Delivering those apps to Intune clients your packager spent so long packaging for SCCM.
(Script included in step 7)
There’s quite a few options in Intune to deliver applications, in an ideal world I’d put out Office 365, some settings in some scripts and let the user decide what they want from the Windows Store for Business, or even the Microsoft store.
Unfortunately trying to convince your C-suite they’re about to be disrupted by a company a 1/10th of their size who don’t have application packagers, don’t have a build, don’t even hand out devices can be difficult.
I personally would prefer to use Chocolatey, but in this instance management say well we want the apps exactly how we had them configured on-site.
To help transition them into modern device management you can show them that the app your packager spent a lot of hours removing that one popup that annoyed the user can still be delivered to your Intune managed devices.
Built into Intune are a lot of options for delivering apps, including Line of Business, Windows store apps, and even pushing out msi’s. (Currently exe’s are not included as a option, and msi option is just a single msi, where your package has more files you would have to use a different delivery option.
I’m taking an example package here from a file server for an SCCM site, the app is Adobe Reader, It has around 5 files, as I say I’d prefer users to just use the store, but lets say management want this and other apps delivered tailored specifically to what your packager spent all that time and money on.
We’re going to use Azure Storage to securely store our files that will be available for Intune to pass a script to the clients to pull down and install the apps. (most online storage would do the job) I prefer Azure as the features are there for security and availability.
- Create a storage account in Azure Storage
These are my settings for my
demo.
Choose a name
Account kind you may want V2 if you have a lot of traffic
Performance you may want premium for a lot of traffic
The replication you can go full Geo redundant if your apps are really that important.
Put your location nearest to your users
2) Open your newly created account and create a container
3) Zip up your files and upload
4) Go into your newly created container and upload
You can use block blobs
page blobs and append blobs are available if your files are constantly changing.
Block size I’ve left to 100 MB you can read more about this and blobs on Microsoft’s site
5) Once uploaded go to the properties of your upload and get the url
6) Generate a SAS Key (this means that the script you are about to create doesn’t need to authenticate with a user password etc but uses this key to access your files) as you can see I’ve set a few settings like read only for the key, this isn’t essential but secures things further.
Set the expiry of the token to sometime in the future ( I’ve chosen a year)
Set Https only
And generate
We now need to copy the SAS Token text, it should begin ?sv=
7) Copy the Token to the rest of your path into your Powershell script as below.
(so your url should be https://blablabla.windows.blob./bla/bla/file?sv=blablabla)
Powershell Script in Github for your use change as needed
This powershell script downloads your package unzips it and msiexec installs, it then deletes the source from c:\temp
(note msiexec switches are a bit different in powershell and you may have to produce them as arguments as below)
Change your URL and paths to suit your app
8) Now upload to Intune Scripts and deploy to your clients for this script I assigned this as Required
