Company Portal Removal Script (Based on Microsoft Support)

KyleEricson
Valued Contributor

Apple Script format

#Created by Kyle Ericson Date July 24th 2018
#If you want to remove from JAMF uncomment this
#do shell script "sudo jamf removemdmprofile" user name "Administrator" password "superpassword" with administrator privileges
#do shell script "sudo jamf removeFramework" user name "Administrator" password "superpassword" with administrator privileges

#Remove Company Portal Items
do shell script "killall 'JAMF' || True "
do shell script "killall 'Company Portal' || True"
do shell script "sudo rm -R '/Applications/Company Portal.app/'|| True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -rf '/Library/Application Support/com.microsoft.CompanyPortal.usercontext.info'|| True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -rf '/Library/Application Support/com.jamfsoftware.selfservice.mac'|| True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -r '/Library/Saved Application State/com.jamfsoftware.selfservice.mac.savedState' || True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -r 'Library/Saved Application State/com.microsoft.CompanyPortal.savedState' || True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -r '/Library/Preferences/com.microsoft.CompanyPortal.plist' || True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -r 'Library/Preferences/com.jamfsoftware.management.jamfAAD.plist' || True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -r 'Users/$loggedInUser/Library/Cookies/com.microsoft.CompanyPortal.binarycookies' || True" user name "Administrator" password "superpassword" with administrator privileges
do shell script "sudo rm -r '/Users/$loggedInUser/Library/Cookes/com.jamf.management.jamfAAD.binarycookies' || True" user name "Administrator" password "superpassword" with administrator privileges

#Remove Keychain items
do shell script "security delete-generic-password -l 'com.jamf.management.jamfAAD' || True"
do shell script "security delete-generic-password -l 'com.microsoft.CompanyPortal' || True"
do shell script "security delete-generic-password -l 'com.microsoft.CompanyPortal.HockeySDK' || True"
do shell script "security delete-generic-password -l 'enterpriseregistration.windows.net' || True"

do shell script "security delete-generic-password -l 'https://adfs.mydomain.com/adfs/ls' || True"
do shell script "security delete-generic-password -l 'https://adfs.mydomain.com/adfs/ls/' || True"
do shell script "security delete-generic-password -l 'https://device.login.microsoftonline.com' || True"
do shell script "security delete-generic-password -l 'https://device.login.microsoftonline.com/' || True"
do shell script "security delete-generic-password -l 'https://enterpriseregistration.windows.net' || True"
do shell script "security delete-generic-password -l 'https://enterpriseregistration.windows.net/' || True"
do shell script "security delete-generic-password -a 'com.microsoft.workplacejoin.thumbprint' || True"
do shell script "security delete-generic-password -a 'com.microsoft.workplacejoin.registeredUserPrincipalName' || True"
do shell script "sudo security delete-certificate -c 'MS-Organization-Access' || True" user name "Administrator" password "superpassword" with administrator privileges

tell application "Keychain Access" to activate

display dialog "Remove any Keychain Items named <key>, Workplace Join Key, Microsoft Session Transport Key,  and ########-3df9-48a3-####-ba15ca0b2414 issued by MS-Organization-Access" with icon stop

display dialog "Company Portal has been removed. Restart and run Azure Device Registration via JAMF Self Service" with icon stop giving up after 2

Latest code on Github

Hire me as a independent contractor.
21 REPLIES 21

Surajit
New Contributor III

07243a560c6148db811756128e6ad10e
Getting this error. What am I doing wrong?

jameson
Contributor II

Anyone get this working?

Or other tools to reset company portal on the mac to scratch. Having a issue on some clients that where I can launch company portal from self service, but it does not show the addational popup where logging into jamf pro and adding the Jamfaad to keychain. So the device newer is created in azure

KyleEricson
Valued Contributor

@surajitbapan @jameson See this updated post and script. *Sorry forgot to add the Link

Hire me as a independent contractor.

KRIECCO
Contributor

Has there been any changes? just tried to test and If I try it fails on the "do" like surajitbpn screenshots show

KyleEricson
Valued Contributor

@KRIECCO Just added the link sorry forgot to add it. Looks like this script posted here is Apple Script not sh. The one I just linked is sh on GitHub.

Hire me as a independent contractor.

jameson
Contributor II

Great thank you for sharing. I did a copy paste of your script but when running it, it just shows fbf5211adca74aa7bd9cb2a4df548880

Surajit
New Contributor III

@jameson Replace "#!/usr/bin/sh"
to:
"#!/bin/bash"
It will work.

@kericson Thanks for sharing. This is exactly what I needed.☺

KyleEricson
Valued Contributor

@surajitbapan Sorry for that I’ll update the script with bash on github.

Hire me as a independent contractor.

KyleEricson
Valued Contributor

I fixed the file on GitHub.

Hire me as a independent contractor.

jameson
Contributor II

Thanks - working great 🙂

Gonzalez
New Contributor III

In the blog post it is stated to remove the Azure device. Microsoft states Jamf enrolled Intune devices can only be removed by deleting the device in Jamf. Are folks removing the devices from Jamf before re-enrolling?

KyleEricson
Valued Contributor

@Gonzalez Run my script then do this Go to your Azure AD--> All Devices -->Find device-->Delete

c1c1485a595f493fb3beade8488e12d8

Hire me as a independent contractor.

danlaw777
Contributor

@kericson your script wont delete any jamp product correct? it just kills any running processes?

KyleEricson
Valued Contributor

@danlaw777 Correct nothing Jamf related is removed.

Hire me as a independent contractor.

Levi_
Contributor

Does anyone know if this script still works for Big Sur or if there is an updated script for automating removal? The keychain removal is a mission and a half in itself 😭

KyleEricson
Valued Contributor

@Levi_ What's not removing I know Jamf has a script now based on this workflow? bryce.carlson at Jamf created it.

 

Hire me as a independent contractor.

Thank you Kyle, I will check that out.

KyleEricson
Valued Contributor

Ty Kyle.

TheWarmAtlantic
New Contributor III

anyone else noticing that you now have to delete the device entry in Intune? Before you could just "clean" the device and re-register. Am I missing something that needs to be removed on the device side besides Company Portal / jamfaad files and keychain entries?

user-kfXhJNUHAG
New Contributor III

Is there an updated script for macOS 11 and newer?  When looking at for the file locations of the different files it wants to delete most are not in the locations the scripts are looking.  I can only assume that is because Apple changed the locations in macOS 11 and newer.