win32 App Deployment automated

18. January 2022

I have many different customers that basically need the same/similar base of win32 apps in Microsoft Intune. Entering the apps each time with the intunewin file, the name, the publisher, installation commands, etc. is unsatisfactory work.
So, it would be great to have the win32 App deployment automated, right?
That's why I created a repository with a software list and a PowerShell script that automates the win32 app deployment.

An advanced version of the script can be found here: The "Intune Win32 Deployer" | scloud

I have stored the code of the PowerShell script, an example CSV including repository, on my GitHub:

Script @GitHub

(The upload script is in the folder "_UploadWin32App")

Demo
Software CSV
- Sample CSV
Win32 Repository
PowerShell Script/Automation
App Assignment (tip)
Windows Sandbox
Summary

Demo

Software CSV

The CSV software list contains vital parameters for win32 apps: name, description, install/uninstall command, 'runs as,' and optional dependencies. I intentionally left out recognition rules and compatibility. I employ a custom script for recognition, ensuring compatibility with 64-bit and Windows 2004 or higher, yielding positive outcomes. The list and script can be further extended using the CSV.

Sample CSV

Name;Beschreibung;install;uninstall;as;Dependeny
7-Zip;7-Zip ist ein Packprogramm;%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\install.ps1;%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\uninstall.ps1;system
Code language: CSS (css)

Win32 Repository

In my repository, each program is in a folder with the program name analogous to the software list. This folder contains the files required for the installation and uninstallation routine (usually instal.ps1 and uninstall.ps1), a check.ps1 (detection rule) and a PNG with the program name. In addition, I immediately created the intunewin file in order to be able to carry out manual uploads or updates from the repo.

The folder content of such a win32 app using the example 7-Zip looks like this:

I documented how my win32 applications are structured in a previous blog post: my take on win32 apps - Intune

PowerShell Script/Automation

The automation is based on PowerShell with the module "Microsoft.Graph.Intune" and "IntuneWin32App". You can find the script here.

The modules can be installed via PowerShell as admin:

Install-Module IntuneWin32App -Force
Install-Module Microsoft.Graph.Intune -ForceCode language: PowerShell (powershell)

The structure and flow of the script is:

Import module and read in initial variables (tenant prefix and software repository)

Connection to tenant and login

Reading in the CSV (Software-list.csv from the repository)
Selection of the apps to be imported using a grid view (one or more possible)

Creation and upload of the selected apps
- update connection
- Read Intunewin file
- Read display name
- Create detection rule (always check.ps1)
- Set system requirements (x64 and Windows 10 2004+)
- Set display image
- Upload the app with parameters
- Wait 15 seconds to avoid being blocked by Azure
  (The waiting time prevents a blockage from Azure)

win32 automated - processing application

If there is a dependency:
- Check whether this already exists in the MEM.
- If not, upload using the parameters from the CSV
- Add dependency

That's it! You have automated the upload of your win32 app.
The application is in MEM with all variables, the icon and the dependency according to CSV.

App Assignment (tip)

The script itself does not assign the applications to any group.
In order to be able to implement the assignment quickly and not have to open every app again in the MEM, I use the Intune for Education Portal. The portal has been specially developed for schools and is only advertised for them. However, it is possible to access the Intune for Education portal from any tenant using the correct URL: https://intuneeducation.portal.azure.com

We can then use this to select a group and edit/select the assigned apps.

The apps are then assigned with one click.

Attention: If an app is deselected in a group, it is automatically set to "uninstall".

Windows Sandbox

It happens to me several times that modules cannot be used properly because they conflict with another or a specific version. That's why I use a preconfigured sandbox for the deployments, which installs the current modules with a double click and starts the script.

I've wrote about this in this previous post "Pre-installed PowerShell modules in Windows Sandbox"
You can find the corresponding sandbox file including PowerShell in my GitHub repo:
scloud/Windows-Sandbox/win32-automated at main · FlorianSLZ/scloud (github.com)

Summary

I've automated the win32 app deployment in Microsoft Intuner. Utilize my GitHub repository for efficient distribution using the 'Intune Win32 Deployer' script. It imports, connects, selects apps, creates, uploads, handles dependencies, and assigns apps via Intune for Education Portal

Lewis Brown says:

14. April 2022 at 13:22

Hi,

Thank you for allowing use of your script and csv template. I have used your script to upload multiple browser extensions into my tenants. One problem I have come across is that the script does not Start-Sleep, it just keeps going and I'm getting upload failures. Also the detection script.ps1 is not being uploaded at all, the apps will not get installed via the company portal because the detection is bugged and says that it's already installed. Have you had this issues yourself?

I look forward to your response.
Kind regards

- Florian says:
  
  14. April 2022 at 13:55
  
  Hi, unfortunately I noticed the same behavior in an upload this week.
  It seems like something changed in the latest version of the Module. I'm already working on a fix. I'll keep you posted.
  
  - Lewis Brown says:
    
    14. April 2022 at 15:58
    
    That's excellent. Thank you so much. I've Googled a bit trying to find answers and all I can find is that it seems to be that the check.ps1 script needs to be encoded in UTF8 format.
    https://githubplus.com/MSEndpointMgr/IntuneWin32App/issues/15
    
  - Kristoffer Schiemann says:
    
    5. May 2022 at 8:25
    
    Did you find a solution on this?
    
    - Florian says:
      
      5. May 2022 at 14:17
      
      Yes, the solution in Lewis's link worked.
      
      If you want to automate it, you can use the following PowerShell command:
      https://github.com/FlorianSLZ/scloud/blob/main/intune-win32-deployment/FIX_New-IntuneWin32AppDetectionRuleScript.ps1
      
      - Kristoffer Schiemann says:
        
        6. May 2022 at 8:53
        
        Thank you for a qucik fix! :).
        
        But i am not sure where to run this script? Should it run on all my clients?
      - Florian says:
        
        6. May 2022 at 15:45
        
        Yes, on the machine where you run the script. It is important, that you've installed the Modul in the user context.
Frank says:

9. August 2022 at 11:08

Hallo Florian - dein Blog ist eine Inspiration ! Vielen Dank dafür! Deine Beispiele und Ansätze sind sehr wertvoll und erstklassig umsetzbar!
Wir steigen gerade um von chocolatey auf winget und ich hoffe, dass auch du schon bald neue Ideen zum App-Deployment mit winget zum Besten gibst.

- Florian says:
  
  9. August 2022 at 20:41
  
  Hallo Frank, vielen Dank für dein tolles Feedback.
  Bezüglich Winget bin tatsächlich dran, da kannst du bald mit einem Beitrag rechnen 🙂

Desktop Verknüpfung(en) / Icon mit Intune verwalten | scloud

3. February 2022

[…] Verknüpfung/en gleich automatisiert hochladen? Dann habe ich hier einen Beitrag für dich: win32 App Deployment […]
Pre-Installed PowerShell Module in Windows Sandbox | scloud

22. February 2022

[…] Import von win32 Applikationen in Intune. (Blog-Beitrag) […]