With the win32 app packages, the Endpoint Manager / Intune offers an excellent opportunity to distribute more complex applications, processes or settings to the devices.
A Win32 app can consist of any combination of scripts, data and installation files. In order to unify the basic structure and to be able to offer a log, all my packages consist of at least two files, which I use as a template.

Table of Contents


Because I'm a big fan of PowerShell and almost everything can be implemented with it, I have a PowerShell script for the installation and uninstallation routine.
I also use a PowerShell script for complex recognition rules.

Here are the files I use in my template:

install.ps1Packs the installation routine in a PowerShell transcript (log) and writes it locally on the device.
uninstall.ps1Wraps the uninstallation routine in a PowerShell transcript (log) and writes it locally on the device.
check.ps1Serves as a detection rule for the package.
Optionally, detection rules can also be created manually in the MEM.

Alternatively offer that PSAppDeployToolkit an excellent way to create apps.

Contents / Explanation install.ps1

Here you insert your installation routine.
This can be as simple as calling an EXE / MSI with a silent parameter, or it can consist of many different commands and processes.

From the template you have to exchange / supplement the first line and line 8.

install.ps1 template

If you want the log to be saved to a different location, you can simply change the path within the variable $Path_local to adjust.

Contents / Explanation uninstall.ps1

The structure of the deinstallation script is identical to that of the installation. Here, too, you adjust the package name and the routine.

uninstall.ps1 template

Content / Explanation check.ps1

The Intune / Microsoft Endpoint Manager knows whether a package has been successfully installed, we have to store a detection rule in each Win32 app. This can either be created manually (online in the UI) or using a PowerShell script.

With the manual detection rules you have the choice between MSI codes, files and registry entries. These options are very well documented and described at Microsoft: Detection rules, add and assign Win32 apps to Microsoft Intune | Microsoft Learn

If you want to create a complex rule, I have already provided you with many suggestions in the package. I also wrote a separate post about it: Custom Detection Script for Intune (win32 apps)

Create and upload an app package (intunewin).

To upload a Win32 app to Intune, we need to pack the created package into an Intunewin file.
You do it like this: Create Win32 App / .intunewin

Once the Intunewin file has been created, it can be published with the following configuration:

  • Apps > Windows + Add
app information
  • Store installation and deinstallation commands, system / user depending on requirements
installation%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\install.ps1
Uninstallation%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\uninstall.ps1
install command
  • Requirements depending on the application
  • Detection Rule, Custom: check.ps1 or manual
win32 detection rule
  • Declare dependency if necessary
  • Assign and finished.