advanced MSI packaging

YOU’RE READING

MSI Packaging In-Depth Training Book

by Alexandru Marin

Download ebook

Deploy with Intune

Intune is a cloud-based service provided by Microsoft that focuses on mobile device management (MDM) and mobile application management. It is also known as Microsoft Intune or Microsoft Endpoint Manager (MAM). It is part of the Microsoft Endpoint Manager tool suite and is intended to assist organizations in managing and securing their devices, applications, and data across multiple platforms such as Windows, macOS, iOS, and Android.

Intune includes a number of features and capabilities that help IT administrators manage and protect devices, deploy and manage applications, enforce security policies, and ensure compliance within their organization. Intune's key features include:

  • Device Management
  • Application Management:
  • Data Protection:
  • Compliance and Security:

Intune provides organizations with greater flexibility, scalability, and ease of use by providing a unified and cloud-native approach to managing and securing devices and applications. It works well with other Microsoft solutions and services, such as Azure Active Directory and Microsoft 365, to provide an all-encompassing endpoint management and security solution.

With Intune, organizations can use a centralized and cloud-based management console to implement modern management practices, empower their workforce to be productive on any device, and ensure the security and compliance of their digital assets.

Intune supports a variety of application deployment methods, but for the purposes of this book, we will focus on LOB (line of business) and Win32. Let's look at how these two deployment methods compare in Intune.

Looking at LOB (Line of Business) Applications, we can see the following conditions::

  • LOB applications are typically custom-built or specialized applications that an organization develops in-house to meet their specific business needs.
  • Deploying LOB applications entails directly uploading the application package (e.g.,.appx,.msi) to Intune. After that, the package is distributed and installed on managed devices.
  • LOB applications are primarily designed for modern platforms such as Windows 10 and later, but they may also support other platforms such as iOS and Android.
  • LOB applications are ideal for deploying custom or business-specific applications within a company. They are frequently organization-specific and may not be available in public app stores.
  • Intune offers LOB application management capabilities such as app installation, updates, and removal, as well as the ability to enforce policies and configurations specific to these applications.
  • For LOB applications to be deployed, the application package must be available for upload, as well as proper signing certificates and relevant metadata.

Win32 Applications, on the other hand, are intended for a variety of purposes.:

  • Win32 applications are traditional desktop applications that were not created with modern management platforms in mind.
  • The Intune Win32 App Packaging Tool is used to create an application package for Win32 application deployment. The application installer (e.g.,.exe), installation script, and other dependencies are typically included in the package. The package is distributed and installed on managed devices via Intune.
  • Win32 applications work with a variety of Windows versions, including legacy Windows 7 and Windows 8.1, 10, as well as modern Windows 11.
  • Win32 applications are appropriate for deploying traditional desktop applications, such as legacy or complex applications that may necessitate customization or special installation procedures.
  • Intune provides Win32 application management capabilities such as app installation, updates, removal, and policy enforcement. Furthermore, Win32 applications can use detection rules to determine whether or not the application is already installed on the device.
  • Converting the application installer into a format compatible with Intune, as well as relevant configuration files and detection rules, is required when creating a Win32 application package.

In summary, LOB applications are organization-specific applications, whereas Win32 applications are traditional desktop applications. LOB applications are typically designed for modern platforms, whereas Win32 applications are more universal. Both deployment methods offer management capabilities, but the packaging and deployment processes vary depending on the application. Depending on the application requirements and compatibility with the target devices and platforms, organizations can select the best deployment method.

To make it easier to understand the difference between the two, we can look at LOB applications somewhat as MSI deployments with SCCM and Win32 deployments are similar to Script installations in SCCM. Of course you need to take in consideration multiple factors when creating such applications and for now, the business standard usually leans to Win32 deployments. For now, let’s take a look at how to deploy you application with both methods.

Deploy MSI via LOBA

Deploying an MSI with LOB (Line of Business) applications in Intune involves a few steps. Here is a step-by-step guide to help you deploy an MSI using the LOB method in Intune:

Step 1: Prepare the MSI Package

Of course the first step is to create and prepare the MSI package with all the necessary configurations and adjustments before deploying it. In our case we will use the repackaged VLC Media Player MSI.

Step 2: Upload the MSI to Intune

- Sign in to the Microsoft Endpoint Manager admin center with your Intune administrator credentials.

intune mem admin center front page

- Navigate to "Apps" > "All apps." Click on "Add" to add a new app.

intune mem admin center add app

- Select "Line-of-business app" as the app type.

intune mem admin center loba select

- Select the App Package File

intune mem admin center loba app package

Step 3: Configure the App Details

- Provide the necessary details, such as the app name, description, and publisher information.

intune mem admin center loba app details

As you can see, just as the case with deploying MSI packages with SCCM, no detection method is requested because Intune automatically picks up the Product Code of the MSI package and uses it as a detection to check if the application has been successfully installed on the target devices/users.

