SCCM software revocation workflow

The Revoke SCCM Application workflow moves user or device collections to an uninstall collection to revoke software installed from Microsoft System Center Configuration Manager (SCCM).

For the revocation workflow to run, the software package must have a status of Installed and must be pre-configured for an appropriate uninstall collection. See Revoke software installed from SCCM for configuration instructions. When an administrator initiates the revocation process, the system launches the Revoke SCCM Application workflow to move the user or device collection associated with installation to the appropriate SCCM uninstall collection. When the SCCM server performs a policy check, it finds the additions to the user or device uninstall collection and revokes the software package associated with that collection.

The workflow employs two custom activities, Remove from User Collection and Remove from Device Collection, to remove either the user or the device from its original collection. The workflow then adds the user or device to the appropriate uninstall collection on the SCCM server with the Add to User Collection or Add to Device Collection activity. Finally, the workflow updates the status of the software to Revoked in the Requested Item record for the software package.

Figure 1. SCCM revocation workflow