Help

Company Portal Removal Script (Based on Microsoft Support)

KyleEricson
Valued Contributor II

Posted on ‎07-24-2018 12:01 PM

Apple Script format

#Created by Kyle Ericson Date July 24th 2018
#If you want to remove from JAMF uncomment this
#do shell script "sudo jamf removemdmprofile" user name "Administrator" password "superpassword" with administrator privileges
#do shell script "sudo jamf removeFramework" user name "Administrator" password "superpassword" with administrator privileges

#Remove Company Portal Items
do shell script "killall 'JAMF' || True "
do shell script "killall 'Company Portal' || True"
do shell script "sudo rm -R '/Applications/Company Portal.app/'|| True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -rf '/Library/Application Support/com.microsoft.CompanyPortal.usercontext.info'|| True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -rf '/Library/Application Support/com.jamfsoftware.selfservice.mac'|| True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -r '/Library/Saved Application State/com.jamfsoftware.selfservice.mac.savedState' || True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -r 'Library/Saved Application State/com.microsoft.CompanyPortal.savedState' || True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -r '/Library/Preferences/com.microsoft.CompanyPortal.plist' || True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -r 'Library/Preferences/com.jamfsoftware.management.jamfAAD.plist' || True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -r 'Users/$loggedInUser/Library/Cookies/com.microsoft.CompanyPortal.binarycookies' || True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -r '/Users/$loggedInUser/Library/Cookes/com.jamf.management.jamfAAD.binarycookies' || True" user name "Administrator" password "superpassword" with administrator privileges

#Remove Keychain items
do shell script "security delete-generic-password -l 'com.jamf.management.jamfAAD' || True"
do shell script "security delete-generic-password -l 'com.microsoft.CompanyPortal' || True"
do shell script "security delete-generic-password -l 'com.microsoft.CompanyPortal.HockeySDK' || True"
do shell script "security delete-generic-password -l 'enterpriseregistration.windows.net' || True"

do shell script "security delete-generic-password -l 'https://adfs.mydomain.com/adfs/ls' || True"
do shell script "security delete-generic-password -l 'https://adfs.mydomain.com/adfs/ls/' || True"
do shell script "security delete-generic-password -l 'https://device.login.microsoftonline.com' || True"
do shell script "security delete-generic-password -l 'https://device.login.microsoftonline.com/' || True"
do shell script "security delete-generic-password -l 'https://enterpriseregistration.windows.net' || True"
do shell script "security delete-generic-password -l 'https://enterpriseregistration.windows.net/' || True"
do shell script "security delete-generic-password -a 'com.microsoft.workplacejoin.thumbprint' || True"
do shell script "security delete-generic-password -a 'com.microsoft.workplacejoin.registeredUserPrincipalName' || True"
do shell script "sudo security delete-certificate -c 'MS-Organization-Access' || True" user name "Administrator" password "superpassword" with administrator privileges

tell application "Keychain Access" to activate

display dialog "Remove any Keychain Items named <key>, Workplace Join Key, Microsoft Session Transport Key,  and ########-3df9-48a3-####-ba15ca0b2414 issued by MS-Organization-Access" with icon stop

display dialog "Company Portal has been removed. Restart and run Azure Device Registration via JAMF Self Service" with icon stop giving up after 2

Latest code on Github

Read My Blog: https://www.ericsontech.com
Reply
24 REPLIES 24

Surajit
New Contributor III

Posted on ‎05-10-2019 03:29 AM

07243a560c6148db811756128e6ad10e
Getting this error. What am I doing wrong?

0 Kudos
Reply

jameson
Contributor II

Posted on ‎06-12-2019 04:29 AM

Anyone get this working?

Or other tools to reset company portal on the mac to scratch. Having a issue on some clients that where I can launch company portal from self service, but it does not show the addational popup where logging into jamf pro and adding the Jamfaad to keychain. So the device newer is created in azure

0 Kudos
Reply

KyleEricson
Valued Contributor II

Posted on ‎06-12-2019 04:59 AM

@surajitbapan @jameson See this updated post and script. *Sorry forgot to add the Link

Read My Blog: https://www.ericsontech.com
Reply

KRIECCO
Contributor

Posted on ‎06-12-2019 05:15 AM

Has there been any changes? just tried to test and If I try it fails on the "do" like surajitbpn screenshots show

0 Kudos
Reply

KyleEricson
Valued Contributor II

Posted on ‎06-12-2019 05:24 AM

@KRIECCO Just added the link sorry forgot to add it. Looks like this script posted here is Apple Script not sh. The one I just linked is sh on GitHub.

