Graph API factoryResetKeepEnrollmentData - Intune iOS devices

Erjen Rijnders 61 Reputation points
2021-08-17T13:36:45.553+00:00

What we want is to wipe apps from an iOS device with an Logic App.
If I do a POST like this:
https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{DeviceID}/retire
It works.

But it removes also the device from Intune. We only want to remove certain apps or all apps. Not the config itself.
We thought it could be achieved with this: factoryResetKeepEnrollmentData
But we have no idea how we should actually make it happen. On this page there is more info, but how should the URI look like?
https://learn.microsoft.com/en-us/graph/api/resources/intune-devices-remoteactionaudit?view=graph-rest-beta

Can someone please guide us in the right direction? If there is a better/other option, like only remove apps by ID from certain devices, that would be ok too.

Thanks a lot in advance

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,406 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lu Dai-MSFT 28,356 Reputation points
    2021-08-18T07:16:50.817+00:00

    @Erjen Rijnders Thanks for posting in our Q&A.

    For this issue, I will share some information with you. Firstly, factoryResetKeepEnrollmentData seems related to "Retain enrollment state and user account" in wipe action. It is only available for Windows 10 version 1709 or later.
    https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe#wipe

    We usually uninstall apps via add groups in uninstall assignment in intune portal. I have done a lot of research, I found there is assign action via Graph API. Here is the example:
    https://learn.microsoft.com/en-us/graph/api/intune-shared-mobileapp-assign?view=graph-rest-beta#example
    I think we could change the intent from "required" to "Uninstall".

    Hope the above information will give you some idea.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Erjen Rijnders 61 Reputation points
    2021-08-18T09:59:56.363+00:00

    Thank you for your information.
    In our case, we just need to clear the device and get it back to operational. Because it will be delivered to another person.
    So a person uses the iOS device for a few days or weeks and then it will be used by someone else. Before it will be used by someone else, the personal data must be wiped.
    But we want to do it efficient, like triggering a flow that just deletes all apps and Intune will freshly install the app.

    If I configure a group for uninstalling, it's usually time consuming and it must also be changed later to install again. I think that's a very error prone process, right?