Azure Arc: Uninstall the Connected Machine agent and clean up related resources on Windows using a PowerShell script : wmatthyssen

Reader
July 01, 2025
Azure Arc: Uninstall the Connected Machine agent and clean up related resources on Windows using a PowerShell script
by: wmatthyssen
blow post content copied from  Wim Matthyssen
click here to view original post


In this blog post, I’ll walk you through removing the Azure Arc Connected Machine agent from a Windows machine and cleaning up all related folders, files, registry keys, other agents, and configuration files using a PowerShell script.

When you manually uninstall an Azure Connected Machine agent from a Windows machine via ‘Programs and Features’ (appwiz.cpl), it will typically uninstall the agent itself without any issues.



However, performing this manual uninstall does not remove many related folders, such as “C:\ProgramData\AzureConnectedMachineAgent” or plugin folders related to installed extensions, like “C:\Packages\Plugins\Microsoft.Azure.Monitor.AzureMonitorWindowsAgent”. These leftover files and folders won’t be deleted automatically.



It also doesn’t clean up registry keys related to installed extensions or stop any processes associated with these extensions.



“That’s why, to automate the uninstallation and clean-up of all related resources for an Azure Connected Machine agent on a Windows machine, whenever needed and for any purpose, I’ve written a PowerShell script that does it all at once. In this blog post, I’ll explain how to use it and walk you through the process.


Table of Contents


Prerequisites

  • A server (physical or virtual) running Windows Server 2019, 2022, or 2025 that is onboarded in Azure Arc.
  • An account that is a member of the built-in Administrators group (required to log in to the server and run the script), or an account with permission to run the script via PowerShell Remoting.
  • PowerShell 5.1 or higher is required to run this script.



PowerShell script

First, let me explain what this PowerShell script does.

  • Check if PowerShell runs as Administrator, otherwise, exit the script.
  • Stop Azure Arc related processes.
  • Stop Azure Arc related services.
  • If the Azure Connected Machine agent is found, uninstall it using MsiExec.
  • Take ownership and grant the necessary permissions to remove the Microsoft.CPlat.Core.WindowsPatchExtension folder.
  • Clean up all subfolders in the Plugins folder except the one containing “Microsoft.Azure.AzureDefenderForServers.MDE.Windows”.
  • Clean up all other Azure Arc folders (without packages folder).
  • Uninstall the Dependency Agent if it is installed.
  • Clean up the Microsoft Dependency Agent folder.
  • Remove any leftover registry keys related to Azure Arc.


To use the script, start by saving a copy as “Remove-Azure-Arc-Connected-Machine-agent-Windows.ps1” or download it directly from GitHub. Then, run the script using Windows PowerShell (as Administrator) on the server.

💡 I usually save the script locally in the C:\Temp folder on the server and run it from there.


<#
.SYNOPSIS

A script used to remove the Azure Connected Machine agent from a Windows machine and to clean ups up all related folders, files, registry keys, related agents, and configuration files.

.DESCRIPTION

A script used to remove the Azure Connected Machine agent from a Windows machine and to clean up all related folders, files, registry keys, related agents, and configuration files.
This script will do all of the following:

Check if PowerShell runs as Administrator, otherwise, exit the script.
Stop Azure Arc related processes.
Stop Azure Arc related services.
If the Azure Connected Machine agent is found, uninstall it using MsiExec.
Take ownership and grant the necessary permissions to remove the Microsoft.CPlat.Core.WindowsPatchExtension folder.
Clean up all subfolders in the Plugins folder except the one containing "Microsoft.Azure.AzureDefenderForServers.MDE.Windows".
Clean up all other Azure Arc folders (without packages folder).
Uninstall the Dependency Agent if it is installed.
Clean up the Microsoft Dependency Agent folder.
Remove any leftover registry keys related to Azure Arc.

.NOTES

Filename:       Remove-Azure-Arc-Connected-Machine-agent-Windows.ps1
Created:        30/06/2025
Last modified:  30/06/2025
Author:         Wim Matthyssen
Version:        1.0
PowerShell:     PowerShell 5.1 or higher
Platform:       Windows
Action:         Change variables were needed to fit your needs.
Disclaimer:     This script is provided "As Is" with no warranties.

