I created an Endpoint Manager Packaging Script which downloads the installer, packages it, uploads it to Intune and assigns it. But first things first, credits to Nickolaj Andersen and his module who made it all possible.

This is part 1, where I show you how the script works with 2 examples. Part 2 features the implementation of this script in an Azure DevOps pipeline, linked below: (need to write them still)

2. Part 2: Creating a packaging pipeline.

3. Part 3: Publishing the package as an artifact to a storage account

So, what does the script really do? The script downloads an application installer to a folder (C:\Packaging\(ApplicationName), created in the process). After that, if needed, installation scripts are build and the application is packaged as a Win32App file. Next, the upload starts for the Win32App file. Lastly, the assignment of the Win32App happens. This can be: “All Users, All Devices & Existing or New Azure AD Group”.

This is possible for .MSI files and .EXE files. I will show both in example with the script.


There are no prerequisites!

  • The scripts creates the folders needed to package the application.
  • Powershell Modules needed to create, upload and assign the package are installed automatically.

Endpoint Manager Packaging Script Syntaxis & Examples

I posted the script on my Github. Check out the link below:

Script Github Link

.EXE Example:

Firstly, save the script as a .ps1 file.

After that, we need to define some variables:

$PackageType = "EXE"
$PackageName = "Greenshot"
$DownloadURL = "https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-"
$TenantName = "TENANTNAME.onmicrosoft.com"
$Assignment = "Greenshot"
$UninstallArgs  = "TASKKILL /F /IM Greenshot.exe; '%ProgramFiles%\Greenshot\unins000.exe' /VERYSILENT /NORESTART"
$DetectionArgs = "Get-ChildItem 'C:\Program Files\Greenshot\Greenshot.exe'"

Let’s explain these variables:

PackageType: This is the type of application you want to install. In the case of Greenshot is an EXE type of application.
Package: This is the name of the application. This is the packaging foldername and this is the name of the Intune Application.
DownloadURL: The url where you can download the installer from.
TenantName: Name of your Microsoft 365 tenant. (Use accordingly)
Assignment: This can be All Users, All Devices or a Custom Name. Furthermore, when a custom name is used, a new or existing Azure AD Group is assigned to the application. In the example, we use a new custom group.
InstallArgs: Arguments to install the application silently.
UnInstallArgs: Arguments to remove the application silently.
DetectionArgs: Powershell code to detect the application. In addition, this script only needs to return a 0 for Intune to detect it as succesfully.

After that, add the following code to the code above:

PATHTOFILE\IntuneDevOpsPackaging.ps1 -PackageType $PackageType `
                                        -PackageName $PackageName `
                                        -DownloadURL $DownloadURL `
                                        -TenantName $TenantName `
                                        -Assignment $Assignment `
                                        -InstallArgs $InstallArgs `
                                        -UninstallArgs $UninstallArgs `
                                        -DetectionArgs $DetectionArgs

This should be the result in your Powershell Editor:

Endpoint Manager Packaging Script - Input

After that, run the code!

Firsly, the folders appear:

Endpoint Manager Packaging Script - Output Folders

After that, time to check the modules:

Next, the package process starts:


Endpoint Manager Packaging Script - Input Package



Endpoint Manager Packaging Script - Output Package

That package is uploaded to Microsoft Endpoint Manager. You get an authentication prompt for Microsoft Endpoint Manager:

After that, this is the output :

Endpoint Manager Packaging Script - Package Upload

Lastly, the assignment part starts. You get an authentication prompt for Azure AD:

After that, the script detects if the group exists or not. If it does not, a new group gets created. Shown in the example:

Endpoint Manager Packaging Script - Create Azure AD Group

This is assigned to the application in Intune.


A cleanup job removes the packaging folder, this way your Pc/Agent stays clean.

Endpoint Manager Packaging Script - Clean up

Intune Output:

And the assignment:

.MSI Example:

In addition, I will make this example shorter that the one before. The output is exactly the same, only the package name differs. We will package and upload the 7-zip application.

Furthermore, I will show you the input code:

$PackageType = "MSI"
$PackageName = "7-Zip"
$DownloadURL = "https://www.7-zip.org/a/7z1900.msi"
$TenantName = "TENANTNAME.onmicrosoft.com"
$Assignment = "7-Zip"

D:\GIT\NKO\PSScripts\Intune\_IntuneDevOpsPackaging.ps1 -PackageType $PackageType `
                                        -PackageName $PackageName `
                                        -DownloadURL $DownloadURL `
                                        -TenantName $TenantName `
                                        -Assignment $Assignment

A lot less variables and arguments needed because the metadata which holds the install information is extracted from the MSI/Intunewin file. This is the code which performs these actions:


I hope you enjoyed reading this post about the Endpoint Manager Packaging Script. Check out the other parts:

2. Part 2: Creating a packaging pipeline.

3. Part 3: Publishing the package as an artifact to a storage account


Again the link to the IntuneWin32App module.

Other Posts:
Deploy Single App via Company Portal App

4 thoughts on “Endpoint Manager Packaging Script Pt.1 – The Script”

Leave a Reply

Your email address will not be published.