Read My Blog: https://www.ericsontech.com
Reply

jameson
Contributor II

Posted on ‎06-12-2019 05:50 AM

Great thank you for sharing. I did a copy paste of your script but when running it, it just shows fbf5211adca74aa7bd9cb2a4df548880

0 Kudos
Reply

Surajit
New Contributor III

Posted on ‎06-12-2019 10:43 PM

@jameson Replace "#!/usr/bin/sh"
to:
"#!/bin/bash"
It will work.

@kericson Thanks for sharing. This is exactly what I needed.☺

0 Kudos
Reply

KyleEricson
Valued Contributor II

Posted on ‎06-13-2019 07:43 AM

@surajitbapan Sorry for that I’ll update the script with bash on github.

Read My Blog: https://www.ericsontech.com
0 Kudos
Reply

KyleEricson
Valued Contributor II

Posted on ‎06-14-2019 06:59 AM

I fixed the file on GitHub.

Read My Blog: https://www.ericsontech.com
Reply

jameson
Contributor II

Posted on ‎06-25-2019 02:38 AM

Thanks - working great :)

Reply

Gonzalez
New Contributor III

Posted on ‎03-18-2020 11:50 AM

In the blog post it is stated to remove the Azure device. Microsoft states Jamf enrolled Intune devices can only be removed by deleting the device in Jamf. Are folks removing the devices from Jamf before re-enrolling?

0 Kudos
Reply

KyleEricson
Valued Contributor II

Posted on ‎03-19-2020 07:44 AM

@Gonzalez Run my script then do this Go to your Azure AD--> All Devices -->Find device-->Delete

c1c1485a595f493fb3beade8488e12d8

Read My Blog: https://www.ericsontech.com
0 Kudos
Reply

danlaw777
Contributor III

Posted on ‎03-31-2020 09:28 AM

@kericson your script wont delete any jamp product correct? it just kills any running processes?

0 Kudos
Reply

KyleEricson
Valued Contributor II

Posted on ‎03-31-2020 07:47 PM

@danlaw777 Correct nothing Jamf related is removed.

Read My Blog: https://www.ericsontech.com
0 Kudos
Reply

Levi_
Contributor II

Posted on ‎08-13-2021 04:55 PM

Does anyone know if this script still works for Big Sur or if there is an updated script for automating removal? The keychain removal is a mission and a half in itself 😭

0 Kudos
Reply

KyleEricson
Valued Contributor II

Posted on ‎08-13-2021 07:11 PM

@Levi_ What's not removing I know Jamf has a script now based on this workflow? bryce.carlson at Jamf created it.

 

Read My Blog: https://www.ericsontech.com
Reply

Levi_
Contributor II
In response to KyleEricson

Posted on ‎08-18-2021 09:32 AM

Thank you Kyle, I will check that out.

0 Kudos
Reply

KyleEricson
Valued Contributor II

Posted on ‎08-19-2021 07:24 PM

@Levi_ Heres the link https://github.com/macbuddy-howto/jamfAAD-and-WPJ-scripts/blob/8464642ba0e959f3572ca83de3b6faf41081e...

 

Read My Blog: https://www.ericsontech.com
Reply

Levi_
Contributor II
In response to KyleEricson

Posted on ‎08-25-2021 08:50 AM

Ty Kyle.

0 Kudos
Reply

TheWarmAtlantic
New Contributor III

Posted on ‎08-26-2021 02:00 PM

anyone else noticing that you now have to delete the device entry in Intune? Before you could just "clean" the device and re-register. Am I missing something that needs to be removed on the device side besides Company Portal / jamfaad files and keychain entries?

0 Kudos
Reply

gloper1977
Contributor

Posted on ‎12-06-2021 09:27 AM

Is there an updated script for macOS 11 and newer?  When looking at for the file locations of the different files it wants to delete most are not in the locations the scripts are looking.  I can only assume that is because Apple changed the locations in macOS 11 and newer.

0 Kudos
Reply

sharif_khan
Contributor II

Posted on ‎02-08-2023 02:13 PM

That script not work for macOS Ventura. I tried, please share if anyone able to work that.

0 Kudos
Reply

sharif_khan
Contributor II

Posted on ‎02-23-2023 12:05 PM

Anyone know what this line is doing

AAD_ID=$(su "$currentuser" -c "security find-certificate -a -Z | grep -B 9 "MS-ORGANIZATION-ACCESS" | awk '/\"alis\"<blob>=\"/ {print $NF}' | sed 's/  \"alis\"<blob>=\"//;s/.$//'")

From my understanding it is trying to get MS-Organizing-Access issued certificate which installed during company portal installed. But looks like it is not working for macOS Ventura. Any one please put some light on this. 

0 Kudos
Reply

Arul
New Contributor II
In response to sharif_khan

Posted on ‎05-22-2023 09:33 PM

It works locally on the system but not from Jamf. I tried with $3 instead of $currentuser still no luck ;(

0 Kudos
Reply