Forum Discussion
Sk-73
Apr 14, 2022Iron Contributor
How to use Intune manager uninstall Windows mail app
Dear all, As per subject, does anyone have done this before? Will be grateful for any help you can provide. Thanks.
aollivierre305
Apr 15, 2022Brass Contributor
Sk-73 yeah users tend to click on the mail app instead of the Outlook. I would avoid removing native apps though not to break any basic functionality. I would instead prevent the users from using the app via CA policies or Applock. With some user Ed I always get them to use the browser for non work related mail accounts.
Plus MS is retiring MS store for business.
Sk-73
Apr 15, 2022Iron Contributor
Hi,aollivierre305 Thanks for replying this post. The reason why we need to remove is because to preventing user self adding not org email acc on corp laptop.
Do u have a diff way to achieve this?
- aollivierre305Apr 17, 2022Brass Contributor
Applocker CSP here PRICESLY that (instead of uninstalling you DENY access)
https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-using-applocker-to-create-custom-intune-policies-for/ba-p/364981
that article was from 2019 so here is the updated OMA-URI node and XML parts to use instead of the ones mentioned in the article but beside that follow everything in that article. You DO NOT need to start the App Identity service as it will automatically start (even though by default it is stopped and set to manual)
OMA-URI (CASE SENSITIVE) ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps/Policy
XML part to use a string value
<RuleCollection Type="Appx" EnforcementMode="Enabled">
<FilePublisherRule Id="c3d7f207-377d-4512-bb18-d41c86063d54" Name="microsoft.windowscommunicationsapps, version 16005.14326.0.0 and above, from Microsoft Corporation" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*">
<BinaryVersionRange LowSection="16005.14326.0.0" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
</RuleCollection>- Sk-73Apr 19, 2022Iron Contributor
Hi, aollivierre305 I just change the GUID, the reason why I change is because of now the sticky note and Company portal couldn't launch.
Let's see how it goes.
- aollivierre305Apr 19, 2022Brass ContributorI just learned this https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview#:~:text=Generally%2C%20it%20is,new%20feature%20improvements
Try to use MDAC/WDAC instead of Applocker
if you still want to try with Applocker then model the policy via GUI using the secpol.msc then export the policy to XML and open the XML with VS Code and take a look at the XML structure.
- Sk-73Apr 19, 2022Iron Contributor
Hi aollivierre305 Yesterday, I tried but not successful. Can I check with you, about the Mail app GUID?
I follow the guide and self export the Deny policy, and I notice the the GUID is diff. Please see the below attached. Wondering to know does this caused policy failed?
Will be grateful for any advice you provide.
- Sk-73Apr 18, 2022Iron Contributor
Hey aollivierre305 Thanks! I have just follow the instruction and created a configuration profile assign it to my self. I will update u again.