Application Management and Patching
Deleting Win32 apps with Dependencies in Intune: Part III
Published on: August 27, 2025
Run it end-to-end: combined cleanup script
Now that we’ve covered deleting an app (Part I) and removing dependencies (Part II), let’s put both steps into one script. We’ll use both IntuneWin32App and Microsoft.Graph to stay consistent with Parts I–II. You can also do this using only IntuneWin32App.
IntuneWin32App and Microsoft Graph PowerShell
# === Ensure IntuneWin32App Module is Installed ===
if (-not (Get-Module -ListAvailable -Name IntuneWin32App)) {
Write-Host "IntuneWin32App module not found. Installing..."
try {
Install-Module -Name IntuneWin32App -Scope CurrentUser -Force -AcceptLicense
Write-Host "IntuneWin32App module installed successfully."
} catch {
Write-Error "Failed to install IntuneWin32App module. Error: $_"
exit 1
}
} else {
Write-Host "IntuneWin32App module is already installed."
}
# === Ensure Microsoft.Graph Module is Installed ===
if (-not (Get-Module -ListAvailable -Name Microsoft.Graph.Applications)) {
Write-Host "Microsoft.Graph module not found. Installing..."
try {
Install-Module Microsoft.Graph -Scope CurrentUser -Force
Write-Host "Microsoft.Graph module installed successfully."
} catch {
Write-Error "Failed to install Microsoft.Graph module. Error: $_"
exit 1
}
} else {
Write-Host "Microsoft.Graph module is already installed."
}
# === Import Modules ===
Import-Module IntuneWin32App
Import-Module Microsoft.Graph.Applications
# === Client ID and Tenant ID Variables ===
$clientId = "<Insert Client ID here>" # Replace with your Azure AD App ID
$tenantId = "<Insert Tenant ID here>" # Replace with your Azure AD Tenant ID
# === Authenticate ===
Connect-MSIntuneGraph -ClientId $clientId -TenantId $tenantId
Connect-MgGraph -NoWelcome -Scopes "DeviceManagementApps.ReadWrite.All"
# === Define App Name ===
$appName = "<Insert App Name Here>”
# === Remove Dependencies from Win32 App ===
Write-Host "`nRetrieving Win32 apps..."
$win32Apps = Get-IntuneWin32App
$targetWin32Apps = $win32Apps | Where-Object { $_.displayName -eq $appName }
foreach ($app in $targetWin32Apps) {
try {
Write-Host "`nRemoving all dependencies from app: $($app.displayName) (ID: $($app.id))"
Remove-IntuneWin32AppDependency -ID $app.id
} catch {
Write-Warning "Failed to remove dependency from app ID $($app.id): $_"
}
}
# === Delete Win32 App ===
Write-Host "`nRetrieving apps from Microsoft Graph..."
$graphApps = Get-MgDeviceAppManagementMobileApp | Where-Object { $_.DisplayName -eq $appName }
foreach ($app in $graphApps) {
try {
Write-Host "Deleting app: $($app.DisplayName) with ID: $($app.Id)"
Remove-MgDeviceAppManagementMobileApp -MobileAppId $app.Id
} catch {
Write-Warning "Failed to delete app ID $($app.Id): $_"
}
}
Write-Host "All operations completed."Script Breakdown – Looking at each of the sections that are separated by the comments.
- First, the script ensures IntuneWin32App is installed and installs it if needed.
- Next, it checks for Microsoft.Graph and installs it if missing.
- In the next section, we import the modules so that we can use them while we are running our script.
- Then, add your Entra ID app (client) ID and tenant ID.
- The authentication section signs in to Intune via Connect-MSIntuneGraph and to Graph via Connect-MgGraph.
- Next, set $appName to the exact display name you want to clean up and delete.
- Then the script finds all matching Win32 apps and removes their dependencies with Remove-IntuneWin32AppDependency.
- Finally, it finds all matching apps in Graph and deletes them with Remove-MgDeviceAppManagementMobileApp.
Remove Win32 app dependencies with PowerShell (IntuneWin32App)
Note: If authentication fails (expired token), re-run the two Connect-* commands. If that doesn’t work, close and reopen the PowerShell session; as a last resort, restart the VM.
With both steps in one script, you can remove dependencies and delete Win32 apps end-to-end—fewer portal clicks, faster cleanup.
