Best Guide Intune Win32 App Deployment | Endpoint Manager

In this post we will explore Intune Win32 App Deployment (Endpoint Manager). We will also learn how to use Microsoft Win32 Content Prep Tool and create a .intunewin file.

Win32 app management in Intune is an interesting topic. Even though the final goal is to deploy application with Intune, but the process that we use is something different.

This post is a detailed guide on Intune Win32 app deployment. If you are deploying a Win32 App in Intune for the first time, you can use the post as reference.

With Intune Win32 app deployment, you will notice that most of the deployment options that you see are familiar and derive from Configuration Manager. This is an advantage for anyone who has worked on application deployment in Configuration Manager.

In my recent post I covered about deploying PowerShell script using Intune. Microsoft has made it so easy to deploy PowerShell scripts and applications with Intune. There are many other possibilities, and I am exploring one by one, so stay excited.

Alright then, let’s get started with Win32 app deployment in Intune. Before you deploy Win32 app with Intune, I assume you have access to Intune to deploy applications.

What is Win32 app in Microsoft Intune?

The new Intune Win32 app deployment is a great way to deploy Win32 apps with Microsoft Intune. This Win32 app management capability supports both 32-bit and 64-bit operating system architecture for Windows applications.

With Intune you can easily deploy 32-bit and 64-bit applications to your devices. The Intune management extension is installed automatically when a PowerShell script or Win32 app is assigned to the user or device.

Note – It is possible for cloud-connected customers to use Configuration Manager for Win32 app management. However, Intune-only customers will have greater management capabilities for their Win32 apps.

Advantages of Intune Win32 App Deployment

Besides from deploying .exe and .MSI apps, Intune Win32 app deployment has the following advantages:

• You can easily deploy .exe files by converting them to the intunewin format. This is a good feature that will benefit Intune Admins when it comes to application deployments.
• You can use detection logic to make sure that an app will be downloaded to the device and installed only if it’s not detected as per a set rule.
• Intune allows you to specify application requirements for Win32 app.
• If you have a critical update that has to be deployed to devices, you can deploy Win32 app with Intune.
• This is actually an advantage where you can set dependencies for a Win32 app. This feature is also available in ConfigMgr when you deploy apps. Microsoft team made sure this feature also works when you deploy Win32 app with Intune. This setting enables you to determine either the sequence in which the app would be installed.

Intune Win32 App Deployment Prerequisites

Intune Win32 app deployment has below prerequisites.

• Use Windows 10 version 1607 or later (Enterprise, Pro, or Education editions).
• Devices must be enrolled in Intune and either :-
  • Azure AD joined
  • Hybrid Azure AD joined
• Windows application size must not be greater than 8 GB per app.

Flowchart of Intune Win32 App Deployment

The following diagram is the architectural flow that occurs behind Intune Win32 app deployment. When you create and deploy a Win32 app with Intune, there is a process associated with it. The below diagram is designed by Microsoft team.

Download Microsoft Win32 Content Prep Tool

Before you begin the Intune Win32 app deployment, you must first download the Microsoft Win32 Content prep tool. The Microsoft Win32 Content prep tool converts application installation files into the .intunewin format.

Once you have an application with .intunewim format, you can add that application in Intune and deploy Win32 app with Intune. You can download Microsoft Win32 Content Prep Tool on the GitHub.

The advantage of using this packaging tool is that it automatically detects the parameters required by Intune to determine the application installation state.

When you download Intune Win32 Content Prep tool, it’s a .zip file and you must extract the contents to a folder.

Prepare Win32 app content for upload

In the step we will create the Win32 app using the Win32 Content Prep tool. We will use a simple application such as Adobe Acrobat Reader DC. You can also customize the Adobe Reader and then deploy it. Check out my post on how to customize and deploy Adobe Acrobat Reader DC using SCCM.

In the folder where the Adobe Acrobat setup files are present, create a new text file and rename it as install_adobe.cmd. Edit the file and enter the below command and save it. The below command installs Adobe Reader with customization file (AcroRead.mst).

msiexec /i "%~dp0AcroRead.msi" TRANSFORMS="%~dp0AcroRead.mst" /Update "%~dp0AcroRdrDCUpd2100120155.msp" /qn

Note – The Microsoft Win32 Content Prep Tool zips all files and subfolders when it creates the .intunewin file. Be sure to keep the Microsoft Win32 Content Prep Tool separate from the installer files and folders, so that you don’t include the tool or other unnecessary files and folders in your .intunewin file.

