We're still struggling to get our Macs to register with Intune. After each failed attempt, in addition to removing the partial computer entries from Intune, we have to delete every single file and keychain entry that has anything at all to do with Intune and the Company portal app. After a lot of searching I came up with this script to remove the files associated with it:

#!/bin/sh



#variable for storing the current users name assuming the computer has the end user

# and not the admin user logged in when this script is run.

currentuser=`stat -f "%Su" /dev/console`



rm -Rfv /Users/$currentuser/Library/Application Support/com.microsoft.CompanyPortal.usercontext.info

rm -Rfv /Users/$currentuser/Library/Application Support/com.microsoft.CompanyPortal

rm -Rfv /Users/$currentuser/Library/Application Support/com.jamfsoftware.selfservice.mac

rm -Rfv /Users/$currentuser/Library/Saved Application State/com.jamfsoftware.selfservice.mac.savedState

rm -Rfv /Users/$currentuser/Library/Saved Application State/com.microsoft.CompanyPortal.savedState

rm -Rfv /Users/$currentuser/Library/Preferences/com.microsoft.CompanyPortal.plist

rm -Rfv /Users/$currentuser/Library/Preferences/com.jamfsoftware.selfservice.mac.plist

rm -Rfv /Users/$currentuser/Library/Preferences/com.jamfsoftware.management.jamfAAD.plist

rm -Rfv /Users/$currentuser/Library/Cookies/com.microsoft.CompanyPortal.binarycookies

rm -Rfv /Users/$currentuser/Library/Cookes/com.jamf.management.jamfAAD.binarycookies

I am having a helluva time trying to figure out how to automate the removal of the keychain items. There are so many and I can't make heads or tails out of the security command. So far I have found the following in the current user's Login keychain that seem to have anything to do with Intune:

• Application Password: a long string of random letters and numbers associated with com.microsoft.workplace.thumbprint


• Application Password: the OS version


• 2 Application Passwords: that are time stamps of some sort


• Application Password: the computer name


• Application Password: the email address used to try and register with Intune


• Application Password: "com.microsoft.CompanyPortal"


• Application Password: "com.microsoft.CompanyPortal.Hockey.SDK"


• Application Password: "enterpriseregistration.windows.net"


• Public key: "Microsoft Workplace Join Key"


• Private key: "Microsoft Workplace Join Key"


• Public Key: "Microsoft Session Transport Key"


• Private Key: "Microsoft Session Transport Key"


• Identity preference: "https://enterpriseregistration.windows.net"


• Identity preference: "https://enterpriseregistration.windows.net/" (yes the same as above with a trailing slash)


• Identity preference: "https://device.login.microsoftonline.com"


• Identity preference: "https://device.login.microsoftonline.com/" (yes the same as above with a trailing slash)


• That's all I can recall finding

I would prefer to use a surgical methodology to only remove the Intune-specific Keychain entries and leave the user's other keychain items untouched. I don't know where to begin. I've spent weeks trying to figure out how to use the security command but I'm getting nowhere. Does anyone else have a way to automate this?