.EXAMPLE

.\Remove-Azure-Arc-Connected-Machine-agent-Windows

.LINK


#>

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Variables

$azcmAgentProductName = "*Azure Connected Machine*"

Set-PSBreakpoint -Variable currenttime -Mode Read -Action {$global:currenttime = Get-Date -Format "dddd MM/dd/yyyy HH:mm"} | Out-Null
$foregroundColor1 = "Green"
$foregroundColor2 = "Yellow"
$foregroundColor3 = "Red"
$writeEmptyLine = "`n"
$writeSeperatorSpaces = " - "

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Check if PowerShell runs as Administrator, otherwise, exit the script

$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
$isAdministrator = $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

# Check if running as Administrator, otherwise exit the script
        
if ($isAdministrator -eq $false) {
        Write-Host ($writeEmptyLine + "# Please run PowerShell as Administrator" + $writeSeperatorSpaces + $currentTime)`
        -foregroundcolor $foregroundColor3 $writeEmptyLine
        Start-Sleep -s 3
        exit
} else {  
        Write-Host ($writeEmptyLine + "# Script started. Without any errors, it will need around 2 minutes to complete" + $writeSeperatorSpaces + $currentTime)`
        -foregroundcolor $foregroundColor1  
}

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Stop Azure Arc related processes

# Define processes to stop
$processes = @(
    "azcmagent",
    "HybridWorkerService",
    "agentwrap",
    "change_tracking_service"
    "change_tracking_agent_windows_amd64",
    "UpdateManagementActionExec",
    "AMAExtHealthMonitor",
    "MonAgentCore",
    "MonAgentHost",
    "MonAgentLauncher",
    "MonAgentManager",
    "MicrosoftDependencyAgent"    
)

# Attempt to stop each process
foreach ($proc in $processes) {
    Get-Process -Name $proc -ErrorAction SilentlyContinue | ForEach-Object {
        try {
            Stop-Process -Id $_.Id -Force
            Write-Host ($writeEmptyLine + "# Stopped process: $($_.Name)" + $writeSeperatorSpaces + $currentTime)`
            -foregroundcolor $foregroundColor2
        } catch {
            Write-Host ($writeEmptyLine + "# Failed to stop process: $($_.Name) - $_" + $writeSeperatorSpaces + $currentTime)`
            -foregroundcolor $foregroundColor3
        }
    }
}

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Stop Azure Arc related services

# Define Azure Arc related services
$arcServices = @(
    "himds",
    "GCArcService",
    "ArcProxy",
    "HybridWorkerService",
    "change_tracking_service",
    "AutoAssessPatchService",
    "ExtensionService"
)

# Stop each service if it's running
foreach ($service in $arcServices) {
    if (Get-Service -Name $service -ErrorAction SilentlyContinue) {
        Stop-Service -Name $service -Force -ErrorAction SilentlyContinue
        Write-Host ($writeEmptyLine + "# Stopped service: $service" + $writeSeperatorSpaces + $currentTime)`
        -foregroundcolor $foregroundColor2
    }
    else {
        Write-Host ($writeEmptyLine + "# Service $service not found or already stopped" + $writeSeperatorSpaces + $currentTime)`
        -foregroundcolor $foregroundColor2
    }
}

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## If the Azure Connected Machine agent is found, uninstall it using MsiExec

$arcAgent = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like $azcmAgentProductName }

if ($null -eq $arcAgent) {
    Write-Host ($writeEmptyLine + "# No Azure Connected Machine agent found" + $writeSeperatorSpaces + $currentTime)`
    -foregroundcolor $foregroundColor3 $writeEmptyLine
    exit
} else {
    $productCode = $arcAgent.IdentifyingNumber
    $arguments = "/x $productCode /qn"
    Start-Process "msiexec.exe" -ArgumentList $arguments -Wait

    Write-Host ($writeEmptyLine + "# Azure Connected Machine agent found and uninstalled" + $writeSeperatorSpaces + $currentTime)`
    -foregroundcolor $foregroundColor2
}

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Take ownership and grant the necessary permissions to remove the Microsoft.CPlat.Core.WindowsPatchExtension folder

$path = "C:\Packages\Plugins\Microsoft.CPlat.Core.WindowsPatchExtension\1.5.75\bin"

takeown /f $path /r /d Y > $null 
icacls $path /grant Administrators:F /t > $null 

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Clean up all subfolders in the Plugins folder except the one containing "Microsoft.Azure.AzureDefenderForServers.MDE.Windows"

$arcPluginsFolder = "$env:SystemDrive\Packages\Plugins"

if (Test-Path $arcPluginsFolder) {
    # Get all subfolders in the Packages folder
    $subFolders = Get-ChildItem -Path $arcPluginsFolder -Directory

    foreach ($subFolder in $subFolders) {
        # Check if the subfolder name contains "Microsoft.Azure.AzureDefenderForServers.MDE.Windows"
        if ($subFolder.Name -notlike "*Microsoft.Azure.AzureDefenderForServers.MDE.Windows*") {
            Remove-Item -Path $subFolder.FullName -Recurse -Force
            Write-Host ($writeEmptyLine + "# Removed plugins folder: $($subFolder.FullName)" + $writeSeperatorSpaces + $currentTime)`
            -foregroundcolor $foregroundColor2
        } else {
            Write-Host ($writeEmptyLine + "# Skipped plugins folder: $($subFolder.FullName)" + $writeSeperatorSpaces + $currentTime)`
            -foregroundcolor $foregroundColor2
        }
    }
} else {
    Write-Host ($writeEmptyLine + "# Plugins folder not found" + $writeSeperatorSpaces + $currentTime)`
    -foregroundcolor $foregroundColor3
}

