A Complete Guide to Deploying Win32 Applications via Microsoft Intune

Written by Alex Marin · March 8th, 2024

In today's technology-driven workplace, deploying Win32 applications efficiently and securely is a critical challenge for IT departments.

Microsoft Intune, a robust cloud-based service for mobile device and application management, offers a comprehensive solution for this task.

In this article, we'll:

  • dive into the Win32 deployment type in Intune,
  • explore the Win32 Content Prep tool,
  • guide you through converting your application to an IntuneWin file,
  • show you how to upload and deploy it in Intune,
  • ideal scenarios for implementing Win32 deployment.

Before diving into the intricacies of Win32 deployment, let's first familiarize ourselves with Microsoft Intune, its critical function in the IT management world, and the various application deployment options it offers.

About Microsoft Intune

Microsoft Intune, a pivotal cloud-based service for mobile device management (MDM) and mobile application management (MAM), plays an essential role in the dynamic landscape of enterprise mobility and security.

Part of Microsoft's Enterprise Mobility + Security (EMS) suite, it enables organizations to manage both the devices employees use to access company data and the applications they use in their day-to-day work. It integrates seamlessly with Azure Active Directory and Azure Information Protection, offering a holistic approach to device, application, and data management.

Intune's capabilities extend to managing a variety of devices, including laptops, tablets, and smartphones, and it covers both company-owned devices and personal devices under Bring Your Own Device (BYOD) policies.

Application Deployment Options in Microsoft Intune

Microsoft Intune provides a range of options for deploying applications, each designed to handle different kinds of applications and deployment scenarios.

One of the primary deployment types in Intune is the Mobile Application Management (MAM) for apps designed for mobile devices. This deployment type is ideal for managing and securing company data within apps on personal or corporate-owned mobile devices, without the need for full device management.

For more traditional desktop applications, Intune can deploy Line of Business (LOB) apps. This deployment type is used primarily for applications that are not available in public app stores, allowing IT administrators to deploy custom-built or proprietary applications directly to devices.

The most versatile and comprehensive deployment type Intune offers is the Win32 app deployment. This deployment type revolutionized Intune's capabilities, extending its reach beyond mobile and simple desktop applications to more complex and legacy Win32 applications.

Now that we've covered the basics of Microsoft Intune and its application deployment options, let's move on to understanding Win32 Deployment in Intune in detail.

NoteYou can check our SCCM to Intune Migration article and find out why Intune is one of the best Microsoft SCCM Alternatives.

What Is Win32 Deployment and What Are Its Advantages

Win32 deployment is a game-changer for many organizations as it allows them to manage and deploy traditional desktop applications within a modern cloud-based environment. This is particularly significant for applications that require complex installation processes or scripts, which are common in enterprise settings.

The Win32 deployment type supports a variety of file formats including .exe, .msi, and .msp, and it provides advanced features like dependency management, detection rules, and return codes.

These features enable administrators to have granular control over the deployment process, ensuring that applications are installed correctly and function as intended on the user's device.

Moreover, it allows IT administrators to deploy these desktop applications in a modern management environment, even though the applications may not be built for such environments.

NoteOriginally, Intune was more focused on managing mobile devices and applications. However, the advent of the Win32 app deployment capability bridged the gap, allowing comprehensive management and deployment of both mobile and desktop applications within the same framework.

Key features include:

  • Win32 deployment supports complex installation scripts, including .exe, .msi, and .msp installers. This flexibility is vital for organizations that use custom scripts or have legacy applications.
  • Win32 applications can have dependencies, which means that other applications or software components can be prerequisites for installing the main application.
  • Detection rules identify if an application is already installed on a device, avoiding unnecessary reinstalls and ensuring applications are installed only as needed.
  • Customizable return codes in Win32 deployment allow for more precise control over the deployment process. They help in understanding the success or failure of an installation.
  • Administrators can configure various aspects of the deployment, such as command-line arguments, installation behavior, and user context.

