Intune Application Deployment using MSI EXE IntuneWin Formats

In today’s post, let’s discuss Intune Application Deployment using MSI EXE IntuneWin Formats. One year back, I worked for a customer to deploy Windows 10 with modern management tools like Intune.

We faced a major limitation of Intune Win32 App Deployment (Intune Management Extension). Intune supported only a single Msi file. Because of this limitation, we could not deploy applications with EXE, multiple MSIs, MST, batch files, etc.

[Related PostIntune Win32 app Troubleshooting]

***Updated on 17th April 2019 NOTE! – These application deployment limitations are no longer valid. Intune currently supports deploying applications with EXE, multiple MSIs, MST, batch files, etc. 

Patch My PC

What is Intune Win32 App Deployment or Intune Application Deployment

Win32 application deployment is for 32-bit and 64-bit application deployments. Using Intune Win32 App deployment, you can deploy x86 and x64 bit applications.

Windows 10 MDM channel has limitations in deploying complex Windows applications.

To overcome Windows 10 MDM channel limitation, Intune and the Windows team came up with an agent-based (Intune Management Extension) solution to deploy complex Windows applications (EXE, multiple MSIs, MST, batch files, etc.).

So now, Windows 10 (client-side) is ready to deploy complex Windows apps via the Win32 app deployment agent. Intune (Server-side) has implemented a solution called “Intune Win32 App Deployment” to deploy complex Windows applications via Intune portal.

Intune Win32 App Deployment Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 1

Pre-requisites of Intune Win32 App deployment / Intune Management Extension

Let’s look into the pre-requisites of Intune Win32 App deployment or Intune Management Extension.

  • Windows 10 Ent/Edu (1607 version and above)
  • Joined to Azure Active Directory (AAD) or Hybrid Azure Active Directory
  • Enrolled into Intune MDM

Limitations of Win32 App Deployment / Intune Management Extension

Now check the limits of Win32 App Deployment or Intune Management Extension.

  • User context app installation is not available.
  • No dependency and supersedence support.
  • The application size limit is 8 GB.

Download the Win32 App Packaging Tool?

Download the Win32 to app “packaging” tool from GitHub. Is that a packaging tool? Do we need packaging skills to convert complex Windows apps? IntuneWin format?

The .intunewin file is created by Microsoft Win32 Content Prep Tool that converts application installation files into the .intunewin format.

IntuneWin Extension Packaging Tool (Intune Management Extension)https://www.anoopcnair.com/intune-application-model-intunewin-packages/

Download the IntuneWinAppUtil.exe.

I don’t think you need any packaging skills to repackage existing Windows apps like MSI, EXE, or IntuneWin Extention. This Intune win32 app packaging is similar to zipping a folder using Winzip or 7 zip.

[Intune Win32 App Deployment Troubleshooting postIntune Win32 app Troubleshooting]

How to Prepare Win32 App Installation Source for Intune

Intune allows single package files wrapped using intune prep tool for win32 app (Intune Management Extension) deployment.

We will see a step-by-step configuration to use the tool. Intune Win32 App Deployment; more details are available in the following section.

  • Download the Intune prep tool (intuneWinAppUtil.exe).
  • As shown below, make sure you copy all the installation files inside the source folder (example here: Adobe)
  • And Keep the tool(intuneWinAppUtil.exe) outside of the installation source folder.
IntuneWinAppUtil.exe How to Prepare Win32 App Installation Source for Intune
How to Prepare Win32 App Installation Source for Intune 2

It is recommended to use cmd or batch files to trigger the installation. This approach will provide better control and sequence. I would suggest creating a “cmd” file for installation and uninstall.

IntuneWinAppUtil How to Prepare Win32 App Installation Source for Intune
How to Prepare Win32 App Installation Source for Intune 3
  • Execute the Intune prep tool (intuneWinAppUtil.exe). As shown below, specify the source folder and output folder as the same path. This tool will create the wrapped file. you can see the file with the extension “Intunewin” created
  • Provide the setup file name. This filename is just for reference. In this example, you will be using the cmd file to trigger the installation.
  • The Intunewin file is compressed and encrypted with a SHA256 hash

(Intune Win32 App Deployment more details are available in the following section)

Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 4

You can use tools like 7-zip to extract the Intunewin file and see what’s inside. You can see Detection.xml and the install source files. The Detection.xml file is created based on the setup file metadata. Detection.xml file includes encryption key details.

Detection.xml Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 5

How to Create and deploy Win32 App in Intune

Sign in to the Microsoft Endpoint Manager admin center https://endpoint.microsoft.com/.

Select Apps > All apps > Add, or you can navigate to Apps > Windows > Windows Apps.

On the Select app type pane, under the Other app types, select Windows app (Win32) and click Select.

How to Create and deploy Win32 App in Intune
How to Create and deploy Win32 App in Intune

On the Add app pane, click Select app package file. Select the browse button. Then, Select the previously created intunewin file using intune prep tool. The app details appear.

When you’re finished, select OK on the App package file pane.

Intune Application Deployment using MSI EXE IntuneWin Formats 1
Intune Application Deployment using MSI EXE IntuneWin Formats 8

Update the app information such as Name, Description, Publisher, Category, Logo, etc.

