Intune Application Deployment (Windows)

Windows Intune

In this article, we are going to discuss Intune application deployment. Intune is the Microsoft Endpoint manager, that supports a variety of applications for Windows 10 such as Line-of-business Apps (MSI, APPX, and MSIX), Win32 Apps, and Microsoft Store for Business apps.

After reading this article, you will be capable to deploy and manage the Line of Business (LOB) and Win32 applications.

It’s possible to deploy the Windows app in two ways based on the application type.

1st way of Intune Application Deployment – User Context

This way is working when Intune managed app has been installed on the device when the user signs in. User context supports both Online and offline apps such as LOB, Microsoft store apps, and win32 applications with available and required Intent.

2nd way of Intune Application Deployment – Device Context

On the other hand, 2nd way is when Intune managed app is installed directly to the device by Intune. It supports LOB, Microsoft store, and Win32 apps only required intent.

App install intent:

  • Required assignment
  • Available for enrolled devices assignment
  • Uninstall assignment

Group assignment:

  • User group assignment
  • Device group assignment

The minimum requirement for LOB & Win32 Application deployment

  • Windows 10 – build 1607 or higher (Education, Pro and Enterprise).
  • The device under MDM management Enrolled with Microsoft Intune.
  • The application may not exceed 8 GB in size.

LOB app deployment isn’t supported on devices running Windows 10 Home editions.

The major difference between LOB and Win32 Application

  • Endpoint manager LOBapps are deployed through Windows 10 built-in MDM agent.
  • Endpoint manger application model uses a special package called IntuneWin.
  • The IntuneWin package is NOT handled by Windows 10 built-in MDM agent.
  • IntuneWin app installation is handled by a new agent called Intune Management Extension.

Win32 Application Deployment steps

Step 1: Create win32 package “Intunewin” file format.

Get the conversion tool by using Github.

Open the conversion tool, specify the source folder.

Enter and specify the source file to convert.

Enter and specify the destination folder to get the Intunewin format output file.

Step 2: open https://endpoint.microsoft.com

Navigate to Apps/All Apps and click Add

In the Select app type window Select the Win32 app

The Add App window appeared, then select App package file from apps blade.

Click on the browse button. Then, select a Windows installation file with the extension .intunewin.

In the next window Select App information to configure the app. Fill in the mandatory fields and provide the necessary information.

Intune necessary fields

Click Next, it navigates to Program to configure the app installation and uninstall command lines for the Intune application.

In the Requirements window, configure the requirements that devices must meet before the app is installed.

  • In the Add a Requirement rule pane, configure the following information.
    • Minimum operating system:
    • Disk space required (MB):
    • Physical memory required (MB):
    • Minimum number of logical processors required:
    • Minimum CPU speed required (MHz):
  • Click Add to display the Add a Requirement rule blade
  • Select the Requirement type to choose the type of rule that you will use to determine how a requirement is validated.
  • File: When you choose File as the Requirement type, the requirement rule must detect a file or folder, date, version, or size.
  • Path
  • Property
  • Associated with a 32-bit app on 64-bit clients
  • Registry: When you choose Registry as the Requirement type, the requirement rule must detect a registry setting based on value, string, integer, or version.
  • Key path
  • Value name
  • Registry key requirement
  • Associated with a 32-bit app on 64-bit clients
  • Script: Choose Script as the Requirement type, when you cannot create a requirement rule based on file, registry, or any other method available to you in the Intune console.
  • Script file
  • Run script as 32-bit process on 64-bit clients
  • Run this script using the logged on credentials
  • Enforce script signature check
  • Select output data type
  • Select OK.

In the Next window configure the Detection Rule

  • configure the rules to detect the presence of the app.
  • In Rules format field, select how the presence of the app will be detected.
  • Manually configure detection rules – You can select one of the following rule types
  • MSI
    • MSI product code
    • MSI product version check
  • File
    • Path
    • Detection method
    • Associated with a 32-bit app on 64-bit clients
    • Select No (default) to expand any path variables in the 64-bit context on 64-bit clients.
    • Examples of file-based detection
  • Registry – Verify based on value, string, integer, or version.
    • Key path
    • Value name
    • Detection method
    • Associated with a 32-bit app on 64-bit clients
  • Use a custom detection script
    • Script file
    • Run script as 32-bit process on 64-bit clients
    • Enforce script signature check

Choose the appropriate value and click Next, it moves to the Dependency window.

To configure App dependencies click the Add and specify the dependent applications.

Click Next.

In the next window select the type of assignment and select the group to assign.

  • Select Assignments.
  • Select Add Group to open the Add group pane that is related to the app.
  • For the specific app, select an assignment type:
    • Available for enrolled devices
    • Required
    • Uninstall
  • Select Included Groups and assign the groups that will use this app.
  • In the Assign pane, select OK to complete the included groups selection.
  • Select Exclude Groups if you want to exclude some devices/users.
  • Select OK.
  • Select Save.

After the assignment Review + Create the application.

Wait for some time to Upload the package (it consumes the time depending on the package size).

Line of business (LOB) application deployment:

LOB application is for deploying any MSI-based application, follow the below steps to complete LOB app installation.

Navigate to Apps>Windows apps> click +Add

Select app type as Line-of-business app click Select to create the application.

In the next window click select app package file

Select the application to install.

Click ok button.

It navigates to Add App window

In the App information fill the required fields marked *.

In the Name filed provide the application name

Provide the required information about the application in the Description file.

Finally, fill in the Publisher name in the Publisher field

In the Next window select the required groups to assign the application.

  • Select Assignments.
  • Select Add Group to open the Add group pane that is related to the app.
  • For the specific app, select an assignment type:
    • Available for enrolled devices
    • Required
    • Uninstall
  • Select Included Groups and assign the groups that will use this app.
  • In the Assign pane, select OK to complete the included groups selection.
  • Select Exclude Groups if you want to exclude some devices/users.
  • Select OK.
  • Select Save.

After the assignment Review + Create the application.

Wait for some time to Upload the package (it consumes time depending on the package size).

Also read Intune Application deployment for Android if you require to set it up for Android.

If you want to know more about Intune, check this article

About the Author Ritesh Jangir

Author is Bachelor of Technology in Electronics & Communication graduate in 2013 and have made the career establishment precisely in the field of Cloud IT infrastructure. Got associated with the Microsoft technologies right from the bottom of the ladder as Help desk operator. Working for Microsoft support with Convergys gave an end to end insight on Microsoft Intune and SAAS based technologies. Further worked for multiple clients to migrate their device management strategies from on-prem to cloud mostly Intune and AirWatch (VMware Workspace ONE). Worked with HCL and now with ITC infotech as Intune consultant for planning and implementation of device management for one of the biggest Beer manufacturing company globally.

follow me on: