReadWrite.ConditionalAccess, CloudPC.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, RoleAssignmentSchedule.ReadWrite.Directory, Domain.Read.All, Domain.ReadWrite.All, Directory.Read.All, Policy.ReadWrite.ConditionalAccess, DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, openid, profile, email, offline_access, DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All”

    Reply
    • I think I lifted and shifted from another script, these two should be enough:
      DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All
      I’ll get it updated once I’ve tested 🙂

      Reply

Leave a Comment