So, you got licenses for Microsoft Intune, and want to roll out some applications to your devices.
If you are new to this you may be faced with some issues, especially regarding what kind of applications you can publish, and how to do so.
There are numerous formats for applications to manage these days – you got the Windows store applications (appx) from Windows 8>>, Line of business apps in the form of MSI installers, and win32 apps.
I will not go into detail on MSI and Windows store here, as these are rather easy to deploy via the information in the web gui.
Here is a list of the options available within Intune.:
MSI: For MSI based installers this is quite simple, you just point to the file within Intune, and the options get picked out from the installer. You can then just point the policy to the devices/user groups you wish this to get installed on. It’s a pretty straight forward process.
Windows store: For Windows store applications you can basically just point this purely in the web gui, it’s a good list there already covering all the default applications.
Should you wish to add some special store applications, you can do this via the Windows store for Business – just get the apps there and make them available for assignment in Intune.
Now, for the fun kind of apps, the ones everyone probably has a lot of still, the win32 apps.
Win 32 applications can be anything, and if it has an .exe setup file, and supports silent installation, you can now easily deploy this via Intune.
Now the first thing you may notice when tasked to point Intune to the install file for upload, is that it ask for a .intunewin file.:
Then you will ask yourself, what the heck is that, and maybe give up – now, this is actually quite easy.
You need to package/convert the .exe file to .intunewin format.
This can be done with the “Microsoft Intune Win32 Content Prep Tool”, this tool can be downloaded from GitHub on the following link:
Put the tool in a separate folder somewhere on your device.
This tool runs in command line, so go to the folder where you have extracted the tool with command prompt/ or powershell.
For simplicity, put your .exe install files in a subdirectory in the same folder (or somewhere else to your choosing)
But an important note her, put every .exe install file in their own subdirectory, do not put several install files in the same directory – if you do this the utility will putt all these files in the same package – you don’t want that.
So ie, “application A” setup file is saved in a folder with “application A” as the name, containing just that single file. Do the same for other apps you wish to package.
To generate the package do as follows:
In command line, go to the path of the extracted tool, this folder should have a file called “IntuneWinAppUtil”, this is the tool responsible for doing the packaging.
While in the stated path in command line, you write the following command to generate an intunewin file for your application,
intunewinapputil.exe -c "c:\yoursourcefolder\containingexefile" -s "c:\yoursourcefolder\containingexefile\filename.exe" -o "c:\youroutputfolder\applicationname"
In short, you call the utility, use -c to point to the directory containing the setup file you wish to package, use -s to point to the actual .exe file, and use -o to state the output folder for the intunewin file, if the folder does not exist, it will be created. Easy right?
Example here for Angry IP scanner:
Source for the AngryIP setup file to package:
Running the command:
You now have the intunewin file in the output folder ready to upload to Intune:
In the intune gui:
- Go to “Client apps\add app – select windows app (win32) – select package file, browse and select your intunewinfile. Select OK.
- Select App information, fill in some description and publisher info as required to continue, make other changes should you wish
- Select program, input install command and uninstall command, select if it should be installed in system level or user level.
The first part of the install command is easy its just the name of the original .exe file before packaging – in this case angryipscanner.exe You then need the switches for the likes of silent/quiet/ etc.
You can find this for many apps by just going in command prompt, going to the path of the .exe file and run something.exe /?
Which in many cases gives you a popup with the available switches.
Otherwise you can always use Google
For AngryIP Scanner the switches are as follows:
Install command.: AngryIpScanner.exe /S
Uninstall.: %programfiles%\Angry IP Scanner\uninstall.exe /S
Click OK when finished.
- Go to requirement to fill in device requirement that apply, you always have to select architecture and Windows Operation system , but you can also put more if needed.
- Next you need to create a detection rule, this is needed for Intune to verify if the targeted device/user has the app installed or install if missing.
You can use a script or set a rule manually to check the filesystem for a file/folder or check the registry for a key/value.
in this case I’m using the manual method, and checking the registry just for the Key
Angry IP Scanner is 32 bit, so select yes for the option “Associated with a 32 bit app on 64 bit clients” This will make sure that intine checks the WOW6432Node on 64 bit machines for the key.
OK when finish.
- Click save on the bottom – and wait for the application to upload before you can assign it for publishing.
- When its uploaded you can assign groups to the application as followed:
1.Click Assignments>2.Add Group>3.select Assignment type>4.Select Included Groups>5.Choose group or accept the “everything rule that’s already there>6.Select desired group
When done click select and OK all the way back.
PS: you can also select what level of Toast notifications to show the users when deploying – I usually select only show restart notifications – no need to distract the users too much.
- You now have the Application ready to deploy – in most cases – but not for AngryIP scanner – I selected that application for this blog because it has another dependency to get installed.
And as you can see, in the menu to the far left in the above screenshot– you now have an option to add “Dependencies” – this is great news
Angry IP Scanner is dependent on Java – go figures. So that is just a great way to show that this can be resolved now inside Intune.
Keep in mind though, you need to have uploaded the java installer as a another win32 app to get it added to the dependencies list for Angry IP – just repeat the process above for Java.
Then go into Dependencies for AngryIP Scanner to get it added – otherwise AngryIP Scanner will A: never get installed because java is missing, B: get installed when Java finds it way to the machine by other means.
So save yourself the trouble, and configure dependencies and set them to install automatically.
That’s all – you can now have fun with this.
Now there are some limitations to Intune as of now, in my opinion.
You have a rather poor control over when what application or script is going to run, it would be great to be able to configure run order for application installation, and it really is needed if you ask me, should it be fully enterprise ready,
I guess you could work around it by using the Dependencies as above, and making all applications dependent on each other to get it installed in the order you want. But that just feels cumbersome in my opinion.
Other issue is that Dependencies is only available for win32 applications, not Line of business applications, powershell scripts etc.
So I’m hoping it will show up sooner rather than later to help adopt Intune use cases.
That’s all for this time, I will be posting another blog to showcase Windows autopilot paired with the above – I’m running this on my personal devices and its just great.
I will in that blog show my running config for Autopilot+intune MDM, to showcase how beautiful it is to never have to worry about changing a computer ever again