ALL IN THE CLOUD: Technical Tips for Intune Packaging, Scripting and Configuring

By Mary Vacherweill posted 05-23-2025 12:16

Like

Please enjoy this blog post authored by Mary Vacherweill, Sr. Applications Administrator, Faber Daeufer & Itrato PC.

In this part 2 of my ALL IN THE CLOUD series (see ALL IN THE CLOUD: Leveraging Microsoft Intune When Imaging for part 1) I will delve into some more advanced tips and tricks for working with Intune to deliver application deployment, configuration and management. Let’s explore how you can use Intune for packaging, scripting, and uploading applications in a way that makes your workflow smoother.

Getting Started with the Microsoft Store App

First up, let’s talk about the Company Portal, which is your go-to hub for managing applications in Intune. In the Microsoft Intune Admin Center go to Apps > Windows apps > Add > Microsoft Store app (new) Select. You can now search the entire store by entering desired terms – search for Company Portal and highlight to select it. Fill out the desired information and then advance to the assignments tab. Here I advise two considerations: (1) under Required, if you may want to use Auto Patch in the future, it’s a best practice to use Entra ID groups here (e.g., Autopilot, attorneys, staff, etc.), not “Add all users” or “Add all devices”; and (2) pay attention to End user notifications: under Required you will likely want to suppress them but for future apps other than Company Portal under Available for enrolled devices you may want to leave notifications in place.

For Microsoft store apps such as Adobe Acrobat Reader DC, HP Smart, and Zoom, if you want to feature a new app within the Company Portal, just mark it as a featured option. This simple step makes it easy to find and install needed applications.

Packaging a Windows App: Google Chrome Example

Now, let’s dive into packaging a Win32 application, starting with something familiar like Google Chrome. The process is quite straightforward. You’ll begin by downloading the Chrome Enterprise installer—this is the version specifically designed for organizations.

Once you have the installer, the next step is to create a PowerShell script for installation. This automation saves time and ensures that every installation follows the same process.

You’ll also want to create a separate uninstallation script, and you can also use PowerShell for this:

Don’t forget about the detection script! This little gem helps verify that the application is installed correctly.

After creating these scripts, use the Intune Content Prep Tool (IntuneWinAppUtil.exe) to create an .intunewin file to upload to Intune. It is helpful to use a standard set of template folders at the root of C:\ for each of Source (.msi or .exe and install / uninstall PowerShell Scripts), Output (.intunewin file), Scripts (this is where the detection script will go) and Icon. Now you can head over to Intune and upload the .intunewin file. Make sure to fill out all the necessary details and add an icon to make it quickly identifiable.

For the installation command, include an executionpolicy bypass to avoid surprise failures:

powershell.exe -executionpolicy ByPass -windowstyle hidden -file .\Install-GoogleChromeEnterprise[version].ps1

For the uninstallation you can either use the PowerShell you created before OR use the msiexec command-use this exact syntax: msiexec /x "{[application_code_here]}" /qn

💡Tip: find the application code via regedit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall > Find and search for Chrome

Lastly, check the disk space required for the app by looking at Windows Settings > Apps > [name of app].

Configuring Existing Apps with ADMX

Next, let’s take a look at configuring an existing application, like Dell Command | Update. This is where ADMX comes into play. Start by downloading the latest version of the software from the Dell site (Dell Command | Update | Dell US). Once downloaded run it but instead of clicking Install click Extract (choose a location). Navigate to that location and find the templates folder – the ones you need will be the ADMX files and then the ADML files (which are in the en-US folder).

Once you have those set, you can import the ADMX and ADML files into Intune (Devices > Windows > Manage devices > Configuration > Import ADMX).

Finally make a policy, assign it and set Configuration settings the way you want them.

This provision allows you to enforce specific policies across devices. This level of customization can really help streamline your deployment process. For a good, easy to follow step-by-step walk-through on YouTube, see Dell Command Update Custom ADMX Templates in Intune by Dell Technologies Client Systems Engineer Skip Braun.