(Intune Win32 App Deployment more details are available in the following section)

intune app information
Intune Application Deployment using MSI EXE IntuneWin Formats 9

On the Program page, configure the app installation and removal commands for the app.

  • Install command: Add the complete installation command line to install the windows update. For Example, Install.cmd (Contains the installation command for adobe)
  • Uninstall command: Add the complete command line to uninstall the windows update KBs. For Example, Uninstall.cmd (Contains the uninstallation command for adobe file)
  • Install behavior: Set the install behavior to System.

You can also specify the Device restart behavior and Post-installation behavior. Click Next to continue.

Intune Application Deployment using MSI EXE IntuneWin Formats 2
Intune Application Deployment using MSI EXE IntuneWin Formats 10

You can configure the application pre-requirements. On the Requirements page, specify the mandatory requirements that devices must meet before installing the update and click Next.

  • Operating system architecture: Choose the architectures needed to install the windows update.
  • Minimum operating system: Select the minimum operating system needed to install the windows update.

There are some built-in and custom requirements rules you can choose from when creating your Win32 application. Explore Intune Win32 App Requirement Rules.

Intune Application Deployment using MSI EXE IntuneWin Formats 3
Intune Application Deployment using MSI EXE IntuneWin Formats 11

Configure the app detection rule and select “manually configure detection rule.”

Intune Application Deployment using MSI EXE IntuneWin Formats 4
Intune Application Deployment using MSI EXE IntuneWin Formats 12

You can select any one of the below detection rule types:

  1. MSI
  2. File
  3. Registry

(Intune Win32 App Deployment more details are available in the following section)

Intune Application Deployment using MSI EXE IntuneWin Formats 5
Intune Application Deployment using MSI EXE IntuneWin Formats 13

I will use the MSI product code as a detection rule in this example.

Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 14

Based on your requirement, update the return code and post-installation behavior.

Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 15

After completion, the app is uploaded to Intune.

Intune Application Deployment using MSI EXE IntuneWin Formats 6
Intune Application Deployment using MSI EXE IntuneWin Formats 16

You can see the upload status by selecting the notification tab.

Intune Application Deployment using MSI EXE IntuneWin Formats 7
Intune Application Deployment using MSI EXE IntuneWin Formats 17

I will deploy this application as “available “for all users for testing.

(Intune Win32 App Deployment more details are available in the following section)

Intune Application Deployment using MSI EXE IntuneWin Formats
Intune Application Deployment using MSI EXE IntuneWin Formats 18

In the next post, 2, we will Deep dive into intune Client-side events during Intune Win32 app deployment.

[Intune Win32 App Deployment Troubleshooting postIntune Win32 app Troubleshooting]

Resources:

Intune Troubleshooting – https://www.anoopcnair.com/configuration-profile-settings-view/

Author

Vimal has more than ten years of experience in SCCM device management solutions. His main focus is on Device Management technologies like Microsoft Intune, ConfigMgr (SCCM), OS Deployment, and Patch Management. He writes about the technologies like SCCM, Windows 10, Microsoft Intune, and MDT.

49 thoughts on “Intune Application Deployment using MSI EXE IntuneWin Formats”

    • I dint got your question completely..
      Are you referring MSI product key configured in Intune console for detection logic ? Intune console will automatically detect MSI key if you select the MSI file for detection logic.
      If MSI is installed successfully in the system then you can verify registry – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

      Reply
  1. Hi Anoop,

    I need to deploy a application as win32 app to Windows Autopilot devices, the app has a has a prerequisite of .net 3.5, do you know how how I could use a batch file to install .net 3.5 first and then install the app?

    Thanks
    Steve

    Reply
  2. Hello Anoop,

    I am trying to deploy win 32 application as ‘available’, but I am not able to see the application in company portal, but when I deploy the windows store applications as available, I can see those windows store applications in Company portal. Also, I can deploy the application as required and it is installing perfectly fine, the problem is only with the win 32 apps deployed as “Available”

    Reply
      • Hello Vimal,

        Sorry for the late reply, I have deployed it to user Azure AD group itself. It doesnt show in the company portal app or the portal web url. we are using intune standalone and all the devices are win 10 1709. Also, wanted to let you know, Intune management extension is not getting installed, I figured that will get installed if the win32 app is deployed without any hiccup, if im not wrong.

      • Harsha – Can you please explain what are the steps you followed to troubleshoot Intune Win32 App agent installation issues? or Sidecar agent installation issues? I would recommend to start with Windows 10 MDM troubleshooting from event logs. The other step which I advice is to unenroll and enroll back to Intune. Once that is done, please deploy the Intune Win32 packaged application. This should initiate the Win32 app client installation….

      • Hello Anoop,

        I have removed the enrollment and added it back and tried, still the same, but now I am getting the “ADALUseWindowsAuthenticationTenant failed,” and “Automatic registration failed at join phase” (event IDs : 305, 304), when I checked the event log and dsregcmd /status shows Azureadjoined = no

      • Is this only with one Windows 10 device? What is the version of Windows 10? I would try with another machine if you have not already tried this option. Also, what is the error showing in Intune troubleshooting tab? Pending for Install?

