There are various ways to deploy an app on Windows workstations using Intune. We will be deploying an application using MSI Installer provided by the vendor. Download the application MSI Installer file from the Vendor’s web site and follow below process to deploy it on the target computers.
We will be using Line-of-Business app Deployment method of Microsoft Intune for this deployment. However, you can also deploy an MSI file using Win32 app deployment method as well for complex MSI deployments.
If you do not have any complex app deployment requirements, e.g. deploying multiple MSI files or deploying MSI with MST files. Line-of-business app method is a bit straight forward and easy when it comes to deployment of a MSI app.
Line-of-business (LOB) app and Microsoft Store for Business apps are the app types supported on Windows 10 and Windows 11 devices. The file extensions for Windows apps include .msi, .appx, and .appxbundle.
Deploy MSI application using Microsoft Intune
Please follow below steps to create a Line-of-business app using Intune for the deployment of MSI app.
- Login to Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com).
- Go to Apps -> All Apps -> click on + Add button to Add the application.
- Select App type as Line-of-business app.
- Line-of-business app selected.
- Select app package file. Browse to the MSI file of the app you want to deploy and select it.
- I am using Ring Central Phone Application MSI for this deployment, therefore I have selected this MSI file downloaded from vendor website.
- For Silent Install on the target machine, use the MSI Installer switches
/norestart /qn. Select the App install context to either User Context or Device Context. If you need help in choosing this option, click on Microsoft Docs User Context / Device Context.
- Name: Enter a name of the application.
- Description: Enter the description of the application.
- Publisher: Enter the name of the Publisher of the app.
- App install context: Select App install context to either User or Device.
- Ignore app version: Select this to Yes for self updating apps like Google chrome or Zoom Meeting app. Select No for apps which are not self updating.
- Command -line arguments: Provide command line arguments / switches to be executed with selected msi.
|Select Ignore app version = Yes for self updating Apps like Chrome, zoom etc.|
|Make sure to not accidently downgrade the self updating / auto updating apps by setting Ignore app version to No. Auto update apps does not require admin rights and will prompt the user when a new update is available for installation. Users can update the apps themselves. Few Examples of the apps are Web browsers like Google chrome, Zoom Meeting App etc. |
If you set Ignore app version to No for a self updating app and users updates the app on their device. Intune Management Extension will downgrade the app back to the version deployed via Intune. So make sure its selected to Yes.
On the Assignment tab. Click on + Add group to select a group to which this application will be deployed. If you want to deploy this app to all the users, then you can also click on +Add all users.
|You can create an Azure AD Security group which contains users or devices where this application package needs to be deployed. Please note that if you add users into the list, it will deploy this application on all of the users devices joined to Azure and Enrolled into Intune. If you want to deploy the app to specific devices then you should add devices in the Azure AD security group not users.|
Make sure to add it to the Required section which will install the application on users system as soon as possible.
Required: Select the groups for which you want to make this app required. Required apps are installed automatically on enrolled devices. Some platforms may have additional prompts for the end user to acknowledge before app installation begins.
To deploy it on all end user devices, You can also click on + Add all devices to target all intune enrolled devices.
- On Review + create tab, review the application configuration and proceed.
- MSI app deployment process will start now. It will first upload the MSI file to the cloud and then the deployment of the application will start.
|Intune Policy Refresh Cycle|
|The Device will Sync / Check in and download / intstall the application on target device. It may take some time for the process to start. Therefore, if you are testing it on a test device, you can force initiate Intune refresh cycle on the device which will speed up the download and installation process.|
Also, you can restart the device first before force initiating the sync. Manual sync is not mandatory on user’s devices as the device check-in process happens automatically. But if you are testing the application on a test device then this can speed up your testing and can save some time.
End User Experience
On the target devices, there is no user interaction with this package as the application will be installed on users devices silently.
|However, there will be a pop-up notification related to this application if you have “Show all toast notification” setting configured at the time of Intune app assignment. You can disable all toast notifications from Assignments tab under End user notifications setting if you want no notifications or pop-ups related to this deployment.|
During my testing, I found that the deployment of MSI app took approximately 10-15 minutes from the time of creating deployment / assignment from Microsoft Endpoint manager to end user devices.
Monitoring the Installation Progress
To check the Installation status of the app, You can follow below steps:
- From Microsoft Endpoint Manager admin center, Click on Apps on the left hand side.
- Click on All apps.
- Search for the app and click on it.
From the Overview page of the application, you can check the status of Installation and Failures. To find more details on which devices the app is pushed successfully, you can also click on Device Install status or User Install status.
How to find MSI Installer command line parameters / switches
To find Silent installation options for any MSI installer. You can download the msi Installer from vendors website and run it with /? switch from powershell console or windows command prompt. This will pop-up with all the parameters / switches which are available for use with this MSI file.
You can also refer to the blog post: Find silent command line Install switches of any EXE or MSI whch provides much more details on how you find silent command line parameters for any EXE or MSI based Installer.
For example: To find out MSI Installer parameters for Zoom MSI. You can browse to the path where you have copied the MSI file. Then Run below command:
You can also get a list of parameters for MSI files by using below command on Powershell Console or Windows command prompt.
As you have learned from this blog post, How you can easily deploy an MSI file using line-of-business app type from Microsoft Endpoint manager admin center. Line of business app deploys an msi on user’s device by first downloading the setup file / msi and then installing it locally. If you want to retrieve that MSI file after uploading it to Intune, you can check out the blog post Retrieve Uploaded LOB MSI / Win32 App Setup Files From Microsoft Intune.
- How To Deploy A Powershell Script Using Intune.
- How To Deploy A Batch File Using Intune.
- How To Delete A Desktop Shortcut Using Intune.
- How To Create A Desktop Shortcut Using Intune.
- Block USB Drives With Exceptions Using Microsoft Intune.