How Intune Win32 App Detection Methods Work to Prevent Reinstallations and Ensure Compliance

Key Takeaways

• Detection methods verify whether an application is already installed before Intune attempts to deploy it.
• Accurate detection rules prevent unnecessary reinstallation and help ensure reliable app deployment.
• Intune supports multiple detection types, including MSI, File, Registry, and Custom PowerShell Script.
• Detection methods work together with Requirements and Dependencies to determine when and how an app is installed.
• Incorrect detection rules can cause deployment issues, such as failed installations, repeated installs, or incorrect app status reporting.

Intune Win32 app detection methods help IT admins automate and simplify application management. By checking whether an app is already installed before deployment, Intune avoids unnecessary installations, reduces network and device resource usage, and improves deployment success rates. For organizations, this ensures that users receive the correct applications, maintains software compliance, reduces support tickets, and provides a more consistent and reliable device management experience across all managed endpoints.

How Intune Win32 App Detection Methods Work to Prevent Reinstallations and Ensure Compliance

Once Intune completes the Detection Rule evaluation, it proceeds to the Applicability Check stage, where it verifies whether the device meets the configured application requirements. If the app is applicable and not already detected as installed, Intune proceeds to the Content Download stage and downloads the required app files.

To make things easier, some of the easy ways in which we can set a registry key as a detection method, Easy Way to Set Detection Method for Intune Win32 App.

• Intune Application Deployment using MSI EXE IntuneWin Formats
• Intune Win32 App Deployment Toast Notification | User Experience
• Intune Company Portal Branding Customization Options

Intune Win32 App Deployment Detection Methods

To explore the detection rules available for Win32 app deployments, sign in to the Microsoft Intune admin center.. Intune provides several detection rule options that help determine whether an application is already installed on a device before deployment.

Sign up to get the best of How To Manage Devices straight to your inbox!

Win32 App in the Intune Admin Center

First, navigate to Apps from the left-hand menu and then select All Apps to view the list of applications available in your Intune environment. From the app list, choose the required Windows app (Win32) application, such as 7-Zip 19.00, to open its configuration settings.

Open and Edit Detection Rules for a Win32 App

To configure or review detection rules for a Win32 application, open the application in the Microsoft Intune admin center and select Properties. In the app properties page, scroll down to the Detection Rules section and click Edit.

Available Detection Rule Options for Intune Win32 Apps

On the Detection rules blade, You can choose to either manually configure the detection rules or use a custom script to detect the presence of the app. The following Win32 apps detection rule formats appear.

Note – You must choose at least one detection rule. You can choose to add multiple rules.

Manually Configure Detection Rules

Here I selected the Manually configure detection rules format. Click on Add button, and A popup will appear showing the Detection rule. This detection rule format provides three detection rules MSI, File, and Registry.

Configure MSI-Based Detection Rules for Win32 Apps

The next is the Selected Rule type MSI. Let’s see the available options to detect the app – MSI: Verify based on an MSI version check. This option can be added only once. When you choose this rule type, you have two settings:

• MSI product code: Add a valid MSI product code for the app. (The app’s GUID is based on the application. For example – For 7zip Version 19, It’s {23170F69-40C1-2702-1900-000001000000}
• MSI product version check: Select Yes to verify the MSI product version in addition to the MSI product code.

Configure File-Based Detection Rules for Win32 Apps

The next, Selected Rule type File: Verify based on file or folder detection, date, version, or size.

• Path: Enter the full path of the folder that contains the file or folder to detect.
• File or folder: Enter the file or folder to detect.
• Detection method: Select the type of detection method used to validate the presence of the app. The following detection methods are available in file based detection rules.
  • File or folder exists.
  • Date modified
  • Date created
  • String (version)
  • Size in MB
• Associated with a 32-bit app on 64-bit clients: Select Yes to expand any path environment variables in the 32-bit context on 64-bit clients. Select No (default) to expand any path variables in the 64-bit context on 64-bit clients. 32-bit clients will always use the 32-bit context.

Configure Registry-Based Detection Rules for Win32 Apps

In the next, Selected Rule type Registry: Verify based on value, string, integer, or version. Here you can check the registry path for the applications. Most apps are installed in the same location, depending on the app architecture – Detection Method for Intune Win32 App. For Example, here, check for the registry value string equals.

• Key path: The full path of the registry entry that contains the value to detect. A valid syntax is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\O365ProPlusRetail or HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\O365ProPlusRetail.
• Value name: The name of the registry value to detect. If this value is empty, the detection will happen on the key. The (default) value of a key will be used as a detection value if the detection method is other than file or folder existence.
• Detection method: Select the type of detection method that’s used to validate the presence of the app. The following detection methods are available in registry based detection rules.
  • Key exists
  • Key does not exist
  • String comparison
  • Version comparison
  • Integer comparison
• Associated with a 32-bit app on 64-bit clients: Select Yes to search the 32-bit registry on 64-bit clients. Select No (default) to search the 64-bit registry on 64-bit clients. 32-bit clients will always search the 32-bit registry.

Use a Custom Detection Script

On the Detection rules pane, configure the rules format to Use a custom detection script. You can specify the PowerShell script that will be used to detect this app.

• Script file: Select a PowerShell script that will detect the presence of the app on the client. The app will be detected when the script both returns a 0 value exit code and writes a string value to STDOUT.
• Run script as 32-bit process on 64-bit clients: Select Yes to run the script in a 32-bit process on 64-bit clients. Select No (default) to run the script in a 64-bit process on 64-bit clients. 32-bit clients run the script in a 32-bit process.
• Enforce script signature check: Select Yes to verify that a trusted publisher has signed the script, which will allow the script to run with no warnings or prompts displayed. The script will run unblocked. Select No (default) to run the script with user confirmation without signature verification.

Need Further Assistance or Have Technical Questions?

Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, join the WhatsApp Community  and the Whatsapp channel to get the latest news on Microsoft Technologies. We are there on Reddit as well.

Author

About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11  Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.