For your scenario, the modern and recommended approach is to use a Win32 app deployment. While it seems your app is an MSIX, wrapping it into a .intunewin package for a Win32 app deployment offers the flexibility and control you need.
Here’s a structured breakdown of the main deployment methods and why Win32 is the best fit for your requirement.
🎯 Comparing App Deployment Methods in Intune
To help illustrate the differences, here is a quick comparison of the main deployment methods:
| Feature | Win32 App (Created from .intunewin) | Line-of-Business (LOB) App | Microsoft Store App (New) |
|---|---|---|---|
| Microsoft’s Recommendation | Highly Recommended for flexibility and control | Not recommended for new deployments; may cause Autopilot issues | Suitable for simple apps from the Store |
| Reporting & Detection | Superior – granular detection logic and detailed reporting | Basic | Basic |
| Configuration | High – via custom scripts, registry keys, files, etc. | Low | None |
| Dependencies & Requirements | Supported – handles complex installations & prerequisites | Not Supported | Not Supported |
| Deployment Context | Can run in User or System context | Limited | Limited |
🚀 Recommended Path for Your MSIX App: Win32
Given your goal, let’s focus on the Win32 method. While it’s often used for EXE/MSI installers, it is perfect for your MSIX scenario because it allows you to achieve app deployment and initial configuration simultaneously.
Here is a step-by-step guide to implement this:
1. Prepare Your Installer and Configuration Script
You’ll need to package your MSIX together with a script that sets your configuration.
- Create a Project Folder: Assemble all necessary files, including your
.msixbundleor.msixinstaller, and a script to apply your configurations (e.g., setting registry keys or environment variables). - Create a PowerShell Script: Write a script (e.g.,
Install.ps1) to install the app and apply configuration. It should first deploy the MSIX (perhaps usingAdd-AppxPackage), then apply your specific configurations (e.g., writing registry keys).
2. Test and Prepare the Installation Script
Before proceeding, it’s crucial to test your script:
- Test on a clean Windows device (like a VM) to ensure it installs the app and applies configurations correctly.
- Pay close attention to detection logic (e.g., checking for a specific registry key’s value after configuration) to ensure Intune accurately reports the app’s fully configured state.
3. Wrap Everything into a .intunewin Package
Intune requires apps to be in a specific format.
- Download the Tool: Get the official Microsoft Win32 Content Prep Tool from GitHub.
- Run the Tool: Execute
IntuneWinAppUtil.exeand provide the paths to your source folder (with the installer and script), the setup file (yourInstall.ps1script), and an output folder for the package. - Get the Package: The tool will create a
.intunewinfile, which is ready for upload to Intune.
4. Create a New Win32 App in Intune
Now, you’ll add the app to the Intune portal.
- Navigate: In the Microsoft Intune admin center, go to Apps > All apps > Add and select Windows app (Win32).
- Upload: Upload the
.intunewinfile and fill in the app details. - Configure the “Program”: In the “Program” section, set the Install command to execute your PowerShell script. A common approach is:
powershell powershell.exe -ExecutionPolicy Bypass -File "Install.ps1"
Also, set the Uninstall command (if you have one) and choose Install behavior: System so the installation runs with elevated privileges. - Set Detection Rules: This is critical for your app to be successfully deployed. A detection rule is how Intune verifies that your app is successfully installed. Create a custom detection rule that checks for a “signature” you know will only exist after your app is fully installed and configured, such as a specific registry key or a file you create as part of your script.
The powershell.exe -ExecutionPolicy Bypass -File "Install.ps1" command is a standard and robust way for Intune to execute PowerShell scripts, as it ensures they run regardless of the system’s default execution policy.
💡 Additional Best Practices
For a seamless deployment, keep these additional best practices in mind:
- Use PowerShell App Deployment Toolkit (PSADT): For complex installations, consider wrapping your installer with PSADT. It provides a robust framework for handling installations, uninstalls, and various deployment scenarios.
- Always Assign to Device Groups: For required apps, always assign them to device groups rather than user groups to ensure the app installs regardless of which user signs in.
- Test on Pilot Groups: Before a full rollout, assign the app to a pilot group of IT staff or test devices to catch any issues early. This is especially important for new features and deployments.
⚙️ Handling App Configuration (App Config Policies)
For MSIX apps, a more native alternative is to use an App Configuration Policy.
- An App Configuration Policy is a separate policy in Intune that can pass settings to an app after it’s installed.
- How it works: The developer needs to code the app to read these settings when it launches. The settings are delivered as an XML or JSON file to a specific location on the device (e.g., the
%LocalAppData%\Packages\YourAppPackage\Settingsfolder). This method is cleaner for configuration but requires you to update your app’s code. - Your choice: You can decide between:
- Win32 Wrap: A quick, code-free way to handle config during deployment.
- App Config Policy: A more native, code-dependent way for post-deployment config.
I hope this gives you a clear path forward. If you run into specific challenges, feel free to share more details about your app and configuration needs.
