Deploy MSI using Intune Win32 App Method

In this blog post, I will show you how to deploy MSI using Intune Win32 app method. You can deploy MSI application using line-of-business method available in Intune. Line of business app method is more straightforward and easy to use for simple MSI deployments.

However, if your deployment is more complex and requires additional actions before or after the MSI installation, or if you need to package and deploy other supporting files together, you can use Windows (Win32) app method. This method is also useful when you need to package the app as a Win32 app for installation during the Autopilot OOBE phase, especially if the line-of-business Intune deployment for that app is failing.

Method 1: Without Using PowerShell Scripts

In this method, you download the MSI installer and create .intunewin file including only this MSI installer in the intunewin package, then use that package to create a Win32 app deployment in the Intune admin center. When you create Intune deployment, you can specify the msiexec command in the Program tab with the required switches for installation and uninstallation.

I’ve detailed these steps in another blog post that covers deploying Cisco Webex MSI using the Win32 app method. Refer to the post: Deploy Cisco Webex on Windows using Intune for steps.

Method 2: Using PowerShell Scripts

You can also deploy an MSI installer using Win32 app deployment method + PowerShell scripts. In this approach, create the necessary PowerShell scripts and place them in a folder along with MSI installer file. You will create two PowerShell scripts: install.ps1 and uninstall.ps1. Install.ps1 will contain the required commands to install the app and uninstall.ps1 will contain the commands to uninstall the app.

If an app requires, pre-install and post-install commands, then you can include them in your install.ps1 script. Test the scripts manually on a test device first, and it’s working fine, use it for deployment.

For creating the deployment, place all the source installation files into a folder. This will be your MSI installer file, install.ps1 and uninstall.ps1 file. If you have customized the MSI installer, and you also have a .msp file, place all of them in a dedicated source folder. Then create Intunewin file using this source folder and deploy the app. In the next sections, I have demonstrated this process.

1. Download MSI Application

First step is to download the MSI application on your local computer. For demo purposes, I would be using an app called eSigner.msi. However, you can use any other MSI application and follow these steps.

2. Prepare PowerShell Scripts

In this step, we will create two scripts: Install.ps1 and Uninstall.ps1. Install.ps1 script will contain the commands to install the app silently, while the Uninstall.ps1 script will include the commands to uninstall the app.

Install.ps1

Use below line of code to install your MSI app silently. Replace the MSI file name with the one for the application you are deploying.

I used /qn switch to install the application silently. If you want to include additional command-line switches, you can add them to the command. Refer to the link: #command-line-switches to learn about the available switches for the Cisco Webex app. Similar to this, you can get the command line switches for the app you are deploying. Check application official documentation for the correct command-line options.

install.ps1

msiexec.exe /i eSigner.msi /qn

Uninstall.ps1

To uninstall any MSI application using the command line, you will require UninstallString. You can get this value from application documentation or by installing the app on a device and retrieving it from the registry.

If you want to take the route of installing the app and then obtaining its UninstallString from registry, then follow these steps:

• Install the MSI app on a test device.
• Open registry editor and navigate to the location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall. Go through the sub keys to locate your app using DisplayName registry entry.

An important point to note that when you install any MSI app on a device, it may install many components. Go through Uninstall registry key to find all the subcomponents and their corresponding Uninstallstring value.

Finding UninstallString value

Create a file named Uninstall.ps1 and copy below code into it. Replace the UninstallString value with the one specific to your application. If your app has only one UninstallString, keep just a single msiexec command and remove the second and third lines of code.

Uninstall.ps1

Start-Process "C:\Windows\System32\msiexec.exe" -ArgumentList "/x {167F8EE9-83CE-471C-A7D1-BC777F0A8638} /quiet /noreboot" -Wait -NoNewWindow

Start-Process "C:\Windows\System32\msiexec.exe" -ArgumentList "/x {3a06e0d8-7b7c-4044-bf75-2817fd4384aa} /quiet /noreboot" -Wait -NoNewWindow

Start-Process "C:\Windows\System32\msiexec.exe" -ArgumentList "/x {ABBA3283-FE97-4223-BE77-281D85A8CB6D} /quiet /noreboot" -Wait -NoNewWindow

3. Create .Intunewin file

We’ve created the necessary PowerShell scripts to install and uninstall the app. Make sure you’ve tested the scripts manually and confirmed they work correctly. Once verified, follow the steps below to create the .intunewin file.