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Clean up all other Azure Arc folders (without packages folder)

# Define folders to remove
$arcFolders = @(
    "$env:ProgramData\AzureConnectedMachineAgent",
    "$env:ProgramData\GuestConfig",
    "$env:ProgramData\HybridWorker",
    "$env:ProgramFiles\AzureConnectedMachineAgent",
    "$env:SystemDrive\Resources",
    "$env:ProgramData\GuestConfig",
    "$env:ProgramFiles\ChangeAndInventory"
)

# Remove folders if they exist
foreach ($folder in $arcFolders) {
    if (Test-Path $folder) {
    Remove-Item -Path $folder -Recurse -Force
    Write-Host ($writeEmptyLine + "# Removed folder: $folder" + $writeSeperatorSpaces + $currentTime)`
    -foregroundcolor $foregroundColor2
    } else {
        Write-Host ($writeEmptyLine + "# Folder $folder not found" + $writeSeperatorSpaces + $currentTime)`
        -foregroundcolor $foregroundColor2
    }
}

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Uninstall the Dependency Agent if it is installed 

$uninstallers = Get-ChildItem -Path "C:\Program Files\Microsoft Dependency Agent" -Filter "Uninstall_*.exe"

if ($uninstallers.Count -gt 0) {
     $uninstaller = $uninstallers[0].FullName
    Start-Process -FilePath $uninstaller -ArgumentList "/S" -Wait
    Write-Host ($writeEmptyLine + "# Dependency agent found and uninstalled" + $writeSeperatorSpaces + $currentTime)`
    -foregroundcolor $foregroundColor2
} else {
    Write-Host ($writeEmptyLine + "# No Dependency agent found" + $writeSeperatorSpaces + $currentTime)`
    -foregroundcolor $foregroundColor3 $writeEmptyLine
}

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Clean up the Microsoft Dependency Agent folder

# Define folder to remove
$dependencyFolders = @("$env:ProgramFiles\Microsoft Dependency Agent")

# Remove folders if they exist
foreach ($folder in $dependencyFolders) {
    if (Test-Path $folder) {
    Remove-Item -Path $folder -Recurse -Force
    Write-Host ($writeEmptyLine + "# Removed folder: $folder" + $writeSeperatorSpaces + $currentTime)`
    -foregroundcolor $foregroundColor2
    } else {
        Write-Host ($writeEmptyLine + "# Folder $folder not found" + $writeSeperatorSpaces + $currentTime)`
        -foregroundcolor $foregroundColor2
    }
}

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Remove any leftover registry keys related to Azure Arc

# Define registry keys to remove
$regKeys = @(
    "HKLM:\SOFTWARE\Microsoft\AzureConnectedMachineAgent",
    "HKLM:\SYSTEM\CurrentControlSet\Services\AzureConnectedMachineAgent",
    "HKLM:\SOFTWARE\Microsoft\AzureMonitorAgent",
    "HKLM:\SYSTEM\CurrentControlSet\Services\azuremonitoragent"
)

foreach ($key in $regKeys) {
    if (Test-Path $key) {
        Remove-Item -Path $key -Recurse -Force -ErrorAction SilentlyContinue
        Write-Host ($writeEmptyLine + "# Removed registry key: $key" + $writeSeperatorSpaces + $currentTime)`
    -foregroundcolor $foregroundColor2
    } else {
        Write-Host ($writeEmptyLine + "# Regkey $key not found" + $writeSeperatorSpaces + $currentTime)`
        -foregroundcolor $foregroundColor2
    }
}

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Write script completed.

Write-Host ($writeEmptyLine + "# Script completed" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine 

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------









Conclusion

In this blog post, I showed how to use a PowerShell script to remove the Azure Arc Connected Machine agent from a Windows machine and clean up all related folders, files, registry keys, other agents, and configuration files.

I hope this script proves useful whenever you need it on any of your Arc-enabled Windows servers, for whatever reason. If you have any questions or suggestions, feel free to reach out on X (@wmatthyssen) or leave a comment below.



June 30, 2025 at 08:57PM
Click here for more details...

=============================
The original post is available in Wim Matthyssen by wmatthyssen
this post has been published as it is through automation. Automation script brings all the top bloggers post under a single umbrella.
The purpose of this blog, Follow the top Salesforce bloggers and collect all blogs in a single place through automation.
============================

Salesforce