  3. You reference using an install and uninstall script, how exactly did you write that? My familiarity with batch scripts is limited but would it just be msiexec /i software.exe /s or /quiet /QUIET /S /Silent (what is required)?

    Reply
    • Normally i test the application install/uninstall commandline manually. If its sucess , Then i copy the same commandline to batch file and deploy using Intune. Commandline is based on the file type you are using.Please Test commandline manually before trying with Intune.

      Another point is Intune automtically detect the Installation commandline if you specify the MSI file while Preparing Intunewin file format.You can open the Detection.xml and verify.

      Reply
  4. Hello!
    What is the content of the install.cmd and unistall.cmd scripts?
    What is the difference between creating the cmd file or adding the commands manually to the Intune portal in “specify the commands …”?

    Reply
    • Technically there is no difference ..you can directly mention command line and it will work

      But in real production scenario , Packaging team always follow a standard process like using install and uninstall script

      Reply
  5. Hi – is anyone else having trouble selecting the ‘user’ context for Install Behavior on the ‘Program’ pane? For me it’s greyed out, which means my app won’t be installed with admin privileges…

    Reply
  6. Hello Anoop,

    Is there a way to deploy the app in 64-bit mode? regkey imports are added in the WOW6432Node registry. I can’t find a way to add them in the native hive.

    Reply
  7. @Wietse – How did you solve your problem of:

    “Is there a way to deploy the app in 64-bit mode? regkey imports are added in the WOW6432Node registry. I can’t find a way to add them in the native hive.”

    We are experiencing the exact same issue.

    Reply
    • Well, in my case what i did:

      Created a Windows app (win32) App type:
      I had a reg file that needed to be imported. I used “reg import ….” and changed the command to:
      reg IMPORT run.reg /reg:64
      Now the keys are added to the native hive, simple but it worked.

      If you only need to deploy some keys, maybe you can also use Powershell scripting, this one has the option “Run script in 64 bit PowerShell Host”.

      Greetings

      Reply
  8. Hii All,

    I get some error during creation of .Intunewin File “Entries more than 4Gb are not supported in update mode”
    Please help me on the same.

    Regrads
    Kamal

    Reply
  9. I think you have an error in how the Packaging tool. You point to acrordr.exe instead of the full path for the installer application c:\software\adobe\acrordr.exe. According to the documentation and testing you need to put the full path to the installer. Also in the latest version of the pacakge intunewin file, when you go to extract it, you cannot access the installer files directly (I.E. cannot see what is packaged).

    Reply
  10. Hi Anoop/Vimal,
    I have created a package using PowerShell Deployment Tool with some steps for Pre-Installation and Post-Installation. The Application is getting installed successfully, but the pre and post installations are not working. Can you please hep me on this?

    Reply
  11. Hi Anoop,

    I am struggling with Visual Studio 2019 installation via Intune. I have tried to prepare offline installation files but when downloaded, they take cca 40 GB. I know there is a cap of 8 GB per package in Intune. If I run the vs_enterprise.exe –quiet, in Company portal it hangs in “Installing” status for a while, and then fails.

    Thank you

    Reply
  12. Hello,

    I am installing adobe reader using the prep tool. The endpoint downloads the bin file in incoming folder but fails after that. Its not moving to Staging folder, please advise

    Thanks,

    Reply
  13. Hi Anoop

    Is it possible to package a BIOS update app to be deployed using InTune? It would be likely using a BIN file with Setup Information file.

    Reply
  14. I have WinEXE application in C#, .NET Framework 4.6
    Whenever a user is trying to it deploy through Intune, a command prompt is shown.
    The same exe works fine with other bulk deployment tools like SCCM.

    How do I suppress all prompts or make complete silent installation through Intune?

    Reply
  15. Hi Anoop,

    I am a beginner in intune, we have all windows 10 devices on prem AD joined managed by sccm. there is a requirement to manage some of these devices through intune as they are mostly off the network and require company resources and applications/email access. what is the best method to enroll and manage them through intune? is it mandatory to configure co-management to enroll the domain joined windows pc. can I just HAADJ and manually or auto enroll the devices? (irrespective of sccm client on them)

    Reply
  16. Hi Anoop,
    We have ConnectWise Manage Client 64-bit imported as a Windows MSI line-of-business app and not Win32.
    Now I have to automate removing and installing the new version of ConnectWise Manage Client Windows MSI line-of-business app.
    Do you know if this is possible with .msi I can’t find any docs for it .
    Regards
    Tim

    Reply
  17. Hello,
    I have been struggling with deploying applications within User context through Intune. I noticed you had mentioned this in your post above.

    Limitations of Win32 App Deployment / Intune Management Extension
    Now check the limits of Win32 App Deployment or Intune Management Extension.

    User context app installation is not available.

    Is User context app install limited? There is an option even in the screenshots you provided that show the option for Install behavior to be set to either System or User. Does this not control the context by which the application is installed? If I package the .msi as .intunewin, upload to Intune and deploy, even with an ALLUSERS=”” set, the application installs under C:\Program Files.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.