Convert installer (MSI, MST, VBScript, EXE, PowerShell) to intunewin for Intune deployment

Intune (or as is newly called Microsoft Endpoint Manager) comes with many app types for deployments that you can do, such as Store Apps (Android, Ios, Microsoft, etc), Microsoft 365 Apps (Windows 10 and MacOS), Line of business apps, and also Windows Apps (Win32). Win32 apps deployments are designed for classical x86 and x64 apps, but Windows 10 MDM has limitations on complex Windows apps deployment.

However, Microsoft came with a solution for the in-place limiations and developed Intune Management Extension, which is targeted for complex Windows applications such as EXE, MSI bundles with VBScript, PowerShell, etc. Also, PowerShell scripts are deployed through Intune Management Extension, so if you ever deploy one of the two (script/win32app) the Intune Management Extension must be present on user devices. Once the Intune management extension prerequisites are met, the Intune management extension is installed automatically when a PowerShell script or Win32 app is assigned to the user or device. For more information, see Intune Management Extensions prerequisites.


Although Intune Management Extension overcomes the limitations in terms of what apps you can deploy on a mobile managed device, there are still some limitations left, and these are:
*Application size is limited to 8GB


With these in mind, let’s now see how you can convert your installer (EXE, MSI, MST, VBScript, PowerShell, etc) to an intunewin app which you can later deploy in Intune.

First of all, we need to download the Win32 Content Prep Tool, which can be found on Microsoft Github here. After you download it, extract the archive and you should have the following files (the only one we need is the IntuneWinAppUtil.exe):

Next, we need to place all our installation files of a certain package in the same folder. Now, let’s assume that we have a package made with PowerShell App Deployment Toolkit, and we know that this contains a certain structure. We placed all that structure in a single folder like this:

Next, open up a CMD (command prompt) from the start menu and navigate to where your IntuneWinAppUtil.exe is located:

In cmd, only execute the IntuneWinAppUtil.exe:

The IntuneWinAppUtil.exe will ask for the following information:

  • Source folder: The folder where all the package files are located. In our example, is the one above which contains all the PowerShell App Deployment Toolkit (along with the installer) files
  • The setup file: This is just for reference, in Intune you can define what to execute (for example the PowerShell script of PSADT, or the EXE, or other files that you have in your setup). So don’t think that if you place a certain setup file in this step, that Intune won’t let you define other installation/uninstall command
  • Output folder: The folder where the .intunewin wrapper will be created

At the end, the .intunewin file will be created in the selected output folder:

If we open up the .intunewin file with 7zip, we can see that it contains a Detection.xml in which you can find some information, like what the filename is, the setup file, the encryption, etc:

Don’t worry about the detection, this can be configured for each application once it’s deployed in Intune.

And that is it, simple right? If you compare the app deployment in Intune with SCCM, this is the only additional step that must be performed, but it’s an easy one which doesn’t require much time. I will also cover how to import an .intunewin app in Intune in a later article.

Leave a comment

Your email address will not be published. Required fields are marked *

2 + eleven =