cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Deleting group in InTune

I thought I saw documentation that said deleting a deployment on the InTune sub-tab does not delete the group in InTune but I can't find that documentation.  Does App Portal delete the group or is that a manual effort in InTune?  I don't see it deleting the group when I remove the deployment.

(1) Solution

Teri,
    I ran another test after adding Group.ReadWrite.All to the Intune application and the groups were removed.. Try adding this application permission to see if it resolves the issue. 

View solution in original post

(6) Replies
CharlesW
By Level 12 Flexeran
Level 12 Flexeran

Teri,
      i just ran a quick test (2022 R1), and I see the group deleted in Intune, when I select the "delete program" button under the deployment->Intune tab of the catalog item. I see the following logged in inune.log:

1 records found for deleting groups
Is advertisement deleted from DB is True AdvertId: 8e3e5dbe-60ff-4385-8a1b-a0ea13b0f420, RecordId: 3024
Finished deleting groups

Are you seeing anything written to intune.log when trying to delete? Note that I was testing with a win32 application. 

Thank you for the log.  We're on 2021 R2 and I do see that the InTune.log says it is deleting groups but my log is not as verbose as your log:

2 records found for deleting groups

Finished deleting groups

The groups are still there in InTune and the admin for InTune noticed the application permissions don't allow deleting groups.  He followed the doc Permissions Required for Intune Client Apps to Communicate with App Portal (flexera.com).  Is there another permission that might be needed on the InTune side?  Attaching screenshots of the configuration

 

 I set my log to Debug and only see:

4 records found for deleting groups

Finished deleting groups

The groups are still in InTune and Azure doesn't show anything on their end so I'm not sure where this is going sideways

I think that there is quite likely a documentation issue here, based on what you provided. The application I had been using for intune testing, had a bunch of API permissions that were not documented as required.. I created a new application, and I'm now seeing an actual error when App Broker tries to delete the groups. The following is logged:

Error while deleting group 9c634a81-26f2-4611-b0a1-7e0fc0b8987b Object reference not set to an instance of an object.

There is an error banner in Azure stating that they are encountering issues, so I'm going to test again on Monday. 

Teri,
    I ran another test after adding Group.ReadWrite.All to the Intune application and the groups were removed.. Try adding this application permission to see if it resolves the issue. 

I had the InTune guys add Group.ReadWrite.All that and now I see the error you were seeing before adding the permission and whats interesting is I had two groups to delete and my log shows it had 4, like it held on to the ones I was trying to delete yesterday.  Does that make sense?  It looks like this worked but I'm seeing the error in the log which is strange

Terry,
     i was seeing something similar.. It looks like there were some old entries in the DB (WD_SiteToAdvert) for deletes made prior to adding the Group.ReadWrite.all permissions. When I get the chance, I'll try to take a closer look.