Deploy an MSI package to Intune for Windows Devices
Deploying MSI packages to Windows Devices is a common need. With more and more companies shifting computer accounts to Azure AD, many are beginning to shift from on-prem Device Management platforms to Intune. Intune, a long-running Cloud-based Device Management offering by Microsoft, is part of Microsoft Configuration Manager.
License Requirements
The licensing for Intune is outlined in this document from Microsoft. Many organizations leveraging Office 365 will find that their SKU includes Microsoft Intune.
Future of Windows Store For Business & Education
On July 2021, it was announced that the Windows store for School & Business is being retired. Organizations deploying software through the store using Intune store will need to start shifting to other methods. One method is to convert MSI packages into intune packages and assign them. This announcement was updated at the end of July 2022 with the plan to rely on Windows consumer store, essentially centralizing efforts. For those relying on Windows Store For Business & Education, it is important to review this announcement carefully to understand your next steps. For most, this will not be a significant transition.
MSI Packages In Intune
This section explains how you can convert your existing MSI packages to Intune.
Pre-Requisites To Convert MSI Packages
You will need:
Download and install the Microsoft W32 Content Prep Tool
.NET Framework 4.7.2 or latter
MSI Conversion Instructions
In the following instructions, you can change the file paths and such to meet your needs.
Create a folder in the root of C: (name it Intune). You can also name the folder as per your choice.
Download the Microsoft W32 Content Prep Tool from GitHub. A link can be found here.
Right-click the Microsoft-Win32-Content-Prep-Tool-master.zip file, likely in your downloads folder, and choose properties.
At the bottom of the properties windows under Security, Click The Unblock option and click Apply.
Click OK and open the Zip file. Extract the contents to the C:\Intune folder you created in step 1
Download the MSI package you wish to install.
If downloaded from an external source:
Right Click on the MSI file and choose properties.
At the bottom of the properties windows under Security.
Click The Unblock checkbox.
Click Apply.
Copy this MSI file to the C:\Intune folder (or the other folder name) created in Step 1.
Open PowerShell Window.
Type CD ‘C:\Intune’(or the name of the folder you had chosen in Step 1).
Replace File Name.msi with the MSI installer you would like to package
.\IntuneWinAppUtil.exe -c 'C:\Intune' -s ‘File Name.msi' -o 'C:\Intune'
Example for our Endpoint Client Agent:
.\IntuneWinAppUtil.exe -c 'C:\Intune' -s 'Endpoint Agent for Endpoint Agent-x64-1.123.0.msi' -o 'C:\Intune'
You will not have a .intunewin package for the next steps.
Microsoft Endpoint Manager / Intune Application Creation
Before continuing, consider the scope of the Application you wish to deploy. In other words, give a thought about who should get the installation, and should it be a required, or optional, install. During these steps, you will need to define this scope, and it is easier to execute the steps if the scope is defined before. You can choose both with some users getting it installed automatically and others having the option. The most straightforward method is to scope the installation to assign it to a Group and add users to this group.
In the following example, we have created a group called ThousandEyes EndPoint Agent – Install Required
Go to admin.microsoft.com
Login with an account that has the Intune Service Manager or Global Admin role.
At the bottom of the screen, click show all.
Under Admin Centers choose Endpoint Manager.
Click on Apps on the left navigation menu.
Click on Windows under the By Platform section.
Click Add.
For app type choose Windows app (Win32) (this is for 64-bit & 32-bit applications).
Click Select.
In the Add App screen, click the Select app package file link.
Browse to the file created in the previous section.
Click Ok.
Review the information on the screen and fill in any required fields.
Click Next.
Review the installation and uninstallation commands. You may customize them on this screen. It is recommended to test these on a workstation before putting them into the portal.
Click Next
Review the information on the screen and fill in any required fields. This can include any system requirements to failing installs for prerequisites.
Click Next
On the detection rules, you need to provide a method for Intune to detect the application is installed. For MSI installation, it is usually best to use an MS detection rule for the package ID. To do this:
Click Add.
Rule type MSI.
MSI Product Code (should be filled automatically).
Choose if the product should check the version or only if the ID is present.
Click Ok.
Click Next.
If you have any dependencies, add them on this screen.
Click Next.
On the assignments screen we will assign the application using the Group Mentioned above, or your own criteria. You can customize these steps to your needs. You can also scope it to a single user for testing and then change it later to a larger group.
Under required, select add group.
Search for the group ThousandEyes EndPoint Agent – Install Required.
Click Next.
Review all the settings and choose to Create.
Conclusion
Deploying software is a part of all device management programs. Even with the enhancements coming to Windows Store deployments, the need to bring traditional MSI packages into Intune, partof the Microsoft Configuration Manager suite, will continue to exist for quite some time. With the Microsoft W32 Content Prep Tool, this process has been made quite simple to use.
Last updated