User's can delete Company Portal app on DEP / ABM Supervised Devices

Regular Contributor

Hi All


On a recent UAT, it is noticed that:


User's can delete Company Portal app on DEP / ABM Supervised Devices.


Is this by design? Any way to prevent this?



5 Replies

@Stuart King  You can configure "Block app removal" in the restrictions policy to block the removal of apps, but this takes effect for all apps on the device. Instead, I've configured Comp Portal as a required VPP app (device license), so if it's removed by the end-user it will reinstall. This has been the better option for our organization.



Hi Buddy


The Block App removal may be ok.


Anytime I set the Intune CP VPP app to auto deploy from Intune a "Guided access unavailable" error appears on the device. Remove Intune CP VPP assignment and it goes away.


Any ideas?

Hi @Stuart King,


Do you have "Run Company Portal in single app mode until authentication= YES"? Change it to NO and see if you still see the error. 


In addition to Block app removal, use lock enrollment to disable users from removing Management profiles from Setting.





Unfortunately the CP in Single App Mode is a client requirement as well as the CP not being removed from the device.


Does enabling the CP in Single App Mode and a Required deployment of the CP VPP app work nice together? Does the "Guided Access Unavailable" message eventually go away?

best response confirmed by Stuart King (Regular Contributor)

@Stuart King  Having Company Portal set as a required VPP app works well for enforcing automatic app updates. According to Microsoft the message should go away after about 45-60 seconds. Apparently they have a feature request in with Apple to customize the message (last updated 9/21/18).