Intune Application Deployment using MSI EXE IntuneWin Formats

In today’s post, let’s discuss Intune Application Deployment using MSI EXE IntuneWin Formats. One year back, I worked for a customer to deploy Windows 10 with modern management tools like Intune.

We faced a major limitation of Intune Win32 App Deployment (Intune Management Extension). Intune supported only a single Msi file. Because of this limitation, we could not deploy applications with EXE, multiple MSIs, MST, batch files, etc.

[Related PostIntune Win32 app Troubleshooting]

Patch My PC

***Updated on 17th April 2019 NOTE! – These application deployment limitations are no longer valid. Intune currently supports deploying applications with EXE, multiple MSIs, MST, batch files, etc. 

What is Intune Win32 App Deployment or Intune Application Deployment

Win32 application deployment is for 32-bit and 64-bit application deployments. Using Intune Win32 App deployment, you can deploy x86 and x64 bit applications.

Windows 10 MDM channel has limitations in deploying complex Windows applications.

To overcome Windows 10 MDM channel limitation, Intune and the Windows team came up with an agent-based (Intune Management Extension) solution to deploy complex Windows applications (EXE, multiple MSIs, MST, batch files, etc.).

So now, Windows 10 (client-side) is ready to deploy complex Windows apps via the Win32 app deployment agent. Intune (Server-side) has implemented a solution called “Intune Win32 App Deployment” to deploy complex Windows applications via Intune portal.

Intune Win32 App Deployment Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 1

Pre-requisites of Intune Win32 App deployment / Intune Management Extension

Let’s look into the pre-requisites of Intune Win32 App deployment or Intune Management Extension.

  • Windows 10 Ent/Edu (1607 version and above)
  • Joined to Azure Active Directory (AAD) or Hybrid Azure Active Directory
  • Enrolled into Intune MDM

Limitations of Win32 App Deployment / Intune Management Extension

Now check the limits of Win32 App Deployment or Intune Management Extension.

  • User context app installation is not available.
  • No dependency and supersedence support.
  • The application size limit is 8 GB (public preview).

Download the Win32 App Packaging Tool?

Download the Win32 to app “packaging” tool from GitHub? Is that a packaging tool? Do we need packaging skills to convert complex Windows apps? IntuneWin format?

IntuneWin Extension Packaging Tool (Intune Management Extension)https://www.anoopcnair.com/intune-application-model-intunewin-packages/

Download the IntuneWinAppUtil.exe.

I don’t think you need any packaging skills to repackage existing Windows apps like MSI, EXE, or IntuneWin Extention. This Intune win32 app packaging is similar to zipping a folder using Winzip or 7 zip.

[Intune Win32 App Deployment Troubleshooting postIntune Win32 app Troubleshooting]

How to Prepare Win32 App Installation Source for Intune

Intune allows single package files wrapped using intune prep tool for win32 app (Intune Management Extension) deployment.

We will see a step-by-step configuration to use the tool. Intune Win32 App Deployment; more details are available in the following section.

  • Download the Intune prep tool (intuneWinAppUtil.exe).
  • As shown below, make sure you copy all the installation files inside the source folder (example here: Adobe)
  • And Keep the tool(intuneWinAppUtil.exe) outside of the installation source folder.
IntuneWinAppUtil.exe How to Prepare Win32 App Installation Source for Intune
How to Prepare Win32 App Installation Source for Intune 2

It is recommended to use cmd or batch files to trigger the installation. This approach will provide better control and sequence. I would suggest creating a “cmd” file for installation and uninstall.

IntuneWinAppUtil How to Prepare Win32 App Installation Source for Intune
How to Prepare Win32 App Installation Source for Intune 3
  • Execute the Intune prep tool (intuneWinAppUtil.exe). As shown below, specify the source folder and output folder as the same path. This tool will create the wrapped file. you can see the file with the extension “Intunewin” created
  • Provide the setup file name. This filename is just for reference. In this example, you will be using the cmd file to trigger the installation.
  • The Intunewin file is compressed and encrypted with a SHA256 hash

(Intune Win32 App Deployment more details are available in the following section)

Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 4

You can use tools like 7-zip to extract the Intunewin file and see what’s inside. You can see Detection.xml and the install source files. The Detection.xml file is created based on the setup file metadata. Detection.xml file includes encryption key details.

