Microsoft Intune Feedback

How can we improve Microsoft Intune

Extend MDM MSI deployment

I would like the MDM MSI deployment (to MDM enrolled Win8.1+ clients) to be extended. Currently, only single MSI's are supported, I'd like this to include MSI's with .cab's, MSP files to patch installed MSI apps, and to be able to deploy .exe installers.

873 votes
Sign in
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Jos Anoniem shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


    Sign in
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      • Mike H commented  ·   ·  Flag as inappropriate

        Would be exceptionally useful (almost essential some would say?) to support EXE installs.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I would like the ability to deploy .exe applications using the Azure InTune portal.

      • ON commented  ·   ·  Flag as inappropriate

        @JB : well, I agree these PS Scripts are using "run until succeeded" mechanism, but what is the trigger in any case? It is an "At enrollment" trigger, with no ability to re-trigger execution of a PS script at a later time.

        The topic here is about how to deal with "non-single MSI file packages" app installation and patching during the whole the device lifecycle. One possible idea was to use PS scripts as an alternative to control the installation of such softwares.
        If there is no way to trigger again execution of PS scripts, because they were already executed successfully in the past, then the whole mechanism for PS scripts cannot be used for such sw installations and patching purposes.

        And that's valid even if MS just announced this new "MSIX" file format packages, that are supposed to "work with Win32-based" apps (still, I haven't figured out how MSIX is supposed to magically make "non-single MSI file packages or EXE installers" to work with Intune, without any changes on sw manufacturer side...).

        On the Apple Mac side, JamfPro competitor MDM product can run shell scripts whenever you want : at enrollment, every hour, every day, at startup, at login, at network state change, and so on... I would simply like to have an equivalent control in Intune (a screenshot of what is offered on Macs is available here for example :

      • Douglas Plumley commented  ·   ·  Flag as inappropriate

        Support for .exe installers is a must, there just needs to be more flexibility in deploying apps, period.

      • Ben Reader commented  ·   ·  Flag as inappropriate

        It's absolutely mind boggling that this isn't part of Intune.

        Unfortunately most businesses / organisations do not live in the dream world that we all wish existed - most have legacy software or applications that do not provide single file MSI installation media.

        Without the ability to deploy multi file install media or non MSI media, Intune is all but useless for a large swathe of the corporate market.

        We need to be able to configure our own detection methods, point to installation media folders and use the tried and true method of scripted installation (powershell / exe / msi all need to be available)

      • Robbie De Sutter commented  ·   ·  Flag as inappropriate

        Powershell script is not (yet?) a work around / solution as that currently only support devices that are AAD only registered. It does not work on the hybrid domain-joined + AAD joined.
        So for us: either extend MDM MSI deployment as this suggestion, or allow powershell scripts to be used with Hybrid Joined devices (as suggested here: and preferably, both options :)

      • JB commented  ·   ·  Flag as inappropriate

        @ON: I'm not sure where you're seeing that the IME PoSh script is only executed at enrollment time. As best I can tell, it is a "run until succeeded" mechanism that you can deploy to any system that is already enrolled.

        Furthermore, MSI apps are not only installed at enrollment time, you can deploy MSI apps to systems anytime you want (subject to a short propagation delay, in my experience it's been around 30 minutes or less).

        I think your scenario of "app vulnerability" is sufficiently remedied by simply uploading a new MSI and pushing that to enrolled devices, no need to bother the user at all....

        If you're seeing something different then we are having completely different experiences.

      • ON commented  ·   ·  Flag as inappropriate

        @JB : the problem with Intune Management Extension/PowerShell script is (at time of writing), that you cannot trigger them centrally when you want : the scripts are only triggered at enrollment, so if there is a new version of the MSI you want to deploy on top of existing one, Powershell scripts will not really help you.

        Example : let's say you have your own MSI LoB app in Intune, that was installed on all your machines , and you must push in emergency a new version to your employees, because of a security flaw in that app. Then would you ask all your employees to un-enroll and re-enroll their machines, just because you want a new version of an app be installed through your PowerShell configuration scripts? Unrealistic :-).

        We need a better mechanism, to "reset" the installation history of a specific MSI file/LoB app, to take into account "emergency app pushes". The software inventory being made every 7 days, is also an unrealistic approach : would you wait 7 days maximum to perform automatic inventory upload, to have all your devices patched? The devices might be "hacked" during that 7 days period of time, and your only option is patient.

      • JB commented  ·   ·  Flag as inappropriate

        Folks, see my comment from Nov. 7 regarding the Intune Management Extension.

        I do wish expanded MSI and EXE deployment capabilities were provided directly in Intune; however, it looks like now that we have remote PowerShell scripting capabilities all of this should be possible thru this avenue. We would have to do a little development of course, so I would still prefer direct integration into the Azure Intune UI; but if anyone has critical needs right now, along with some PoSh development skills in-house, please check out the IME and perhaps report back here on your experiences if you can help out the rest of the community.

      • Alphacom Finland commented  ·   ·  Flag as inappropriate

        We would also need support for .exe packages.
        Currently we are using 'legacy' silverlight intune portal where .exe packages are supported. We have done lot of development & functionalities inside the .exe packages... Any estimates/road map for .exe support are very much appreciated.

      • JB commented  ·   ·  Flag as inappropriate

        +1, and another feature I think is missing is the ability to deploy a file or set of files alongside a software installation. This feature was available in the Classic portal (include files/folders), but is no longer present in the Azure portal.

        That said, I came across the Intune Management Extension the other day and it seems that this feature will be rolling to Prod in the near future?

        This may solve a lot of these problems for us, if we can do a little scripting to close the gaps. Am I wrong?

      • Morten Schaumann commented  ·   ·  Flag as inappropriate

        @Thomas Kurth - thank you for sharing your information. I will look into that.

        We have done some testing utilizing the 'Desktop Bridge' provided by Microsoft, transforming elder software including subfolders to .appx applications. From there we add the applications to the Windows Business Store and distribute via Intune.

        Works fine so far. But we have only tested a number of software packages. There might be problems with very old or complicated setup configurations.

        So far so good... :-)

        I do think this will be the official answer from Microsoft at some point. But that is my take and not an official statement.

      • Thomas Kurth commented  ·   ·  Flag as inappropriate

        We had the same issues in our Intune Projects, therefore we created a solution on Syntaro which gives us the needed features like (multi file, other executables, BranchCache and Chaining of Packages) for Intune.

        Perhaps it helps you to realise more projects with Intune.

      • Rob de Roos commented  ·   ·  Flag as inappropriate

        When customers want a new windows 10 based solution with azure ad joined devices. Software deployment is the biggest problem we experience. Customers are too small to use SCCM. And the Intune Agent is also not an option because of the lack of policies that can be used when using that agent. This is a realy big showstopper in most projects.

      • ON commented  ·   ·  Flag as inappropriate

        +1 for Multiple file MSI installs, and to support EXE (Powershell scripts would be awesome)

        If you look at the MDM competitors for other desktop platforms (like "Jamf Pro" for Macs), they offer to install multiple "packages" (in their case PKG files) in one "policy rule", or multiple bash shell scripts, which can in turn, trigger manually other "policy rules".

        This offer a chain of actions, that are well-controled by the MDM/scripting IT admins.

      • Aaron Marks commented  ·   ·  Flag as inappropriate

        Please allow us to deploy software to MDM enrolled Windows 10 computers with the same controls that are available to deploying software to SCCM enrolled PCs. In the field/real-world this feels like the most valuable features Intune could implement.

      ← Previous 1

      Feedback and Knowledge Base