• Create an empty folder and copy the MSI Installer file (for example: esigner.msi) into that folder. For demo, I have created a folder called eSigner under C:\temp.
• Copy Install.ps1 and Uninstall.ps1 in the same folder where you copied the MSI Installer.
• Download Microsoft Win32 Content Prep Tool, It is a zip file, extract its contents into a folder.
• Create an empty folder, for example, C:\output, or use any other folder.
• Repackage the Setup files including the MSI file to .intunewin using IntuneWinAppUtil.exe.

• Launch the PowerShell console, change the current prompt location to where the Microsoft Win32 Content Prep Tool is extracted, and run below command.

Example (Replace the values as per your deployment)

.\IntuneWinAppUtil.exe -c C:\temp\eSigner -s Install.ps1 -o C:\output

IntuneWinAppUtil.exe -c <setup_folder> -s <setup_file> -o <output_folder>

• <setup_folder>: Keep your MSI file and PowerShell script in one folder and provide the location of that folder.
• <setup_file>: Install.ps1 (This is our installation script which will run on the device to install the MSI app)
• <output_folder>: Create an empty folder or use an existing folder and provide the location.

Command Syntax

Once you run the above command, it will create a .intunewin file in the C:\output directory.

For more detailed information about creating .Intunewin file, refer to the blog post: How to create an IntuneWin file.

4. Create Win32 app deployment

After you have created intunewin file, use it to create Windows app (Win32) app deployment on Intune by following below steps:

• Sign in to the Intune Admin Center > Apps > All Apps.
• Click on + Create and Select Windows app (Win32) from the app type.

• Click on Select app package file to select the .intunewin file package created earlier.

• Select App package file. Browse to the location of .intunewin file to select and click on OK.

• App Information tab: Click on Select app package file to browse to Webex_en.intunewin file.
  • Name: Verify the name of the app, update if required.
  • Description: Verify the description or leave default.
  • Publisher: Update the Publisher of the app.

The remaining fields on the App information tab are optional; however, I recommend filling them in, as this information can help other team members during troubleshooting.

• Program tab:
  • Install command: powershell.exe -Executionpolicy Bypass -File .\Install.ps1
  • Uninstall command: powershell.exe -Executionpolicy Bypass -File .\Uninstall.ps1
  • Installation time required (mins): Keep default
  • Allow available uninstall: Keep default
  • Install behavior: System
  • Device restart behavior: No specific Action
  • Specify return codes to indicate post-installation behavior: Keep default

• Requirements: Specify the requirements that the devices must meet before the app is installed.

• Detection Rules:
  • Rules Format: Select Manually configure detection rules
  • Rule Type: File
  • Path: C:\Program Files (x86)\
  • File or Folder: Gemalto
  • Detection Method: File or Folder Exits

• Assignments: Assign the app to Entra security groups that contain the target users or devices. As a best practice, pilot with a small set first; once validated, roll it out more broadly. For guidance on assignment strategy, see Intune assignments: User groups vs. Device groups.

• Review + create: Review the deployment and click on Create.

Monitor Deployment progress

From the Intune admin center >Apps > All apps. Click on the deployment and check the Overview page to show the deployment status.

Fix Unable to Change the Install Behavior Issue

If you are working with an MSI installer and using the Line-of-Business app or Win32 app deployment method, you may encounter a situation where the Install behavior option is greyed out and cannot be changed. This behavior is typically due to the nature of the MSI file, which may allow deployment in either System Context or User Context, and the option is pre-populated based on the MSI file’s behavior.

If you’re unable to deploy an MSI application due to Install behavior limitations, use Method 2 from this post, which deploys the app using Install.ps1. When you create a Win32 app deployment with an .intunewin package that specifies Install.ps1 as the setup file, you’ll be able to choose the desired install behavior. Note that the script runs in the system context, executing the commands exactly as written. You can also include the ALLUSERS=1 switch with msiexec (if supported by your MSI installer) to install the app for all users on the device.

Conclusion

To deploy MSI applications in Intune, use the Line-of-Business app method. If you encounter issues, you can repackage the app as a .intunewin file and deploy it using PowerShell scripts. Win32 app deployment is handy for customized installations, such as performing pre-installation checks or running post-installation scripts.