Intune App Deployment - MSDN Documentation

Intune App Deployment: A Comprehensive Guide

Published: October 26, 2023

Microsoft Intune offers robust capabilities for deploying applications to your managed devices, ensuring users have the software they need with minimal intervention. This article provides a detailed walkthrough of the app deployment process within Intune, covering different app types and best practices.

Understanding App Types in Intune

Intune supports a variety of application types, each with its own deployment considerations:

Line-of-Business (LoB) Apps: Custom applications developed in-house or purchased from a third-party vendor.
Microsoft Store Apps: Applications available through the Microsoft Store for Business or Education.
Web Apps: Links to web-based applications that users can access.
Microsoft 365 Apps: Office applications deployed as a suite.
Win32 Apps: For more complex Windows applications requiring custom detection rules and install commands.

Steps for Deploying an Application

1. Adding an App to Intune

Navigate to the Microsoft Endpoint Manager admin center. Go to Apps > All apps > Add. Select the appropriate app type from the dropdown menu.

For example, to add a Line-of-Business app:

Select Line-of-business app.
Click Select.
Upload your application package file (e.g., .msi, .appx, .ipa).
Provide necessary app information such as Name, Description, Publisher, and Icon.
Configure assignment types (Required, Available for enrolled devices, Uninstall).

2. Configuring App Assignments

Once the app is added, you need to assign it to users or devices. The assignment type determines how the app is delivered:

Required: The app will be automatically installed on target devices or user devices.
Available for enrolled devices: Users can install the app from the Company Portal app or website.
Uninstall: The app will be removed from target devices.

You can target assignments to specific Azure AD groups, users, or devices.

3. Monitoring Deployment Status

Intune provides detailed reporting on app deployment status. You can view:

Device install status: See which devices have successfully installed the app, are pending, or have failed.
User install status: Track app installation status across user assignments.

Navigate to Apps > All apps, select your app, and then go to Device install status or User install status.

Deploying Win32 Apps

Deploying Win32 applications is a more advanced process that leverages the Microsoft Win32 Content Prep Tool. This tool packages your application files and scripts into a .intunewin format, which Intune can then deploy.

Key Steps for Win32 App Deployment:

Download the Win32 Content Prep Tool: Obtain it from the official GitHub repository.
Prepare your application: Package your installer files, scripts (install, uninstall, detection), and any other necessary assets.
Run the tool: Execute the IntuneWinAppUtil.exe with the appropriate source folder, setup file, and output folder.
Add the .intunewin file to Intune: In the Endpoint Manager admin center, select Windows app (Win32) as the app type.
Configure install and detection rules:
- Install command: Specify the command to silently install the application.
- Uninstall command: Specify the command to silently uninstall the application.
- Detection rules: Define how Intune detects if the app is already installed (e.g., MSI product code, file existence, registry key).
Define requirements: Set operating system architecture, minimum OS version, and disk space requirements.
Assign the app: Assign the Win32 app to your target groups.

                Best Practices for App Deployment
                Use a phased rollout: Deploy new or updated apps to a small group of users or devices first to identify any issues before a wider release.
Leverage Azure AD groups: Organize users and devices into logical groups for efficient targeting.
Automate with scripts: Use PowerShell or other scripting languages for complex installation or configuration tasks.
Test thoroughly: Always test your application packages and assignments in a controlled environment before production deployment.
Keep apps updated: Regularly review and update your deployed applications to ensure users have the latest features and security patches.

            

Troubleshooting Common Issues

If an app fails to deploy, check the following:

App package integrity: Ensure the uploaded package is not corrupted.
Silent install switches: Verify that your installer supports and is configured for silent installations.
Permissions: Ensure the Intune management extension has the necessary permissions to install applications.
Detection rules: Confirm that your detection rules accurately reflect the application's installation state.
Network connectivity: Ensure devices can connect to Intune services.

For advanced troubleshooting, review the Intune operational logs on the client device.

Important Note on Licensing

Ensure you have the appropriate licenses for the applications you deploy through Intune, especially for Microsoft Store and Microsoft 365 apps.

By following these guidelines, you can effectively manage and deploy applications across your organization using Microsoft Intune, enhancing productivity and security.