Detection.xml Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 5

How to Create and deploy Win32 App in Intune

In the Intune console, select Client apps > Apps > Add

How to Create and deploy Win32 App in Intune
How to Create and deploy Win32 App in Intune 6

Select Windows app (Win32) – preview from the provided drop-down list.

(Intune Win32 App Deployment more details are available in the following section)

Windows app (Win32) How to Create and deploy Win32 App in Intune
How to Create and deploy Win32 App in Intune 7

Select the previously created intunewin file using intune prep tool.

intunewin file Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 8

Update the app information such as Name, Description, Publisher, Category, Logo, etc.

(Intune Win32 App Deployment more details are available in the following section)

intune app information
Intune Application Deployment using MSI EXE IntuneWin Formats 9

Provide the cmd file name used to trigger application installation

intune application program Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 10

You can configure the application pre-requirements

Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 11

Configure the app detection rule and select “manually configure detection rule.”

Intune Application Deployment using MSI EXE IntuneWin Formats 1
Intune Application Deployment using MSI EXE IntuneWin Formats 12

You can select any one of the below detection rule types:

  1. MSI
  2. File
  3. Registry

(Intune Win32 App Deployment more details are available in the following section)

Intune Application Deployment using MSI EXE IntuneWin Formats 2
Intune Application Deployment using MSI EXE IntuneWin Formats 13

I will use the MSI product code as a detection rule in this example.

Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 14

Based on your requirement, update the return code and post-installation behavior.

Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 15

After completion, the app is uploaded to Intune.

Intune Application Deployment using MSI EXE IntuneWin Formats 3
Intune Application Deployment using MSI EXE IntuneWin Formats 16

You can see the upload status by selecting the notification tab.

Intune Application Deployment using MSI EXE IntuneWin Formats 4
Intune Application Deployment using MSI EXE IntuneWin Formats 17

I will deploy this application as “available “for all users for testing.

(Intune Win32 App Deployment more details are available in the following section)

Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 18

In the next post, 2, we will Deep dive into intune Client-side events during Intune Win32 app deployment.

[Intune Win32 App Deployment Troubleshooting postIntune Win32 app Troubleshooting]

Resources:

Intune Troubleshooting – https://www.anoopcnair.com/configuration-profile-settings-view/

Author

Vimal has more than 10 years of experience in SCCM device management solutions. His main focus is on Device Management technologies like Microsoft Intune, ConfigMgr (SCCM), OS Deployment, and Patch Management. He writes about the technologies like SCCM, Windows 10, Microsoft Intune, and MDT.

47 thoughts on “Intune Application Deployment using MSI EXE IntuneWin Formats”

    • I dint got your question completely..
      Are you referring MSI product key configured in Intune console for detection logic ? Intune console will automatically detect MSI key if you select the MSI file for detection logic.
      If MSI is installed successfully in the system then you can verify registry – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

      Reply
  1. Hi Anoop,

    I need to deploy a application as win32 app to Windows Autopilot devices, the app has a has a prerequisite of .net 3.5, do you know how how I could use a batch file to install .net 3.5 first and then install the app?

    Thanks
    Steve

    Reply
  2. Hello Anoop,

    I am trying to deploy win 32 application as ‘available’, but I am not able to see the application in company portal, but when I deploy the windows store applications as available, I can see those windows store applications in Company portal. Also, I can deploy the application as required and it is installing perfectly fine, the problem is only with the win 32 apps deployed as “Available”

    Reply
      • Hello Vimal,

        Sorry for the late reply, I have deployed it to user Azure AD group itself. It doesnt show in the company portal app or the portal web url. we are using intune standalone and all the devices are win 10 1709. Also, wanted to let you know, Intune management extension is not getting installed, I figured that will get installed if the win32 app is deployed without any hiccup, if im not wrong.

      • Harsha – Can you please explain what are the steps you followed to troubleshoot Intune Win32 App agent installation issues? or Sidecar agent installation issues? I would recommend to start with Windows 10 MDM troubleshooting from event logs. The other step which I advice is to unenroll and enroll back to Intune. Once that is done, please deploy the Intune Win32 packaged application. This should initiate the Win32 app client installation….

      • Hello Anoop,

        I have removed the enrollment and added it back and tried, still the same, but now I am getting the “ADALUseWindowsAuthenticationTenant failed,” and “Automatic registration failed at join phase” (event IDs : 305, 304), when I checked the event log and dsregcmd /status shows Azureadjoined = no

      • Is this only with one Windows 10 device? What is the version of Windows 10? I would try with another machine if you have not already tried this option. Also, what is the error showing in Intune troubleshooting tab? Pending for Install?

