IntuneWin32App

1.5.0

Public/Remove-IntuneWin32AppAssignmentAllUsers.ps1

function Remove-IntuneWin32AppAssignmentAllUsers {
    <#
    .SYNOPSIS
        Remove an 'All Users' assignment from a Win32 app.
 
    .DESCRIPTION
        Remove an 'All Users' assignment from a Win32 app. This will remove the 'All Users' assignment
        regardless of the intent (required, available, or uninstall). Since 'All Users' can only be
        assigned once across all intents, this function will find and remove whichever intent is currently configured.
 
    .PARAMETER DisplayName
        Specify the display name for a Win32 application.
 
    .PARAMETER ID
        Specify the ID for a Win32 application.
 
    .NOTES
        Author: Nickolaj Andersen
        Contact: @NickolajA
        Created: 2025-12-07
        Updated: 2025-12-07
 
        Version history:
        1.0.0 - (2025-12-07) Function created
    #>
    [CmdletBinding(SupportsShouldProcess = $true)]
    param(
        [parameter(Mandatory = $true, ParameterSetName = "DisplayName", HelpMessage = "Specify the display name for a Win32 application.")]
        [ValidateNotNullOrEmpty()]
        [string]$DisplayName,

        [parameter(Mandatory = $true, ParameterSetName = "ID", HelpMessage = "Specify the ID for a Win32 application.")]
        [ValidateNotNullOrEmpty()]
        [string]$ID      
    )
    Begin {
        # Ensure required authentication header variable exists
        if (-not (Test-AuthenticationState)) {
            Write-Warning -Message "Authentication token was not found, use Connect-MSIntuneGraph before using this function"; break
        }

        # Set script variable for error action preference
        $ErrorActionPreference = "Stop"
    }
    Process {
        switch ($PSCmdlet.ParameterSetName) {
            "DisplayName" {
                $MobileApps = Invoke-MSGraphOperation -Get -APIVersion "Beta" -Resource "deviceAppManagement/mobileApps"
                if ($MobileApps.Count -ge 1) {
                    $Win32MobileApps = $MobileApps | Where-Object { $_.'@odata.type' -like "#microsoft.graph.win32LobApp" }
                    if ($Win32MobileApps -ne $null) {
                        $Win32App = $Win32MobileApps | Where-Object { $_.displayName -like $DisplayName }
                        if ($Win32App -ne $null) {
                            Write-Verbose -Message "Detected Win32 app with ID: $($Win32App.id)"
                            $Win32AppID = $Win32App.id
                        }
                        else {
                            Write-Verbose -Message "Query for Win32 apps returned empty a result, no apps matching the specified search criteria was found"
                        }
                    }
                    else {
                        Write-Verbose -Message "Query for Win32 apps returned empty a result, no apps matching type 'win32LobApp' was found in tenant"
                    }
                }
                else {
                    Write-Warning -Message "Query for mobileApps resources returned empty"
                }
            }
            "ID" {
                $Win32AppID = $ID
            }
        }

        if (-not([string]::IsNullOrEmpty($Win32AppID))) {
            try {
                # Attempt to call Graph and retrieve all assignments for Win32 app
                $Win32AppAssignmentResponse = Invoke-MSGraphOperation -Get -APIVersion "Beta" -Resource "deviceAppManagement/mobileApps/$($Win32AppID)/assignments" -ErrorAction Stop
                if ($null -ne $Win32AppAssignmentResponse -and $Win32AppAssignmentResponse.Count -gt 0) {
                    # Filter for 'All Users' assignments only
                    $AllUsersAssignments = $Win32AppAssignmentResponse | Where-Object { $_.target.'@odata.type' -eq "#microsoft.graph.allLicensedUsersAssignmentTarget" }
                    
                    if ($AllUsersAssignments.Count -gt 0) {
                        Write-Verbose -Message "Found $($AllUsersAssignments.Count) 'All Users' assignment(s) for removal"
                        
                        # Process each 'All Users' assignment for removal
                        foreach ($Assignment in $AllUsersAssignments) {
                            # Determine the intent of the assignment for informative output
                            $AssignmentIntent = $Assignment.intent
                            Write-Verbose -Message "Attempting to remove 'All Users' assignment with intent '$($AssignmentIntent)' and ID: $($Assignment.id)"
                            
                            try {
                                # Remove current 'All Users' assignment
                                $Win32AppAssignmentRemoveResponse = Invoke-MSGraphOperation -Delete -APIVersion "Beta" -Resource "deviceAppManagement/mobileApps/$($Win32AppID)/assignments/$($Assignment.id)" -ErrorAction Stop
                                Write-Verbose -Message "Successfully removed 'All Users' assignment with intent '$($AssignmentIntent)' and ID: $($Assignment.id)"
                            }
                            catch [System.Exception] {
                                Write-Warning -Message "An error occurred while removing 'All Users' assignment with intent '$($AssignmentIntent)' and ID '$($Assignment.id)'. Error message: $($_.Exception.Message)"
                            }
                        }
                    }
                    else {
                        Write-Verbose -Message "No 'All Users' assignments found for Win32 app with ID: $($Win32AppID)"
                    }
                }
                else {
                    Write-Verbose -Message "Win32 app does not have any existing assignments"
                }
            }
            catch [System.Exception] {
                Write-Warning -Message "An error occurred while retrieving Win32 app assignments for app with ID: $($Win32AppID). Error message: $($_.Exception.Message)"
            }
        }
        else {
            Write-Warning -Message "Unable to determine the Win32 app identification for assignment removal"
        }
    }
}