Body
Overview
This article describes how to add a new app to Intune.
Table of Contents
- Adding a new app
- Filling out parameters
- Deploy the app
Step 1: Adding a new app
In Intune, go to Apps on the sidebar, then choose Windows from the middle bar, under “By platform.”
On the top bar, click + Add.
On the sidebar that pops up, click “Select app type”; then, from the drop-down menu, choose the final option, Windows app (Win32), and click Select.
Click “Select app package file”
Under “App package file,” click the folder icon and navigate to your .intunewin package. Press OK.
Once you click OK, you will be taken to the Properties screen where you fill in the app's information. The app will not begin uploading until after all information is entered and reviewed.
Step 2: Filling out the parameters
1. App information
You will be taken to the app’s Properties section which you must fill out. Below are the default parameters provided for the example app followed by a completed version. More specific guidance is offered below.
Name: Uploaded apps should be named in the following format: <DEPT> - <App Name> <Full version number>
Please remember to prefix your app uploads with your departmental abbreviation to help us keep Intune organized effectively.
Description: Click "Edit description," which will take you to a new pane. Copy and paste a blurb about the app from its website or another source with enough information to help users determine the app's purpose, but keep it informational instead of promotional.
Publisher: The abbreviation your department uses for Intune. (eg., TS, AHS, etc.)
Version: If unknown, right-click the app's installer .exe or .msi, go to “Properties” and look at “File version.” This should match the version in the app name.
Category: Choose which categories best apply.
Show as featured: Choose this option if you do not plan to push the app, but instead would like users to be able to download it at will.
Info URL: This is usually the About Us section of an app website, or the main page if there is no About Us page.
Privacy URL: Here, link to the app website's Privacy Policy section. Every corporate website is required to have one; these are usually found towards the bottom in small text.
Developer: The company or individual that developed the app, available on the website.
Owner: Your departmental abbreviation again.
Notes: You can leave this blank, unless you have notes for other Intune managers regarding the app.
Logo: In the window that opens, upload an app logo from your computer. The best practice is to right-click the biggest version of the logo on the app's website, save it locally, and upload it here to ensure that the logo is current, specific to the correct version of the app, and formatted correctly for display as an icon (without a lot of blank spaces around the edges, and so on).
Click Review + save to proceed to the next screen.
Step 2. Program
Below are examples of unfilled and filled-out Program screens for the same app, with additional information following.
Install command: This will depend on your installer type and process.
If your installer is a .msi file, it is safe to just use the standard msiexec install parameters:
msiexec.exe /i {your-msi-product-code} /qn
The /qn parameter instructs the msi to install silently, providing no notifications to, and requiring no input from, the user throughout. This is highly recommended to include in your install parameters.
To call a PowerShell script with custom install parameters, you can use the following command:
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -Executionpolicy bypass -File .\path-to-your-installer.ps1
To enable detection of the installed app, an providing a detection of the MSI product code is ideal. You can obtain this code from a device on which you have installed the app, by reading the registry. Below is an example Powershell command you can use to retrieve a MSI product code.
For 64 bit apps:
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" | Select-Object -Property displayName, displayVersion | where {$_.displayName -like "*AppName*"}
For 32 bit apps:
Get-ItemProperty "HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" | Select-Object -Property displayName, displayVersion | where {$_.displayName -like "*AppName*"}
A note that sometimes, apps may contain a number of msi product codes for different individual programs within it. Additionally, Intune may detect msi product codes when the package is uploaded.
If no msi installer is available, you may have to find the vendor documentation to find the silent installation parameters to use.
Uninstall command: If msi, you may use the same msi install command as above, but with the /x argument instead of /i.
Allow available uninstall: Click No if you would not like users to have the ability to uninstall the app themselves.
Install behavior: Always keep System checked so that the app installs for all users of the targeted computer(s).
Device restart behavior: Here, you may determine whether your PC should be allowed to restart following the installation.
Return codes: These are not necessary to edit, but advanced users may customize them to their liking.
Step 3. Requirements
Below are before-and-after shots of an example Requirements page.
You can look up system requirements for apps online if you wish; usually, it is safe to skip all but the first two requirements unless necessary. We do not support any 32-bit Windows machines, but programs with 32-bit architecture may be installed on 64-bit machines. For the required Windows version, it is usually safe to choose the earliest version of 10 available, though you may vary this at your discretion.
Step 4. Detection rules
Detection rules change the parameters under which Intune registers whether or not an install completed successfully, and should always be added along with every app.
Under Rules format, choose Manually configure detection rules.
MSI is the preferred method of app detection. If unavailable, use file detection and point it to a file you have confirmed the app installs. (This field, like all in Intune, accept traditional DOS variables in the %var% format.) You can do version checks (for .exe files, for example) using this method as well. Registry is the trickiest to have work consistently.
Below is an example of a completed Detection rules screen.
Step 5. Dependencies
This is usually unnecessary as your script or install command should detect and install dependencies anyway.
6. Supersedence
Skip this unless told otherwise.
7. Scope
Scope tags determine which departments can see and use your app in Intune. Select your departmental scope tag from the list below, or type it in to look it up. It is generally best practice to wait to apply scope tags until after your app has been determined to have finished uploading and work correctly, so that users don’t try to access a partially- or incorrectly-installed program.
8. Assignments
Under Required, click Add group.
This will let you choose which device groups to push the app to.
Under End user notifications, click “Show all toast notifications," then choose "hide all toast notifications” if you do not want users to receive notifications when the app is installing or uninstalling.
With Group mode, you can mark groups for “include” and “exclude” status if, for example, you don’t want certain subgroups to receive the app while deploying to larger groups containing them.
Further options on this screen include scheduling app deployment for specific hours, and applying “grace periods” to warn users of impending restarts.
Best deployment practices
It is usually good idea to NOT assign an app as soon as you first upload it, but rather to wait until after the app has finished uploading, then assign so that users don’t complain about broken apps.
"Available for install" provides users the option to download that app at will, using Company Portal.
“Uninstall” will use the parameters you entered in the “Uninstall” field in Step 2,.
9. Review + create
Step 3: Deploying the app
Apps auto-deploy based on bandwith availability and can take up to 24 hours. You will receive an Intune notification when the package starts uploading and finishes uploading.
You may check if an app deployed successfully to machines by using the following methods:
- In Intune, go to Apps > Windows > Windows apps and search for your app. On the left-hand side of its page, check the Device install status page and sort by last modified.
- Open the device via the Devices pane in Intune, and check the Managed apps section on the sidebar.
You can troubleshoot installations by retrieving the Intune Management Extension logs or by going to a target device in Intune and clicking Collect diagnostic data on the Overview page, then wait for it to finish and click “Download”; within that zip file will be the aforementioned Intune Management Extension log, any log files you saved to directories such as %ProgramData%, and other resources to help you.