.

briped · briped · commit fb40dd59e11c · 2025-02-21T15:10:00.000+01:00
diff --git a/Scripts/avppLicenseReleaser/README.md b/Scripts/avppLicenseReleaser/README.md
@@ -0,0 +1,4 @@
+# avppLicenseReleaser
+I needed to have all VPP app licenses released in order to remove the associated location in Apple Business Manager. GGing through hundreds of apps with thousands of associated licenses was not a task I wanted to do manually, and I was unable to find any documented API way to do it, so I made this.
+
+Most actions done through the Admin Web Console is actually just doing API calls, so looking at the calls that were being sent while doing the steps manually, let me create these functions. As for the authentication I just took the lazy way and logs in through the browser then simply copies the session ID from the browser session to my script.
diff --git a/Scripts/avppLicenseReleaser/functions/Get-VppApp.ps1 b/Scripts/avppLicenseReleaser/functions/Get-VppApp.ps1
@@ -0,0 +1,33 @@
+function Get-VppApp {
+    [CmdletBinding()]
+    param(
+        [Parameter()]
+        [string]
+        $Query
+        ,
+        [Parameter()]
+        [int]
+        $Limit = 10
+    )
+    Write-Verbose -Message "$($MyInvocation.MyCommand.Name)"
+
+    $Index = 0
+    do {
+        $Attributes = @{
+            Method     = 'POST'
+            Uri        = "$($Script:Config.Uri.AbsoluteUri)controlpoint/rest/application/filter/appandfilter"
+            Headers    = $Script:Config.Headers
+            WebSession = $Script:Config.WebSession
+            Body       = "start=$($Index)&limit=$($Limit)&sortOrder=ASC&sortColumn=name&enableCount=true&filterIds=%5B%22application.type.store%22%5D&search=$([uri]::EscapeDataString($Query))"
+        }
+        try {
+            $Response = Invoke-WebRequest @Attributes
+        }
+        catch {
+            throw $_
+        }
+        $Data = $Response.Content | ConvertFrom-Json
+        $Data.result.listData.list
+        $Index += $Limit
+    } while ($Data.result.listData.list.Count -gt 0)
+}
diff --git a/Scripts/avppLicenseReleaser/functions/Get-VppAppLicense.ps1 b/Scripts/avppLicenseReleaser/functions/Get-VppAppLicense.ps1
@@ -0,0 +1,38 @@
+function Get-VppAppLicense {
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true
+                ,  Position = 0
+                ,  ValueFromPipeline = $true
+                ,  ValueFromPipelineByPropertyName = $true
+                ,  ValueFromRemainingArguments = $false)]
+        [int]
+        $Id
+    )
+    begin {
+        Write-Verbose -Message "$($MyInvocation.MyCommand.Name)"
+        $Attributes = @{
+            Method = 'GET'
+            Headers    = $Script:Config.Headers
+            WebSession = $Script:Config.WebSession
+        }
+    }
+    process {
+        $Attributes.Uri = "$($Script:Config.Uri.AbsoluteUri)controlpoint/rest/application/appstore/$($Id)"
+        try {
+            $Response = Invoke-WebRequest @Attributes
+        }
+        catch {
+            throw $_
+        }
+        $Data = $Response.Content | ConvertFrom-Json
+        $PlatformData = $Data.result.platformData
+        $Platforms = ($PlatformData.psobject.Members | Where-Object { $_.MemberType -eq 'NoteProperty' }).Name
+        $Associations = @()
+        foreach ($Platform in $Platforms) {
+            $Associations += $PlatformData.${Platform}.avppTokenParams.avppTokenRecordParams
+        }
+        $Associations | Sort-Object -Unique -Property licenseId
+    }
+    end {}
+}
diff --git a/Scripts/avppLicenseReleaser/functions/Revoke-VppAppLicense.ps1 b/Scripts/avppLicenseReleaser/functions/Revoke-VppAppLicense.ps1
@@ -0,0 +1,65 @@
+function Revoke-VppAppLicense {
+    [CmdletBinding(SupportsShouldProcess = $true
+                ,  ConfirmImpact = 'High')]
+    param(
+        [Parameter(Mandatory = $true
+                ,  Position = 0
+                ,  ValueFromPipeline = $true
+                ,  ValueFromPipelineByPropertyName = $true
+                ,  ValueFromRemainingArguments = $false)]
+        [long[]]
+        $LicenseId
+        ,
+        [Parameter()]
+        [int]
+        $XdmID = 13
+        ,
+        [Parameter()]
+        [int]
+        $StoreId = 1474254492
+        ,
+        [Parameter()]
+        [int]
+        $Start = 0
+        ,
+        [Parameter()]
+        [int]
+        $Limit = 10
+        ,
+        [Parameter()]
+        [switch]
+        $Force
+    )
+    begin {
+        if ($Force -and !$PSBoundParameters.ContainsKey('Confirm')) {
+            $ConfirmPreference = 'None'
+        }
+        Write-Verbose -Message "$($MyInvocation.MyCommand.Name)"
+        $Attributes = @{
+            Method     = 'POST'
+            Uri        = "$($Script:Config.Uri.AbsoluteUri)controlpoint/rest/application/appstore/avpp/disassociate"
+            Headers    = $Script:Config.Headers
+            WebSession = $Script:Config.WebSession
+        }
+    }
+    process {
+        for ($i = 0; $i -lt $LicenseId.Count; $i += $Limit) {
+            $Data = @()
+            $Data += "xdmId=$($XdmId)"
+            $Data += "storeId=$($StoreId)"
+            # Only revoke the $Limit number of licenses at a time.
