MSEndpointMgr

Deploy Win32 Applications with Microsoft Intune

Announced by Brad Anderson today at Microsoft Ignite is new feature for Microsoft Intune which goes another step to both enhance and eliminate blockers towards using modern management with Microsoft Intune.

Win32 Application Deployments

The ability to “package” applications for deployment in Microsoft Intune is something that has been highly requested by many organisations making the move to management of devices through Intune. Although there is a fundamental difference in deploying applications through Configuration Manager and Intune, Microsoft is developing tools to provide similar functionality across the management stack. Up until now it it has been possible to deploy applications through Intune, this relied on a single MSI installation file with no external dependencies. In some cases this meant that repackaging of applications was the only method of deploying those business applications, thus being a time consuming process.

Today it is now possible to deploy applications through Intune using the Intune Management Extension without those restrictions, this process creates a packaged container of the setup files along with command line installation and uninstall commands.

So lets step through this awesome new feature

Intune Portal – New Application Type

In this step through guide I am going to show you how your application can be packaged using the new Intune Win32 application packaging tool on an Intune tenant running a preview of the GA release.

With the Intune blade open, click on Client Apps. In this example I already have two applications enabled for Win32 application deployment, these being Adobe Acrobat Reader and SnagIt which in this instance have already been deployed to my test client machine.

So lets add an additional application to go through the entire process. In this example I am going to use the 64-bit exe installer for 7-Zip. So lets add the application now by converting the exe to a .intunewin file so it can be consumed by the Intune portal.

Conversion Tool Download

The first step is to download the conversion tool from https://github.com/Microsoft/Intune-Win32-App-Packaging-Tool

Now log onto the Azure portal and open your Intune tenant configuration. Running the IntuneWinAppUtil.exe will prompt you for the following information;

Source Folder
Setup File
Output Folder

After conversion you end up with a file similar to the following;

You will also have verbose output of the conversion process;

The file itself is basically a containerized copy of the installation source files, in this case a single exe. Now we can proceed to import the file and assign it via the Intune portal.

  • Click on the Add Application and select “Windows app (Win32”)
  • Select the Package File to import, in this example it is the 7z1805-x64.intunewin file we created earlier;
  • Enter descriptive App Information about the application you are adding, which will be displayed to the user via the company portal. It is also of course recommended to include an icon file for the application for the best end user experience;
  • Now we need to click on Program and configure the install and uninstall commands, in this case I am using the /s silent switch as it is a documented switch for the installer.

    Vendors usually maintain a list of the installation switches on their download support pages, however another good source reference for common applications is Manage Engines Desktop Central Installation Guide – https://www.manageengine.com/products/desktop-central/software-installation/latest-software.html

  • Clicking on the Requirements allows you to fill in the minimum build of Windows 10, the system architecture and so on;
  • A Detection Rule is then required for the Intune management agent to scan for the installed software. In this instance I am only looking for the existence of the 7z.exe file;
  • Should you need to add additional Return Codes, you have the option here;
  • We are now ready to Add the app to the Intune portal.At this point the application is uploaded to an Azure storage blob along with the information you have entered to install, display and uninstall the application;
  • At this point refreshing the list of available applications should result in the new application showing in an unassigned state;

Assigning The Application

The process of assigning the application will be familiar to those already working with Intune, in this example I am simply going to make the application available to all enrolled devices;

Company Portal Experience

For the end user, their experience is as it would be with any other application.

  • Click on the application to be installed – 7Zip (x64) in this example;

  • Click on the Install button to being the installation process:

  • You will now have visual confirmation that your application is downloading;

  • Logging is available from the following directory: “C:\ProgramData\Microsoft\IntuneManagementExtension\Logs”;
    In the below screenshow of the Intune Management Extension agent log you can see the content download initializing through the Azure content distribution network;

  • After a few moments your application should be installed;

Conclusion

The addition of this easy to use process from Microsoft is yet another leap forward for modern management of devices with Intune. Awesome job guys.

Microsoft Ignite Sessions

For those of you watching or attending Microsoft Ignite, also check out the Wold Café Community session – https://myignite.techcommunity.microsoft.com/sessions/66523?source=sessions#ignite-html-anchor. A fellow MVP Mirko Colemberg is also running a session on Thursday 27th September – https://myignite.techcommunity.microsoft.com/sessions/66407?source=sessions#ignite-html-anchor where this content will also be discussed.

Maurice Daly

Maurice has been working in the IT industry for the past 20 years and currently working in the role of Senior Cloud Architect with CloudWay. With a focus on OS deployment through SCCM/MDT, group policies, active directory, virtualisation and office 365, Maurice has been a Windows Server MCSE since 2008 and was awarded Enterprise Mobility MVP in March 2017. Most recently his focus has been on automation of deployment tasks, creating and sharing PowerShell scripts and other content to help others streamline their deployment processes.

