One year back, I worked for a customer to deploy Windows 10 with modern management tools like Intune. The major limitation we faced is Intune Win32 App Deployment (Intune Management Extension). Intune supported only single Msi file. Because of this limitation, we were unable to deploy applications with EXE, multiple MSIs, MST, batch files, etc.
[Related Post– Intune Win32 app Troubleshooting]
***Updated on 17th April 2019
What is Intune Win32 App Deployment?
Win32 application deployment is for 32 bit and 64-bit application deployments. Using Intune Win32 App deployment, you can deploy x86 and x64 bit applications. Windows 10 MDM channel has limitation to deploy complex Windows applications.
To overcome Windows 10 MDM channel limitation, Intune and Windows team came up with an agent-based (called Intune Management Extension) solution to deploy complex Windows applications (EXE, multiple MSIs, MST, batch files, etc.).
So now the Windows 10 (client side) is ready to deploy complex Windows apps via Win32 app deployment agent. Intune (Server side) has implemented a solution called “Intune Win32 App Deployment” to deploy complex Windows applications via Intune portal.
Pre-requisites of Intune Win32 App deployment / Intune Management Extension
- Windows 10 Ent/Edu (1607 version and above)
- Joined to Azure Active Directory (AAD) or Hybrid Azure Active Directory
- Enrolled into Intune MDM
Limitations of Win32 App Deployment / Intune Management Extension
- User context app installation not available
- No dependency and supersedence support (Coming SOON)
- Application size limit 2 GB (public preview)
Download the Win32 App Packaging Tool?
Download the Win32 to app “packaging” tool from GitHub? Is that a packaging tool? Do we need packaging skills to convert complex Windows apps to .IntuneWin format?
IntuneWin Extension Packaging Tool (Intune Management Extension) – https://www.anoopcnair.com/intune-application-model-intunewin-packages/
Download the IntuneWinAppUtil.exe
I don’t think you need any packaging skills to repackage existing Windows apps like MSI, EXE to .IntuneWin extention. This Intune win32 app packaging is similar to zipping a folder using Winzip or 7 zip.
[Intune Win32 App Deployment Troubleshooting post – Intune Win32 app Troubleshooting]
How to Prepare Win32 App Installation Source for Intune
Intune allow single package file wrapped using intune prep tool for win32 app (Intune Management Extension) deployment. We will see step by step configuration to use the tool. Intune Win32 App Deployment more details are available in the following section.
- Download the Intune prep tool (intuneWinAppUtil.exe).
- As shown below, make sure you copy all the installation files inside the source folder (example here: Adobe)
- And Keep the tool(intuneWinAppUtil.exe) outside of the installation source folder.
It is recommended to use cmd or batch file to trigger the installation. This approach will provide better control and sequence. I would suggest creating “cmd” file for install and uninstall.
- Execute the Intune prep tool (intuneWinAppUtil.exe). As shown below specify the source folder and output folder as the same path. This tool will create the wrapped file. you can see the file with extension “Intunewin” created
- Provide the setup file name. This file name is just for reference. In this example, you will be using cmd file to trigger installation
- The Intunewin file is compressed and encrypted with a SHA256 hash
(Intune Win32 App Deployment more details are available in the following section)
You can use tools like 7-zip to extract Intunewin file and see what’s inside. You can see Detection.xml and the install source files. The Detection.xml file is created based on the setup file metadata. Detection.xml file includes encryption key details.
How to Create and deploy Win32 App in Intune
In the Intune console, select Client apps > Apps > Add
Select Windows app (Win32) – preview from the provided drop-down list.
(Intune Win32 App Deployment more details are available in the following section)
Select the previously created intunewin file using intune prep tool.
Update the app information such as Name, Description, Publisher, Category, Logo, etc.
(Intune Win32 App Deployment more details are available in the following section)
Provide the cmd file name used to trigger application installation
You can configure the application pre-requirements
Configure the app detection rule and select “manually configure detection rule”
- MSI
- File
- Registry
(Intune Win32 App Deployment more details are available in the following section)
In this example, I will use the MSI product code as detection rule.
Based on your requirement update the return code and post-installation behaviour.
After completion, app is uploaded to Intune.
You can see the upload status by selecting the notification tab.
For testing I will deploy this application as “available “for all users.
(Intune Win32 App Deployment more details are available in the following section)
In next post 2 we will Deep dive intune Client side events during Intune Win32 app deployment.
[Intune Win32 App Deployment Troubleshooting post – Intune Win32 app Troubleshooting]
Resources:
Intune Troubleshooting – https://www.anoopcnair.com/configuration-profile-settings-view/
Intune Standalone – Win32 app management (Public Preview) – https://docs.microsoft.com/en-us/intune/apps-win32-app-management
what is the MSI product key and where can i find it?
I dint got your question completely..
Are you referring MSI product key configured in Intune console for detection logic ? Intune console will automatically detect MSI key if you select the MSI file for detection logic.
If MSI is installed successfully in the system then you can verify registry – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
Hi Anoop,
I need to deploy a application as win32 app to Windows Autopilot devices, the app has a has a prerequisite of .net 3.5, do you know how how I could use a batch file to install .net 3.5 first and then install the app?
Thanks
Steve
Currently intune cannot natively handle application dependency.Many users voted for this feature as mentioned in the below URL.
https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/8307447-priority-based-application-deployment
In batch file , we may have to handle it manually. Like Calling .net 3.5 installation first , add some pause and then call remaining apps.