Step 4: Assign the App to Groups

- Click on "Assignments" to assign the app to specific user groups or device groups and choose the appropriate groups based on your deployment requirements.

intune mem admin center loba app assign

Step 5: Review and Deploy the App

- Review the app settings and ensure everything is configured correctly. If everything is correct click on Create.

intune mem admin center loba app review create

Deploy EXE/VBScript/PowerShell via Win32

Deploying EXE installers, VBScript or PowerShell wrappers via the Win32 method requires more steps with Intune as it requires more steps with SCCM, so let’s take a look at what is necessary to create and deploy a Win32 Application.

Let us assume that we have created a PowerShell wrapper for our VLC Media Player repackaged application with PSADT.

Step 1: Prepare the PowerShell Script

Create or obtain the PowerShell script that you want to deploy. Ensure that the script performs the desired actions and is compatible with the target devices and platforms. We won’t go through all the steps on creating and modifying the PSADT template in this example. For more information check out our first MSI Packaging Ebook.

psadt create script

Step 2: Package the PowerShell Script

When it comes to Win32 applications in Intune, you can’t just upload the source media as it is and this must be converted to an .intunewin format using the Microsoft Win32 Content Prep Tool. The Microsoft Win32 Content Prep Tool is a command-line utility provided by Microsoft that assists in the preparation of Win32 app packages for deployment via Microsoft Endpoint Manager (formerly known as Microsoft Intune). It is intended to streamline the packaging process and ensure that Win32 app packages meet the requirements for enterprise deployment.

First, download the tool from the oficial Github repository. Once the tool is downloaded, extract it from the zip file. Next, open up a command prompt and use the following command:

IntuneWinAppUtil -c <setup_folder> -s <source_setup_file> -o <output_folder> <-q>

The.intunewin file will be generated from the specified source folder and setup file.This tool will retrieve the necessary information for Intune from an MSI setup file.If the -a option is used, all catalog files in that folder are bundled into the.intunewin file.It will be in quiet mode if -q is specified. The output file will be overwritten if it already exists.In addition, if the output folder does not already exist, it will be created.

win32 content prep tool

NoteThe Microsoft Win32 Content Prep Tool does not have a GUI, but if you want one you can download the IntuneWinAppUtil GUI utility for free.

Once the conversion is successful, the output folder should contain the .intunewin file necessary to upload to Intune.

win32 content prep tool output

Step 3: Create the Intune Win32 App Package

- Sign in to the Microsoft Endpoint Manager admin center with your Intune administrator credentials.

intune mem admin center front page

- Navigate to "Apps" > "All apps." Click on "Add" to add a new app.

intune mem admin center add app

- Select "Windows app (Win32)" as the app type.

intune mem admin center win32 select

- Select the App Package File, in our case the .intunewin file created earlier

intune mem admin center win32 app package

Step 4: Configure the App Details

- Provide the necessary details, such as the app name, description, and publisher information

intune mem admin center win32 app details

Step 5: Define the Installation parameters and behaviors

- Fill in other relevant information, such as the installation command and uninstall command. Most of the behavior is similar to SCCM methods

intune mem admin center win32 app install

Step 6: Define Application Requirements

- Specify any requirements or dependencies for the app, such as minimum operating system versions or device architectures.

intune mem admin center win32 app requirements

Step 7: Define the Detection Method

- Specify the detection method for the app, which determines whether the app is already installed on the target device. Because we have an MSI we can still use the Product Code of our MSI as a detection method

intune mem admin center win32 app detection

Step 8: Configure Dependencies

- If required, add any dependencies to ensure the app is deployed correctly

intune mem admin center win32 app dependencies

Step 9: Configure Supersedence

Supersedence in Intune apps refers to the ability to replace or upgrade an existing deployed application with a newer version. It allows you to manage the lifecycle of applications by automatically detecting and handling updates or upgrades to applications in your environment.

When an application is superseded, it means that a new version of the application is available, and Intune will handle the process of replacing the older version with the new one on targeted devices. Supersedence helps ensure that devices stay up to date with the latest versions of applications, providing improved functionality, security updates, and bug fixes.

intune mem admin center win32 app supersedence

Step 10: Assign the App to Groups

- Click on "Assignments" to assign the app to specific user groups or device groups and select the appropriate groups based on your deployment requirements.

intune mem admin center win32 app assign

Step 8: Review and Deploy the App

Review the app settings and ensure everything is configured correctly. If everything is correct click on Create.

intune mem admin center win32 app create

As you can see, the Win32 deployments are more lengthy and require more steps, but if you look closely it gives you a more granular view and control of your application deployment, hence why this method has been widely adopted by the IT Professionals.

advanced MSI packaging

YOU’RE READING

MSI Packaging In-Depth Training Book

by Alexandru Marin

Download ebook