TipWin32 deployment in Intune represents a significant advancement in the realm of device management. It not only extends the capabilities of Intune to traditional desktop applications but also ensures a secure, scalable, and user-friendly environment for application deployment and management.
This makes it an invaluable tool for modern IT departments seeking to streamline their application deployment strategies while embracing cloud-based management solutions.

The Win32 Content Prep Tool

The Win32 Content Prep Tool is crucial for deploying Win32 applications via Microsoft Intune, converting traditional desktop applications into a format compatible with Intune’s Win32 app deployment.

It primarily converts application installation files, such as .exe or .msi files, into the .intunewin format, which is required for Intune deployment.

The tool creates a compressed encrypted package containing the installation files and any additional metadata needed for deployment.

This process not only ensures that the applications are ready for deployment through Intune but also secures the content during transit and storage, which is critical for maintaining data integrity and security.

One of the key benefits of using the Win32 Content Prep Tool is its ability to handle complex installation scenarios. Many traditional desktop applications come with a range of installation parameters, scripts, and configurations.

The Win32 Content Prep Tool allows these complexities to be encapsulated within the .intunewin package, facilitating a smooth and controlled deployment process through Intune.

TipThe tool supports adding extra command-line arguments and installation instructions, allowing IT administrators to tailor deployments to their organization's unique requirements.
This customization is particularly beneficial for deploying applications with specific settings or configurations across various groups or departments.

Downloading the Win32 Content Prep Tool

To prepare applications for deployment through Microsoft Intune with the Win32 Content Prep Tool, start by downloading the tool. The download process is simple and involves several steps to get the tool ready for use. Here's what you need to do:

  • The Win32 Content Prep Tool is available on GitHub, in Microsoft's repository. You can find it by searching for "Intune Win32 Content Prep Tool" on GitHub or through a search engine, or you can click here.
  • Once you find it, click on Code and select Download Zip.
  • After downloading the file, navigate to the download location on your computer and extract the zip file.
Microsoft Win32 Content Prep Tool

You are now ready to start converting your applications into the .intunewin format required for Win32 app deployment in Microsoft Intune.

Converting Applications Using the Win32 Content Prep Tool

Converting an MSI file with a PowerShell script wrapper into a .intunewin file using the Win32 Content Prep Tool involves a series of steps.

NoteThis process ensures that the MSI file, and the PowerShell scripts, are packaged correctly for deployment through Microsoft Intune.

The first step is to launch a cmd window and navigate to the folder where the Win32 Content Prep tool has been previously extracted. To find out all the available commands run:

IntuneWinAppUtil.exe -?
IntuneWinAppUtil.exe in CMD

To create an IntuneWin conversion, run IntuneWinAppUtil.exe and you'll be prompted to select the source folder. This is where you should choose the folder containing your MSI file and the accompanying PowerShell script.

ImportantBoth the MSI file and the PowerShell script must be in the same folder for the tool to package them together effectively.

IntuneWinAppUtil select folder

Next, specify the setup file within the source folder. If you're using a PowerShell script to install the MSI file, this script is your setup file. Think of the script as the installer and the MSI file as the application you're installing.

The tool will prompt you to select the setup file – this is where you pick your PowerShell script.

IntuneWinAppUtil select setup file

After selecting the setup file, the tool will ask for the output folder. This folder is where the .intunewin file will be saved after the conversion process. You can choose any location on your computer that is convenient for you.

After you’ve entered all required details, the tool packages the MSI file and the PowerShell script into a single .intunewin file. This packaging process involves compressing the files and encrypting them, making them secure and ready for deployment.

You'll find the completed .intunewin file in the chosen output folder, ready for uploading to Microsoft Intune for deployment.

Intunewin file

Uploading and Deploying a Win32 App in Intune

Uploading a .intunewin file to Microsoft Intune is an essential step in deploying your packaged applications to your managed devices. This process involves a few key actions within the Intune portal to ensure your application is ready for distribution.

