Intune Win32 App Deployment using Modern Management

32
Intune Win32 App Deployment

One year back, I worked for a customer to deploy Windows 10 with modern management tools like Intune. The major limitation we faced is Intune Win32 App Deployment (Intune Management Extension). Intune supported only single Msi file. Because of this limitation, we were unable to deploy applications with EXE, multiple MSIs, MST, batch files, etc.

[Related PostIntune Win32 app Troubleshooting]

***Updated on 17th April 2019

NOTE! – This application deployment limitations are no longer valid. Intune currently support deploying applications with EXE, multiple MSIs, MST, batch files, etc. 

TL;DR

What is Intune Win32 App Deployment?

Win32 application deployment is for 32 bit and 64-bit application deployments. Using Intune Win32 App deployment, you can deploy x86 and x64 bit applications. Windows 10 MDM channel has limitation to deploy complex Windows applications.

To overcome Windows 10 MDM channel limitation, Intune and Windows team came up with an agent-based (called Intune Management Extension) solution to deploy complex Windows applications (EXE, multiple MSIs, MST, batch files, etc.).

So now the Windows 10 (client side) is ready to deploy complex Windows apps via Win32 app deployment agent. Intune (Server side) has implemented a solution called “Intune Win32 App Deployment” to deploy complex Windows applications via Intune portal.

Intune Win32 App Deployment

Pre-requisites of Intune Win32 App deployment / Intune Management Extension

  • Windows 10 Ent/Edu (1607 version and above)
  • Joined to Azure Active Directory (AAD) or Hybrid Azure Active Directory
  • Enrolled into Intune MDM

Limitations of Win32 App Deployment / Intune Management Extension

  • User context app installation not available
  • No dependency and supersedence support (Coming SOON)
  • Application size limit 2 GB (public preview)

Download the Win32 App Packaging Tool?

Download the Win32 to app “packaging” tool from GitHub? Is that a packaging tool? Do we need packaging skills to convert complex Windows apps to .IntuneWin format?

IntuneWin Extension Packaging Tool (Intune Management Extension)https://www.anoopcnair.com/intune-application-model-intunewin-packages/

Download the IntuneWinAppUtil.exe

I don’t think you need any packaging skills to repackage existing Windows apps like MSI, EXE to .IntuneWin extention. This Intune win32 app packaging is similar to zipping a folder using Winzip or 7 zip.

[Intune Win32 App Deployment Troubleshooting postIntune Win32 app Troubleshooting]

How to Prepare Win32 App Installation Source for Intune

Intune allow single package file wrapped using intune prep tool for win32 app (Intune Management Extension) deployment. We will see step by step configuration to use the tool. Intune Win32 App Deployment more details are available in the following section.

  • Download the Intune prep tool (intuneWinAppUtil.exe).
  • As shown below, make sure you copy all the installation files inside the source folder (example here: Adobe)
  • And Keep the tool(intuneWinAppUtil.exe) outside of the installation source folder.

IntuneWinAppUtil.exe

It is recommended to use cmd or batch file to trigger the installation. This approach will provide better control and sequence. I would suggest creating “cmd” file for install and uninstall.

IntuneWinAppUtil

  • Execute the Intune prep tool (intuneWinAppUtil.exe). As shown below specify the source folder and output folder as the same path. This tool will create the wrapped file. you can see the file with extension “Intunewin” created
  • Provide the setup file name. This file name is just for reference. In this example, you will be using cmd file to trigger installation
  • The Intunewin file is compressed and encrypted with a SHA256 hash

(Intune Win32 App Deployment more details are available in the following section)

Intune Win32 App Deployment using Modern Management 1

You can use tools like 7-zip to extract Intunewin file and see what’s inside. You can see Detection.xml and the install source files. The Detection.xml file is created based on the setup file metadata. Detection.xml file includes encryption key details.

Detection.xml

How to Create and deploy Win32 App in Intune

In the Intune console, select Client apps > Apps > Add

Intune Win32 App Deployment using Modern Management 2

Select Windows app (Win32) – preview from the provided drop-down list.

(Intune Win32 App Deployment more details are available in the following section)

Windows app (Win32)

Select the previously created  intunewin file using intune prep tool.

intunewin file

Update the app information such as Name, Description, Publisher, Category, Logo, etc.

(Intune Win32 App Deployment more details are available in the following section)

intune app information

Provide the cmd file name used to trigger application installation

intune application program

You can configure the application pre-requirements

Intune Win32 App Deployment using Modern Management 3

Configure the app detection rule and select “manually configure detection rule”

Intune Win32 App Deployment using Modern Management 4

You can select any one of the below detection rule type:
    1. MSI
    1. File
  1. Registry

(Intune Win32 App Deployment more details are available in the following section)

Intune Win32 App Deployment using Modern Management 5

In this example, I will use the MSI product code as detection rule.

Intune Win32 App Deployment using Modern Management 6

Based on your requirement update the return code and post-installation behaviour.

