Deploying Win32 Applications with Intune | Intune-Hybrid

Dear Intune Admin,

A big question that could come up during your planning stage for hybrid provisioning is how do we upload applications to Intune when our files are .MSI,.EXE, etc.? Intune will only read .INTUNEWIN files so we are going to require a converter! This blog will teach you how to convert an application from any file extension to a .INTUNEWIN file so that we may utilize the Intune Management Extension on Intune to deploy applications to our new devices.

Visual Flowchart

Pre-Requisites

Ø  Windows 10 – build 1607 or higher (Education, Pro and Enterprise)

Ø  Azure AD or Hybrid Domain joined

Ø  Must be under MDM management with Microsoft Intune

Ø  Application (including source files) cannot exceed past 8GB in file size

What about Scripts?

Custom installation scripts can be successfully uploaded to Intune through the converter as well. These are for situations when you need certain files copied or registry settings that need to be applied. This would be put within the source folder when we get to the conversion section.

IntuneWin Extension Packaging Tool

IntuneWinAppUtil.exe – Download the Win32 App Packaging tool from GitHub

Preparing for the IntuneWinAppUtil (converter)

Before we can convert any of our legacy applications to a .INTUNEWIN file, we need to setup folders so that we can direct where the application will go after it has been converted from the IntuneWinAppUtil.exe.

Intune will allow single package file’s to be wrapped using the preparation tool for Win32 app (Intune Management Extension) deployment. 

Step 1:

Download the Packaging Tool and place it in C:\Temp

Step 2:

Within the “C:\Temp” folder, place the Legacy Application

Step 3:

Create a new folder (C:\Temp\Example1), this will be our output folder after our wrapping is complete.

Step 4:

Open Command Prompt as Administrator and run the following command -
”C:\Temp\IntuneWinAppUtil.exe”

Step 5:

IntuneWinAppUtil.exe will launch within command prompt, provide the following information when prompted –

Ø  Please specify the source folder: “C:\Temp”

Ø  Please specify the setup file: jre-8u281-windows-i586.exe

Ø  Please specify the output folder: “C:\Temp\Example1”

Ø  The output file already exists, do you want to delete it? (Y/N)? N

Step 6:

Once complete, the window will automatically close and your wrapped file (jre-8u281-windows-i586.INTUNEWIN) will be created in the output folder.

Congrats! You have now successfully converted a legacy application to a readable state that Intune can accept and now we can move onto configuring our custom Win32 App profile.

Let’s start by heading to Endpoint Manager!

Step 1:

Endpoint Manager -> Apps -> Windows -> Add

Step 2:

Choose “Windows app (Win32)”

Step 3:

Provide the .INTUNEWIN file that we had just exported onto our “C:\Temp\Example1” folder

Step 4:

Under “App Information”, please fill out Name, Description and Publisher

Step 5:

Under “Program”, please fill out –

Install Command – jre-8u281-windows-i586.intunewin /s STATIC=Enable AUTO_UPDATE=Disable WEB_ANALYTICS=Disable REBOOT=Disable REMOVEOUTOFDATEJRES=1

Many applications will have different install commands that are called switches. You can locate specific switches for your application by opening PowerShell and navigating to your application following a “/?” at the end. If this does not work, then you will be able to find documentation online regarding your specific legacy application’s install parameters. For our example of installing Java Runtime Environment, this will be the install command.

Uninstall Command – msiexec /x {26A24AE4-039D-4CA4-87B4-2F32180281F0} /q

This uninstall command is the legacy applications package ID. This can be found by opening the application through a third-party program and locating where this string value above is. For our purposes, this package ID will only pertain to our specific version of JRE.

Step 6:

Under “Requirements”, please fill out –

Operating System Architecture – 32-bit + 64-bit

Minimum Operating System – “Windows 10 1607”

You can skip the rest of the boxes and move onto the next section.

Step 7:

Under “Detection Rules”, please select “Manually configure detection rules” -> “Add”

Rule Type : “File”
Path : “C:\Program Files\”
File or folder : “Java”
Detection Method : “File or folder exists”
Associated with a 32-bit app on 64-bit clients : “No”

Step 8:

Moving onto the “Assignments” section, please select “Add Group” under “Required”

Step 9:

Add in your group that you wish to target for this installation of JRE, it will be installed during the ESP (Enrollment Status Page) section of the Autopilot provisioning.

Congrats! You have now successfully pointed towards what group this new Win32 app will be deployed to and understanding how to convert legacy applications to be readable by Intune.