  3. You reference using an install and uninstall script, how exactly did you write that? My familiarity with batch scripts is limited but would it just be msiexec /i software.exe /s or /quiet /QUIET /S /Silent (what is required)?

    Reply
    • Normally i test the application install/uninstall commandline manually. If its sucess , Then i copy the same commandline to batch file and deploy using Intune. Commandline is based on the file type you are using.Please Test commandline manually before trying with Intune.

      Another point is Intune automtically detect the Installation commandline if you specify the MSI file while Preparing Intunewin file format.You can open the Detection.xml and verify.

      Reply
  4. Hello!
    What is the content of the install.cmd and unistall.cmd scripts?
    What is the difference between creating the cmd file or adding the commands manually to the Intune portal in “specify the commands …”?

    Reply
    • Technically there is no difference ..you can directly mention command line and it will work

      But in real production scenario , Packaging team always follow a standard process like using install and uninstall script

      Reply
  5. Hi – is anyone else having trouble selecting the ‘user’ context for Install Behavior on the ‘Program’ pane? For me it’s greyed out, which means my app won’t be installed with admin privileges…

    Reply
  6. Hello Anoop,

    Is there a way to deploy the app in 64-bit mode? regkey imports are added in the WOW6432Node registry. I can’t find a way to add them in the native hive.

    Reply
  7. @Wietse – How did you solve your problem of:

    “Is there a way to deploy the app in 64-bit mode? regkey imports are added in the WOW6432Node registry. I can’t find a way to add them in the native hive.”

    We are experiencing the exact same issue.

    Reply
    • Well, in my case what i did:

      Created a Windows app (win32) App type:
      I had a reg file that needed to be imported. I used “reg import ….” and changed the command to:
      reg IMPORT run.reg /reg:64
      Now the keys are added to the native hive, simple but it worked.

      If you only need to deploy some keys, maybe you can also use Powershell scripting, this one has the option “Run script in 64 bit PowerShell Host”.

      Greetings

      Reply
  8. Hii All,

    I get some error during creation of .Intunewin File “Entries more than 4Gb are not supported in update mode”
    Please help me on the same.

    Regrads
    Kamal

    Reply
  9. I think you have an error in how the Packaging tool. You point to acrordr.exe instead of the full path for the installer application c:\software\adobe\acrordr.exe. According to the documentation and testing you need to put the full path to the installer. Also in the latest version of the pacakge intunewin file, when you go to extract it, you cannot access the installer files directly (I.E. cannot see what is packaged).

    Reply
  10. Hi Anoop/Vimal,
    I have created a package using PowerShell Deployment Tool with some steps for Pre-Installation and Post-Installation. The Application is getting installed successfully, but the pre and post installations are not working. Can you please hep me on this?

    Reply
  11. Hi Anoop,

    I am struggling with Visual Studio 2019 installation via Intune. I have tried to prepare offline installation files but when downloaded, they take cca 40 GB. I know there is a cap of 8 GB per package in Intune. If I run the vs_enterprise.exe –quiet, in Company portal it hangs in “Installing” status for a while, and then fails.

    Thank you

    Reply
  12. Hello,

    I am installing adobe reader using the prep tool. The endpoint downloads the bin file in incoming folder but fails after that. Its not moving to Staging folder, please advise

    Thanks,

    Reply
  13. Hi Anoop

    Is it possible to package a BIOS update app to be deployed using InTune? It would be likely using a BIN file with Setup Information file.

    Reply
  14. I have WinEXE application in C#, .NET Framework 4.6
    Whenever a user is trying to it deploy through Intune, a command prompt is shown.
    The same exe works fine with other bulk deployment tools like SCCM.

    How do I suppress all prompts or make complete silent installation through Intune?

    Reply
  15. Hi Anoop,

    I am a beginner in intune, we have all windows 10 devices on prem AD joined managed by sccm. there is a requirement to manage some of these devices through intune as they are mostly off the network and require company resources and applications/email access. what is the best method to enroll and manage them through intune? is it mandatory to configure co-management to enroll the domain joined windows pc. can I just HAADJ and manually or auto enroll the devices? (irrespective of sccm client on them)

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.