First, you need to sign in to the Microsoft Endpoint Manager admin center. This is where you will manage all your Intune deployments.

Once logged in, navigate to the 'Apps' section, where you can manage and add new applications.

In the 'Apps' section, click on the option to add a new app. Intune offers several app types to choose from. For the `.intunewin` file, you need to select the 'Windows app (Win32)' option as this is the correct type for applications packaged using the Win32 Content Prep Tool.

Intune All Apps view

Once you’ve chosen the app type, you will be prompted to upload the `.intunewin` file.

Click on the browse button and navigate to the location of your `.intunewin` file.

Select the file and upload it to the Intune portal. This process may take a few minutes, depending on the size of your file.

Select App File in Intune

After uploading, enter the application's details, such as its name, description, publisher, and other relevant details. These details are important as they help identify and manage the app within Intune.

Intune App Information view

Next, configure the app settings by defining the install and uninstall commands for your application. Ensure these commands align with what you established during the .intunewin file creation to guarantee correct installation and uninstallation on devices.

Intune Program view

For deploying applications that are wrapped with PowerShell scripts, use the following command:

powershell.exe -ExecutionPolicy Bypass -File test.ps1

Once the app settings are configured, you have to assign the app to groups within your organization. This determines who will receive the app. You can assign it to specific user groups or device groups or make it available for all users.

The final step is to review and create the application. Intune will show you a summary of your settings. Review these settings to ensure everything is correct, and then create the app.

This step finalizes the upload process, making your app ready for deployment via Intune.

This step-by-step process ensures the accurate upload of your `.intunewin` file to Microsoft Intune, facilitating the deployment of your Win32 application to your managed devices. By following these instructions, you can confidently manage the distribution of your applications within the Intune environment.

Get the latest insights, updates, and practical tips from Advanced Installer to enhance your organization's application packaging and deployment.

Subscribe to Our Blog

Practical Use-Cases: Ideal Scenarios for Implementing Win32 Deployment

There are many scenarios where Win32 deployment is the preferred method.

Here are some of them:

Legacy Application Management

Many organizations rely on legacy applications critical for their daily operations. These applications, often designed before the cloud era, may not be compatible with modern deployment methods.

Windows legacy apps refer to software applications that were developed for older versions of the Windows operating system, such as Windows 95, Windows 98, Windows 2000, Windows XP, and even Windows 7. These applications may not be fully compatible with the latest Windows versions (e.g., Windows 10, Windows 11) and often lack modern user interface elements and security features.

Here are some examples of Windows legacy apps:

  1. Microsoft Office 2003: This version of Microsoft Office includes applications like Word, Excel, and PowerPoint, which are considered legacy software as they were released for older Windows versions.
  2. Winamp: Winamp was a popular media player for Windows in the late 1990s and early 2000s. While it's not actively developed anymore, some users may still prefer it over modern media players.
  3. Internet Explorer 6: Internet Explorer 6 (IE6) was the default web browser for Windows XP. It is considered a legacy browser due to its lack of modern web standards support and security vulnerabilities.
  4. Paint Shop Pro 7: This is an older version of the popular graphics editing software Paint Shop Pro. While it has been succeeded by newer versions and other software like Adobe Photoshop, some users still use it.
  5. Microsoft Encarta: Encarta was a popular digital encyclopedia that Microsoft discontinued in 2009. Some people might still have the legacy version installed on older Windows machines.
  6. Windows Media Player 9: Windows Media Player 9 is a legacy media player included with older versions of Windows. It lacks many of the features found in newer media players.
  7. WinZip 8: WinZip is a file compression utility, and version 8 is considered a legacy version compared to more modern alternatives like 7-Zip.
  8. AOL Instant Messenger (AIM): AIM was a popular instant messaging application in the early 2000s. It was discontinued in 2017, but some users might still have it installed on older systems.
  9. Microsoft Windows Movie Maker: This video editing software was included with earlier versions of Windows but has been replaced by more advanced video editing software like Windows Video Editor.
  10. Napster: The original Napster was a file-sharing application from the late 1990s that allowed users to share music files. It's no longer in use, but some might remember it as a legacy app.