Running the Microsoft Win32 Content Prep Tool

Now that we have the application to deploy, we will run the Microsoft Win32 Content prep tool and convert the application to .intunewin format. You can deploy Win32 app with Intune once we get the .intunewin file.

Launch the command prompt as administrator and change the path to the folder that contains the Win32 content prep tool. Run the command IntuneWinAppUtil.exe.

When you enter the above command you need to input the details.

• Please specify the source folder – Enter the folder that contains your application setup files.
• Please specify the setup file – Enter the setup file which is your main application.
• Specify the output folder – The Win32 Content prep tool will place the final .intunewin file in this folder.
• Do you want to specify catalog folder – Type N.

Wait for a few minutes while the Win32 Content Prep Tool runs.

Finally, the AcroRead.intunewin file has been generated. You can also see the output shows Done with 100%. Close the command prompt.

Browse to the output folder and that’s our AcroRead.intunewin file. In the next step we will upload this file to Intune and begin Intune Win32 app deployment.

Tip – The .intunewin file contains two folders – Contents and Metadata. These folders contain the application package (the installer), and the Detetection.xml file

Begin Intune Win32 App Deployment

In this step we will add the .intunewin file and begin Intune Win32 app deployment. To add or upload .intunewin file to Intune, follow the below steps.

• Login to the Microsoft Endpoint Manager admin center.
• Click Apps and select All Apps.
• Click + Add and in the next step we will add Win32 app.

Under select app type, click the drop-down and select App type as Windows app (Win32).

Under App Information you must select the app package file. Click Select App package file.

Click the Browse icon and select the .intunewin file which is AcroRead.intunewin file. Notice that app details are populated and shown below. Click OK.

Under App Information, ensure you have selected the correct Win32 App. The app name cannot be changed here. However, you can add application description by clicking Edit Description.

Specify the Publisher info and category to which this app belongs to. You may choose to display this as a featured app in the company portal by turning that slider to Yes.

In addition to the above information, you can specify following details. These are optional details.

• Information URL
• Privacy URL
• Developer
• Owner
• Notes

Finally, the last option is to specify the application logo. This icon is displayed with the app when users browse through the company portal. I recommend specifying the logo here because it looks pretty neat in the company portal. Click Next.

On the Program section, you specify the details about the program. These are important details that you must supply before you deploy Win32 app with Intune. The details include :-

• Install Command – The install command should be automatically populated. However, in this case we will change it and use the install_adobe.cmd. That’s because that’s the file that contains the Adobe reader install command.
• Uninstall Command – This is also populated automatically in our case. In case you wish to specify another uninstall command or rather a script, you can do that.
• Install Behavior – Set the install behavior to either System or User. User context refers to only a particular user. System context refers to all users of a Windows 10 device.
• Device Restart Behavior – The section has got some options. You have to select one option out of these.
  • Determine behavior based on return codes – Choose this option to restart the device based on the return codes.
  • No specific action – Choose this option to suppress device restarts during the app installation of MSI-based apps. This is a preferred option if you don’t want reboot to occur on machines post application installation.
  • App install may force a device restart – Choose this option to allow the app installation to finish without suppressing restarts.
  • Intune will force a mandatory device restart – Choose this option to always restart the device after a successful app installation.

Specify return codes to indicate post-installation behavior: Add the return codes that are used to specify either app installation retry behavior or post-installation behavior. Return code entries are added by default during app creation. However, you can add more return codes or change existing return codes.

Suppose you select the device restart behavior to Determine behavior based on return codes, you need to set the Code type to one of the following.

• Failed – The return value that indicates an app installation failure.
• Hard reboot – The hard reboot return code does not allow the next Win32 app to be installed on the client without reboot.
• Soft reboot – The soft reboot return code allows the next Win32 app to be installed without requiring a client reboot. Reboot is necessary to complete installation of the current application.
• Retry – The retry return code agent will attempt to install the app three times. It will wait for five minutes between each attempt.
• Success – The return value that indicates the app was successfully installed.