+            $IdSet = $LicenseId[$i..([math]::Min($i + $Limit - 1, $LicenseId.Count - 1))]
+            if ($PSCmdlet.ShouldProcess($IdSet -join ',')) {
+                $IdSet | ForEach-Object { $Data += "licenseIds%5B%5D=$($_)" }
+                $Attributes.Body = ($Data -join '&')
+                try {
+                    $Response = Invoke-WebRequest @Attributes
+                }
+                catch {
+                    throw $_
+                }
+            }
+        }
+    }
+    end {}
+}
diff --git a/Scripts/avppLicenseReleaser/script.ps1 b/Scripts/avppLicenseReleaser/script.ps1
@@ -0,0 +1,48 @@
+# dot-source functions
+$FunctionsPath = Join-Path -Path $PSScriptRoot -ChildPath 'functions'
+Get-ChildItem -Recurse -File -Path $FunctionsPath -Filter '*.ps1' | 
+    Where-Object { $_.BaseName -notmatch '(^\.|\.dev$|\.test$)' } | 
+    ForEach-Object {
+        . $_.FullName
+    }
+
+# Update with the base URI for the XenMobile server, and the cookie value of JSESSIONID after logging into XenMobile in the browser.
+$Script:Config = @{
+    Uri       = [uri]'https://XENMOBILEHOST:4443'
+    Session   = @{
+        Name  = 'JSESSIONID'
+        Value = 'THESESSIONIDGOESHERE'
+    }
+}
+# Create web session object.
+$Session = New-Object -TypeName Microsoft.PowerShell.Commands.WebRequestSession
+$Cookie = New-Object -TypeName System.Net.Cookie($Script:Config.Session.Name, $Script:Config.Session.Value, '/', $Script:Config.Uri.Host)
+$Session.Cookies.Add($Cookie)
+$Script:Config.WebSession = $Session
+# Headers copied from a browsersession. Session specific values are retrived from above table.
+$Headers = @{
+    'Accept'             = 'application/json, text/javascript, */*; q=0.01'
+    'Cache-Control'      = 'no-cache'
+    'Content-Type'       = 'application/x-www-form-urlencoded'
+    'Cookie'             = "$($Script:Config.Session.Name)=$($Script:Config.Session.Value)"
+    'Host'               = "$($Script:Config.Uri.Host):$($Script:Config.Uri.Port)"
+    'Origin'             = "$($Script:Config.Uri.Scheme)://$($Script:Config.Uri.Host):$($Script:Config.Uri.Port)"
+    'Pragma'             = 'no-cache'
+    'Referer'            = $Script:Config.Uri.AbsoluteUri
+    'Sec-Fetch-Dest'     = 'empty'
+    'Sec-Fetch-Mode'     = 'cors'
+    'Sec-Fetch-Site'     = 'same-origin'
+    'X-Requested-With'   = 'XMLHttpRequest'
+}
+$Script:Config.Headers = $Headers
+$Exclude = @(
+    3 # Citrix Secure Hub
+)
+# Get all VPP Apps from XenMobile |
+#     exclude the app IDs in the $Exclude array |
+#     Get the VPP licenses fro the app |
+#     Revoke/release the VPP app license.
+Get-VppApp | 
+    Where-Object { $_.id -notin $Exclude } | 
+    Get-VppAppLicense | 
+    Revoke-VppAppLicense -Force