Intune Win32 App Deployment using Modern Management 7

After completion, app is uploaded to Intune.

Intune Win32 App Deployment using Modern Management 8

You can see the upload status by selecting the notification tab.

Intune Win32 App Deployment using Modern Management 9

For testing I will deploy this application as “available “for all users.

(Intune Win32 App Deployment more details are available in the following section)

Intune Win32 App Deployment using Modern Management 10

In next post 2 we will Deep dive intune Client side events during Intune Win32 app deployment.

[Intune Win32 App Deployment Troubleshooting postIntune Win32 app Troubleshooting]

Resources:

Intune Troubleshooting – https://www.anoopcnair.com/configuration-profile-settings-view/

Intune Standalone – Win32 app management (Public Preview) – https://docs.microsoft.com/en-us/intune/apps-win32-app-management

32 COMMENTS

    • I dint got your question completely..
      Are you referring MSI product key configured in Intune console for detection logic ? Intune console will automatically detect MSI key if you select the MSI file for detection logic.
      If MSI is installed successfully in the system then you can verify registry – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

  1. Hi Anoop,

    I need to deploy a application as win32 app to Windows Autopilot devices, the app has a has a prerequisite of .net 3.5, do you know how how I could use a batch file to install .net 3.5 first and then install the app?

    Thanks
    Steve

  2. Hello Anoop,

    I am trying to deploy win 32 application as ‘available’, but I am not able to see the application in company portal, but when I deploy the windows store applications as available, I can see those windows store applications in Company portal. Also, I can deploy the application as required and it is installing perfectly fine, the problem is only with the win 32 apps deployed as “Available”

      • Hello Vimal,

        Sorry for the late reply, I have deployed it to user Azure AD group itself. It doesnt show in the company portal app or the portal web url. we are using intune standalone and all the devices are win 10 1709. Also, wanted to let you know, Intune management extension is not getting installed, I figured that will get installed if the win32 app is deployed without any hiccup, if im not wrong.

      • Harsha – Can you please explain what are the steps you followed to troubleshoot Intune Win32 App agent installation issues? or Sidecar agent installation issues? I would recommend to start with Windows 10 MDM troubleshooting from event logs. The other step which I advice is to unenroll and enroll back to Intune. Once that is done, please deploy the Intune Win32 packaged application. This should initiate the Win32 app client installation….

      • Hello Anoop,

        I have removed the enrollment and added it back and tried, still the same, but now I am getting the “ADALUseWindowsAuthenticationTenant failed,” and “Automatic registration failed at join phase” (event IDs : 305, 304), when I checked the event log and dsregcmd /status shows Azureadjoined = no

      • Is this only with one Windows 10 device? What is the version of Windows 10? I would try with another machine if you have not already tried this option. Also, what is the error showing in Intune troubleshooting tab? Pending for Install?

  3. You reference using an install and uninstall script, how exactly did you write that? My familiarity with batch scripts is limited but would it just be msiexec /i software.exe /s or /quiet /QUIET /S /Silent (what is required)?

    • Normally i test the application install/uninstall commandline manually. If its sucess , Then i copy the same commandline to batch file and deploy using Intune. Commandline is based on the file type you are using.Please Test commandline manually before trying with Intune.

      Another point is Intune automtically detect the Installation commandline if you specify the MSI file while Preparing Intunewin file format.You can open the Detection.xml and verify.

  4. Hello!
    What is the content of the install.cmd and unistall.cmd scripts?
    What is the difference between creating the cmd file or adding the commands manually to the Intune portal in “specify the commands …”?

    • Technically there is no difference ..you can directly mention command line and it will work

      But in real production scenario , Packaging team always follow a standard process like using install and uninstall script

  5. Hi – is anyone else having trouble selecting the ‘user’ context for Install Behavior on the ‘Program’ pane? For me it’s greyed out, which means my app won’t be installed with admin privileges…

  6. Hello Anoop,

    Is there a way to deploy the app in 64-bit mode? regkey imports are added in the WOW6432Node registry. I can’t find a way to add them in the native hive.

  7. @Wietse – How did you solve your problem of:

    “Is there a way to deploy the app in 64-bit mode? regkey imports are added in the WOW6432Node registry. I can’t find a way to add them in the native hive.”

    We are experiencing the exact same issue.

    • Well, in my case what i did:

      Created a Windows app (win32) App type:
      I had a reg file that needed to be imported. I used “reg import ….” and changed the command to:
      reg IMPORT run.reg /reg:64
      Now the keys are added to the native hive, simple but it worked.

      If you only need to deploy some keys, maybe you can also use Powershell scripting, this one has the option “Run script in 64 bit PowerShell Host”.

      Greetings

  8. Hii All,

    I get some error during creation of .Intunewin File “Entries more than 4Gb are not supported in update mode”
    Please help me on the same.

    Regrads
    Kamal

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.