Deploy MSI using Intune Win32 App deployment

In this blog post, we’ll explore the process of deploying an MSI Installer-based application package using the Windows app (Win32) deployment method. We’ll be targeting Azure AD joined systems that are already enrolled in Intune. To illustrate the process, we’ll use an example application called eSigner.

Typically, the preferred method for deploying MSI applications is to use the “Line-of-business app” feature available on the Intune admin center. However, in this tutorial, we will be using the Win32 app deployment method to illustrate the process.

STEP 1 – Create .Intunewin file

I have created a comprehensive guide on how to create a .intunewin file for Win32 deployment. You can refer to it for a more in-depth explanation. However, for this blog post, I’ve provided a summary of the steps to create a .intunewin file below:

  • Create an empty folder and Copy the MSI Setup (esigner.msi) Installer in that folder.
  • Create Two Powershell Scripts called Install.ps1 and Uninstall.ps1 in the same location where you have copied the MSI Installer.
  • Download Microsoft Win32 Content Prep Tool, It is a zip file therefore extract its contents into a folder.
  • Create an empty folder for example C:\output or anywhere you like.
  • Repackage the esigner.msi file to .intunewin using IntuneWinAppUtil.exe which can be located in Microsoft Win32 Content Prep Tool.


  • Copy below line of code in Install.ps1 file.
msiexec.exe /i eSigner.msi /qn


To uninstall any MSI application using the command line, you will require its UninstallString value from the registry and use it to remove the app from the device.

For demo purposes, we are using eSigner MSI application, I have located its UninstallString at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall registry location.

eSigner MSI app installs three separate components and therefore I found three Uninstallstrings in the registry for this application. All of the Uninstallstrings will be used in our powershell script to remove the app.

UninstallString registry
UninstallString registry

Once you find the UninstallString of your application, you can replace it in the below Powershell Script. If you just have one UninstallString then remove the 2nd and 3rd line and just start only one msiexec.exe process.

Start-Process "C:\Windows\System32\msiexec.exe" -ArgumentList "/x {167F8EE9-83CE-471C-A7D1-BC777F0A8638} /quiet /noreboot" -Wait -NoNewWindow

Start-Process "C:\Windows\System32\msiexec.exe" -ArgumentList "/x {3a06e0d8-7b7c-4044-bf75-2817fd4384aa} /quiet /noreboot" -Wait -NoNewWindow

Start-Process "C:\Windows\System32\msiexec.exe" -ArgumentList "/x {ABBA3283-FE97-4223-BE77-281D85A8CB6D} /quiet /noreboot" -Wait -NoNewWindow
  • Launch the command prompt as administrator, change the current prompt location to where Microsoft Win32 Content Prep Tool is downloaded, and run below command.
IntuneWinAppUtil.exe -c <setup_folder> -s <setup_file> -o <output_folder>
  • <setup_folder> = Keep your MSI file and Powershell script in one folder and provide the location of that folder.
  • <setup_file> = Install.ps1
  • <output_folder> = Create an Empty folder somewhere and provide that location.


IntuneWinAppUtil.exe -c C:\temp\eSigner -s Install.ps1 -o C:\output

Once you run the above command, it will create an .intunewin file in the C:\output directory. We will use this file to deploy the package on End User Machines.

.intunewin file
.Intunewin file created successfully

STEP 2 – Create App deployment on Intune admin center

  • Login on Microsoft Intune Admin Center
  • Click on Apps and then click on All Apps
  • Click on + Add and Select Windows app (Win32) from the app type
Select Windows app (Win32) app deployment method
Select Windows app (Win32) app deployment method
  • Click on Select app package file to select the .intunewin file package created earlier.
Select app package file
Select app package file
  • Select App package file. Browse to the location of .intunewin file to select and click on OK.
Browse to .Intunewin file created in previous steps
Browse to .Intunewin file created in previous steps

App Information

After clicking on OK. you will be able to find an App Information page. This will provide a page to Update the Information about the Application. Enter the name of the Publisher on this page. Click on Next from your App Information page.


Provide the install command and uninstall command.

  • Install Command:
powershell.exe -Executionpolicy Bypass -File .\Install.ps1
  • Uninstall Command:
powershell.exe -Executionpolicy Bypass -File .\Uninstall.ps1
  • Install behaviour: System
  • Device restart behaviour: No specific action
Install and Uninstall Commands for deploying MSI using Win32 app deployment method
Install and Uninstall Commands for deploying MSI using Win32 app deployment method


You can specify the requirements that devices must meet in order to deploy the app. If your devices are a mix of 32-bit and 64-bit types, then check both the boxes for 32-bit and 64-bit in the Operating system architecture drop-down. Else, just go with 64-bit.

  • Operating System Architecture: Select 64-bit
  • Minimum operating system: Select according to the operating system version being used in your environment.
Provide Requirements / Conditions to Install this application
Provide Requirements / Conditions to Install this application

Detection Rules

  • Rules Format: Select Manually configure detection rules
  • Rule Type: File
  • Path: C:\Program Files (x86)\
  • File or Folder: Gemalto
  • Detection Method: File or Folder Exits
Detection rule for deploying MSI app using Win32 app deployment method
Detection rule for deploying MSI app using Win32 app deployment method


Click on Add group to add an Azure AD group containing users or devices. You can also click on Add all users or Add all devices.

Assign application to Azure AD group
Assign application to Azure AD group

Review + create

Review the deployment and click on Create.

STEP 3 – Monitor deployment progress

You can follow below steps to monitor the installation:

From the Microsoft Intune admin center >Apps > All apps. Click on the deployment and check the Overview page which will show the deployment status.

Monitoring status of deployment from Intune admin center
Monitoring status of deployment from Intune admin center


Unable to change the Install Behaviour while creating an app in Intune

If you are working with an MSI installer and using the Line-of-Business app or Win32 app deployment method, you may encounter a situation where the “Install behavior” option is greyed out and cannot be changed. This behavior is typically due to the nature of the MSI file, which may not allow deployment in either System Context or User Context, and the option is pre-populated based on the MSI file’s behavior.

If you are unable to deploy an MSI application due to the limitations of the Install behavior, you can follow the steps provided in the blog post. A helpful tip is to create your .intunewin package using an “Install.ps1” script as your setup file, instead of the MSI installer file. You can use the IntuneWinAppUtil.exe tool with the following command:

IntuneWinAppUtil.exe -c C:\temp\eSigner -s Install.ps1 -o C:\output.

Unable to change the Install Behaviour  Intune App
Unable to change the Install Behaviour Intune App


To deploy MSI applications in Intune, use the Line-of-Business app method. If you encounter issues, you can repackage the app as a .intunewin file and deploy it using PowerShell scripts. Win32 app deployment is handy for customizing installations, such as performing pre-installation checks or running post-installation scripts. Some MSIs may not install in the System Context, but repackaging as .intunewin with an Install.ps1 setup file can help change the Install Behavior for Intune deployment.

Leave a Comment