Steve – It’s under development. You will soon see Win32 app deployment (sidecar) with dependency feature https://docs.microsoft.com/en-us/intune/in-development#enable-win32-app-dependencies-
Hello Anoop,
I am trying to deploy win 32 application as ‘available’, but I am not able to see the application in company portal, but when I deploy the windows store applications as available, I can see those windows store applications in Company portal. Also, I can deploy the application as required and it is installing perfectly fine, the problem is only with the win 32 apps deployed as “Available”
Hello Harsha,
Did you tried deploying application as “Available” for User Azure AD group or Device group ?
I tried from my side and its showing up for me.
Is that apps showing in Company portal web URL ? .. https://portal.manage.microsoft.com/
Hello Vimal,
Sorry for the late reply, I have deployed it to user Azure AD group itself. It doesnt show in the company portal app or the portal web url. we are using intune standalone and all the devices are win 10 1709. Also, wanted to let you know, Intune management extension is not getting installed, I figured that will get installed if the win32 app is deployed without any hiccup, if im not wrong.
Yes Harsha, if win32 app is deployed then only Intune management extension gets installed
So, can you please help me out with this.. is there anything that I need to do ?
Harsha – Can you please explain what are the steps you followed to troubleshoot Intune Win32 App agent installation issues? or Sidecar agent installation issues? I would recommend to start with Windows 10 MDM troubleshooting from event logs. The other step which I advice is to unenroll and enroll back to Intune. Once that is done, please deploy the Intune Win32 packaged application. This should initiate the Win32 app client installation….
Hello Anoop,
I have removed the enrollment and added it back and tried, still the same, but now I am getting the “ADALUseWindowsAuthenticationTenant failed,” and “Automatic registration failed at join phase” (event IDs : 305, 304), when I checked the event log and dsregcmd /status shows Azureadjoined = no
Is this only with one Windows 10 device? What is the version of Windows 10? I would try with another machine if you have not already tried this option. Also, what is the error showing in Intune troubleshooting tab? Pending for Install?
You reference using an install and uninstall script, how exactly did you write that? My familiarity with batch scripts is limited but would it just be msiexec /i software.exe /s or /quiet /QUIET /S /Silent (what is required)?
Normally i test the application install/uninstall commandline manually. If its sucess , Then i copy the same commandline to batch file and deploy using Intune. Commandline is based on the file type you are using.Please Test commandline manually before trying with Intune.
Another point is Intune automtically detect the Installation commandline if you specify the MSI file while Preparing Intunewin file format.You can open the Detection.xml and verify.
Hello!
What is the content of the install.cmd and unistall.cmd scripts?
What is the difference between creating the cmd file or adding the commands manually to the Intune portal in “specify the commands …”?
Technically there is no difference ..you can directly mention command line and it will work
But in real production scenario , Packaging team always follow a standard process like using install and uninstall script
Hi – is anyone else having trouble selecting the ‘user’ context for Install Behavior on the ‘Program’ pane? For me it’s greyed out, which means my app won’t be installed with admin privileges…
Hey Joe,
Could you figure this out? I too am facing the same problem with one of my deployments. I do see this option as enabled for other packages, but I have no clue why it is greyed out for just one specific package that I am trying to deploy.
Thanks,
Kris.
https://superuser.com/questions/1484434/microsoft-intune-install-behavior-disabled
Hello Anoop,
Is there a way to deploy the app in 64-bit mode? regkey imports are added in the WOW6432Node registry. I can’t find a way to add them in the native hive.
Please check below link for more details on 32-bit or 64-bit process behavior in Intunewin32 apps
you need lauch the cmd in 64 bit context
https://www.anoopcnair.com/intune-win32-app-deploy-system32-vs-syswow64/
Hello,
Thank you for your reponse. I have solved my problem.
Best regards
Wietse
Please check below link for more details on 32-bit or 64-bit process behavior in Intunewin32 apps deployment
https://www.anoopcnair.com/intune-win32-app-deploy-system32-vs-syswow64/
Hi – Can this tool be used to package applications with out silent switches.
intuneWinAppUtil.exe is just a prep tool to wrap the apps so that intune can deploy. This tool is not for app packaging.
Yeah you can so that with Microsoft Intune Application model using IntuneWin https://howtomanagedevices.com/intune/1092/intune-application-model-guide/
@Wietse – How did you solve your problem of:
“Is there a way to deploy the app in 64-bit mode? regkey imports are added in the WOW6432Node registry. I can’t find a way to add them in the native hive.”
We are experiencing the exact same issue.
Well, in my case what i did:
Created a Windows app (win32) App type:
I had a reg file that needed to be imported. I used “reg import ….” and changed the command to:
reg IMPORT run.reg /reg:64
Now the keys are added to the native hive, simple but it worked.
If you only need to deploy some keys, maybe you can also use Powershell scripting, this one has the option “Run script in 64 bit PowerShell Host”.
Greetings
Thank you! Will give this a try
Hii All,
I get some error during creation of .Intunewin File “Entries more than 4Gb are not supported in update mode”
Please help me on the same.
Regrads
Kamal
May be this is a known issue or a feature. Did you raise a ticket to fix this or check with please
Please check if you are using the latest version of Intune Win32-Content-Prep-Tool.
Also noticed similar issue reported –
https://github.com/Microsoft/Intune-Win32-App-Packaging-Tool/issues/6
I think you have an error in how the Packaging tool. You point to acrordr.exe instead of the full path for the installer application c:\software\adobe\acrordr.exe. According to the documentation and testing you need to put the full path to the installer. Also in the latest version of the pacakge intunewin file, when you go to extract it, you cannot access the installer files directly (I.E. cannot see what is packaged).