Click Next.

The requirements section is where you specify the requirements that devices must meet before the app is installed. Pretty much similar to what we have in Configuration Manager.

• Operating system architecture – Choose the architectures needed to install the app. Select 64-bit.
• Minimum operating system – Select the minimum operating system needed to install the app. As an Intune admin, you should know what OS is installed on the client machines.
• Disk space required (MB) – This is an optional entry where you can add the free disk space needed on the system drive to install the app.
• Physical memory required (MB) – Add the physical memory (RAM) required to install the app. This is optional.
• Minimum number of logical processors required – You can specify the minimum number of logical processors required to install the app. This is optional.
• Minimum CPU speed required (MHz) – Optionally, add the minimum CPU speed required to install the app.

If you want to configure additional requirement rules, you can do so by click +Add option. Click Next.

When you deploy Win32 App with Intune, you need to specify the correct detection rules. The detection rules are very similar to what we have in Configuration Manager.

Rules format – Here you select how the presence of the app will be detected. You can choose to either manually configure the detection rules or use a custom script to detect the presence of the app. You must choose at least one detection rule.

In the example I have selected Manually configure detection rules which is a bit easier option I think. Click +Add.

On the detection rule window, select the Rule Type as MSI. The MSI product code is populated automatically, however if you don’t see it, add it manually. For MSI product version check, I am going to select No.

So we have successfully configured the detection rules for Win32 app. Click Next.

You can specify app dependencies where the applications that must be installed before your Win32 app can be installed. You can select those other apps by clicking +Add. I am not going to specify any dependencies here, so click Next.

When you supersede an application, you can specify which app will be updated or replaced. To update an app, disable the uninstall previous version option. To replace an app, enable the uninstall previous version option. On the Win32 Supersedence Rules page, I am going not going to configure anything. Click Next.

On the Assignments page, you can configure the start time and deadline time for a Win32 app. At the start time, the Intune management extension will start the app content download and cache it for the required intent. The app will be installed at the deadline time.

You can select the Required or Available for enrolled devices, or Uninstall group assignments for the app. The options are explained below.

• Required – The app is installed on devices in the selected groups.
• Available for enrolled devices – Users install the app from the company portal app or the company portal website.
• Uninstall – The app is uninstalled from devices in the selected groups.

Finally, review the Win32 app deployment settings and click Create.

Monitor Intune Win32 App Deployment in Intune

When you create a Win32 App in Intune using the above steps, you must wait until the app is uploaded to Intune. In the below screenshot you see the app is not ready yet. If app content is uploading, wait for it to finish.

How much time does it take for .intunewin file to upload ?. This depends on size of the file. The bigger the size of .intunewin file, the longer it takes to upload.

Keep an eye on the notifications as these are really important. Look for the final notification which says Application upload finished.

Tip – During my testing, the application failed to upload to Intune for some reason. So I had to create the app again. You must wait until you see app upload finished successfully in notifications.

Next, on the client computers, launch the Company Portal. Since we had configured this application to display as featured apps, it shows up under Featured Apps.

Select the Adobe Acrobat Reader DC application and click Install.

The application (.intunewin file) is downloaded and installed on the device.

In Intune, if you go to the application overview section, you can check the device status. There are lot of

Troubleshooting Intune Win32 App Deployments

When you deploy Win32 App with Intune, troubleshooting is also important. As we know that with application deployment, we encounter several issues. Like Configuration Manager, we also have log files from troubleshooting Win32 App deployments in Intune.

You can use CMTrace log file viewer to view the log files. I would recommend reading this excellent article on Troubleshooting Win32 Apps in Intune.

The Agent logs on the client machine are located in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs. This location mainly contains the following log files that track the following information :-

• AgentExecutor.log – This log file tracks PowerShell script executions (deployed by Intune).
• ClientHealth.log – This log file tracks the sidecar agent-client health activities.
• IntuneManagementExtension.log -The IME log that can be used to troubleshoot Win32 App deployments

Intune Win32 App Deployment FAQ’s

Some common question and answers related to Win32 App deployment with Intune.