18 comments

  • Is it possible now (in March 2019) to make the installation of an application mandatory? Similar to how in SCCM you can set an application to be installed for all or certain users without them manually installing from Software Center (or in the case of inTune, not having to install from the Company Portal)

    I am thinking for example of rolling out a new device, full managed by Intune and in Azure AD, setup via AutoPilot and forcing out certain core applications that we want on all users devices.

  • Hi,
    Could you please provide an example for a more complex setup. For instance to install the Cisco AnyConnect client there is an executable and and XML file. They both need to be installed on the computer by Intune. Does this tool work in this instance? If so, how?
    Thank you

  • You can also make a powershell script.
    That downloads the latest version from 7zip dynamicly.

    The same can be done with: Chrome, Firefox, AdobeReaderDC, SunJava etc. Powershell script on Intune per application ca 2Kb.

  • You can also make an powershell script which searches the website for a new application version. And installs it.

    As an example.
    Powershell:

    # Download and silent install 7-zip
    # Path for the workdir
    $workdir = “$env:TEMP\7zip\”
    $destination = “$workdir\7zip.msi”
    # Check if work directory exists if not create it
    If (Test-Path -Path $workdir -PathType Container)
    { Write-Host “$workdir already exists” -ForegroundColor Red}
    ELSE
    { New-Item -Path $workdir -ItemType directory }
    #Change TLS Version from 1.0 to 1.2
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    # Find Latest version
    $source_x86 = ((Invoke-WebRequest ‘https://www.7-zip.org/download.html’).links | where outerHTML -like “*.msi*” | select href).href | Select -First 1
    $source_x64 = ((Invoke-WebRequest ‘https://www.7-zip.org/download.html’).links | where outerHTML -like “*64.msi*” | select href).href | Select -First 1
    # Correct Download link
    $https_x86= “https://www.7-zip.org/$source_x86”
    $https_x64= “https://www.7-zip.org/$source_x64”
    # Download with Filter x64 of x86
    $client = New-Object System.Net.WebClient
    $OSarchitecture = (gwmi win32_operatingsystem | select osarchitecture).osarchitecture
    if($OSarchitecture -like ’64 bits’) {$client.DownloadFile($https_x64, $destination)} else {$client.DownloadFile($https_x86, $destination) }
    #install silently
    msiexec.exe /i “$destination” /qn
    Start-Sleep -s 120
    #Remove downloaded file
    Remove-Item $workdir -Recurse

  • Hi Maurice

    I stumbled across this post while looking for some troubleshooting info and was wondering if you could help at all.

    I’ve upload and made available Snagit as a Win32 app for people to install and while some have done so successfully there are quite a few people for whom it does not appear in the Company Portal. Other apps (with the same requirements) are appearing and installing fine. Snagit shows as available with the other apps for these devices so I’m at a bit of a loss as to what it could be.

    Any insight anyone can share would be greatly appreciated!

  • I did this step for step with the exact same 7z1805-x64.exe that is the same size (1,405kb). After running it through IntuneWinAppUtil.exe, the output 7z1805-x64.intunewin is 62,014kb compared to your 1,391kb. Not a big deal if it works I guess, just found that pretty weird.

    The reason I decided to follow this verbatim is because in my other attempt, nothing is appearing in the Company Portal for the end user (my other account on a test device). It is also occurring with this. No problem getting the built-in applications to appear (e.g. Office ProPlus). Any theories on this?

    • Hi Andrew,

      Have you ensured that the 7zip EXE is the only file in the folder from which you are specifying as the source folder?

      Maurice

    • You can also make a powershell script.
      That downloads the latest version from 7zip dynamicly.

      The same can be done with: Chrome, Firefox, AdobeReaderDC, SunJava etc. Powershell script on Intune per application ca 2Kb.

  • Hey Maurice,

    How do we get the Windows App (Win32) under the apps section? It’s not there for us and we’re in dire need for this!

    Cheers,

    • Its going into public preview at present. If you contact support they might be able to expedite the feature in your tenant

  • Hi do we know if there’s a space limitations for the app size and if it works for installers with multiple files/directory like Photoshop? Thks

    • Hi Stephanie,

      I believe the current file size limitation is 9GB. I’ll get that clarified by the product team however.

      Maurice

  • Hey, great post! You say the feature is available, but I don’t see it yet. Do you have any idea when it will be in public preview or how I can get it asap?

  • It looks like Intune deployment capabilities takes more and more from ConfigMgr application model (detection rule, Return codes)…

  • You must be in the same room as me. Didn’t waste ANY time after he finished his sentence before publishing this.

Sponsors

Categories

MSEndpointMgr.com use cookies to ensure that we give you the best experience on our website.