These examples showcase a range of applications that were widely used on older Windows platforms but may not be suitable for modern Windows operating systems due to compatibility issues and the lack of ongoing development and support. Users who need to run such legacy apps may need to use compatibility modes or virtualization solutions to make them work on newer Windows versions.

Intune's Win32 deployment allows these legacy applications to be packaged and deployed efficiently across the organization, ensuring continuity of operations without the need for immediate, costly redevelopments.

Complex Software with Custom Scripts

Advanced software solutions frequently require complex installation procedures involving custom scripts, configurations, and multiple steps.

Win32 deployment supports the use of customized installation scripts and configurations, enabling IT administrators to automate and streamline the deployment of such complex software packages.

Multi-Component Software Deployment

Certain applications depend on other software components or prerequisites (like specific .NET Framework versions or additional utilities) to function correctly.

Administrators can define and manage these dependencies, ensuring all necessary components are installed in the correct order, simplifying the deployment process, and reducing failure rates.

Remote Workforce Software Distribution

With the rise of remote work, organizations need to distribute software to employees working from various locations and on different networks.

Intune facilitates the deployment of applications to remote devices securely and efficiently, without the need for VPN or direct network access to company servers.

Frequent Software Updates and Patch Management

Regularly updating software for bug fixes, security patches, and new features is crucial for maintaining operational efficiency and security.

Intune enables administrators to manage updates and patches efficiently, ensuring that all devices are up-to-date with the latest software versions, thus maintaining security and functionality.

In each of these scenarios, Win32 deployment via Microsoft Intune is a practical and efficient solution, addressing common challenges faced in modern IT environments. Its versatility in managing a variety of application types, together with its integration into the broader Microsoft ecosystem, makes it a valuable tool for organizations seeking to streamline their application management processes.


Deploying applications with Microsoft Intune, particularly through Win32 deployment, marks a significant advancement in IT management. The Win32 Content Prep Tool is critical, allowing for the conversion and packaging of traditional desktop applications – even those with intricate installation requirements – into a format ready for Intune distribution.

The process, from converting applications into .intunewin files with the Win32 Content Prep Tool to their deployment on the Intune platform, is both comprehensive and secure. It simplifies the deployment across various devices and ensures secure, efficient, and manageable application delivery.

Win32 app deployment in Intune addresses the challenges of managing both legacy and modern applications. It offers the flexibility and control needed to deploy applications in a variety of scenarios, from traditional office environments to remote work settings. This flexibility is key in today’s ever-evolving workplace, where the ability to rapidly and securely distribute software can significantly impact productivity and operational efficiency.

Moreover, the integration of Intune with other Microsoft services enhances its value, providing a unified and robust platform for managing all aspects of enterprise mobility and security.

Looking ahead, the role of tools like Microsoft Intune and the Win32 Content Prep Tool will undoubtedly continue to grow. They are set to play a key role in helping organizations navigate the challenges of managing a diverse and dynamic digital environment. The ability to efficiently manage and deploy applications is not just a matter of convenience but a critical component in ensuring security, compliance, and competitiveness in a digital-first world.

This in-depth look at the Win32 app deployment process in Intune highlights its importance in modern IT environments and the advantages it brings to organizations looking to optimize their application management strategies.

We know you’re busy.

But you still want to be informed.

Subscribe to our blog and keep up with the rapidly changing IT environment by subscribing to our blog.

Subscribe Now

Written by
See author's page
Alex Marin

Application Packaging and SCCM Deployments specialist, solutions finder, Technical Writer at Advanced Installer.