Alternately, you could of course export the enterprise settings from your current installation (launch as administrator > Settings > Import/Export > Export…), extract the .msi file and create a PowerShell installation script that can import those enterprise settings. I have tried this as well. But I find the ADMX a much more reliable and granular solution, since you can make changes on the fly as desired and not have to repackage anything.

Essential Tools for Imaging with Intune

When it comes to imaging and application management using Microsoft Intune, having the right tools at your disposal can make all the difference. Here are some useful commands and scripts that can streamline your imaging process, making your deployments smoother and more efficient.

Useful CMD Command for .bat files: %~dp0

If you’re working in the command prompt, one handy command to know is %~dp0. This command retrieves the full path of the script being executed. This is particularly useful when you need to reference files relative to your script's location, helping avoid hardcoded paths and making your scripts more portable.

Example use case:

PowerShell

PowerShell is a powerful tool for automating tasks, and there are several commands you can use to enhance your imaging process with Intune.

You can run scripts with elevated permissions using the following command:

powershell.exe -executionpolicy ByPass -file .\[name of .cmd or .ps1]

This command allows you to bypass the execution policy temporarily, which can be essential for running scripts that may be restricted by default.

Verify Log Folder Exists

To ensure that your logging infrastructure is in place, you can add a quick check at the start of your script:

if (!(test-path "C:\ProgramData\IntuneInstallLogs")) {

new-item -ItemType directory "C:\ProgramData\IntuneInstallLogs|"

}

This snippet creates the log folder if it doesn't already exist, ensuring that you have a designated spot for capturing logs.

Declare a Script Root

Setting a script root variable can simplify your script by allowing you to reference paths easily:

$ScriptRoot = $MyInvocation.MyCommand.Path | Split-Path -Parent

This command captures the directory of the currently executing script, helping you maintain organization.

Define Variables

Clear variable definitions are crucial for maintaining organized scripts. Here are a few variables you might want to define:

$ScriptRoot = "path to your script"

$InstallFile = "name of the install file"

$InstallParameters = "any parameters needed for installation"

Using descriptive variable names will help clarify your scripts for anyone reviewing them later.

Example Use Case:

Terminal Commands

Using the terminal effectively can further enhance your workflow. Familiarize yourself with navigating directories and executing commands efficiently to save time during your imaging process.

Checking Registry for Uninstall Strings

When you need to find the uninstall strings for applications, the Windows Registry is your friend. You can check the following path to find relevant information:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

This location contains keys for installed applications, allowing you to retrieve necessary information for uninstallation scripts or troubleshooting.

Winget: The Package Manager

Winget is a powerful command-line tool that simplifies application installation on Windows. Here are some ways you can utilize it.

Locate Winget.exe

To help your system find the winget.exe folder, use:

Set-Location -Path
("$env:ProgramW6432\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe")

This command navigates to the appropriate directory, enabling you to manage applications seamlessly.

Using WingetAppID

When deploying applications, you can leverage Winget's options for streamlined installation.

Use --accept-package-agreements and --accept-source-agreements to automatically agree to any prompts, making installations smoother.

Example use case:

Setting Up Detection Rules

When it comes to detection rules, it’s essential to ensure that the right version of your application is installed. You can manually configure these rules or use custom detection scripts to suit your specific needs.

Organizing Deployment Groups

Organizing your deployment groups within Entra ID is another important step. You can create security and device groups that target specific applications and consider using dynamic scripts to automate group memberships.

Also, don't forget to set any needed exclusions to prevent certain devices from receiving specific deployments. This can be especially helpful in ensuring that critical applications are not inadvertently removed from essential devices.

Wrapping Up

Using the right tools can significantly enhance your imaging process with Intune. From leveraging command-line commands to harnessing the power of PowerShell, these tools will help you streamline your deployments and ensure a smoother user experience. By incorporating these practices into your workflow, you’ll be well on your way to mastering application management in a cloud-centric environment.