I created an Endpoint Manager Packaging Script which downloads the installer, packages it, uploads it to Intune and assigns it. But first things first, credits to Nickolaj Andersen and his module who made it all possible.
This is part 1, where I show you how the script works with 2 examples. Part 2 features the implementation of this script in an Azure DevOps pipeline, linked below: (need to write them still)
2. Part 2: Creating a packaging pipeline.
3. Part 3: Publishing the package as an artifact to a storage account
So, what does the script really do? The script downloads an application installer to a folder (C:\Packaging\(ApplicationName), created in the process). After that, if needed, installation scripts are build and the application is packaged as a Win32App file. Next, the upload starts for the Win32App file. Lastly, the assignment of the Win32App happens. This can be: “All Users, All Devices & Existing or New Azure AD Group”.
This is possible for .MSI files and .EXE files. I will show both in example with the script.
Prerequisites:
There are no prerequisites!
- The scripts creates the folders needed to package the application.
- Powershell Modules needed to create, upload and assign the package are installed automatically.
Endpoint Manager Packaging Script Syntaxis & Examples
I posted the script on my Github. Check out the link below:
Script Github Link
.EXE Example:
Firstly, save the script as a .ps1 file.
After that, we need to define some variables:
$PackageType = "EXE" $PackageName = "Greenshot" $DownloadURL = "https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" $TenantName = "TENANTNAME.onmicrosoft.com" $Assignment = "Greenshot" $InstallArgs = "/VERYSILENT /NORESTART" $UninstallArgs = "TASKKILL /F /IM Greenshot.exe; '%ProgramFiles%\Greenshot\unins000.exe' /VERYSILENT /NORESTART" $DetectionArgs = "Get-ChildItem 'C:\Program Files\Greenshot\Greenshot.exe'"
Let’s explain these variables:
PackageType: This is the type of application you want to install. In the case of Greenshot is an EXE type of application.
Package: This is the name of the application. This is the packaging foldername and this is the name of the Intune Application.
DownloadURL: The url where you can download the installer from.
TenantName: Name of your Microsoft 365 tenant. (Use accordingly)
Assignment: This can be All Users, All Devices or a Custom Name. Furthermore, when a custom name is used, a new or existing Azure AD Group is assigned to the application. In the example, we use a new custom group.
InstallArgs: Arguments to install the application silently.
UnInstallArgs: Arguments to remove the application silently.
DetectionArgs: Powershell code to detect the application. In addition, this script only needs to return a 0 for Intune to detect it as succesfully.
After that, add the following code to the code above:
PATHTOFILE\IntuneDevOpsPackaging.ps1 -PackageType $PackageType `
-PackageName $PackageName `
-DownloadURL $DownloadURL `
-TenantName $TenantName `
-Assignment $Assignment `
-InstallArgs $InstallArgs `
-UninstallArgs $UninstallArgs `
-DetectionArgs $DetectionArgs
This should be the result in your Powershell Editor:
After that, run the code!
Firsly, the folders appear:
After that, time to check the modules:
Next, the package process starts:
Input:
Process:
Output:
That package is uploaded to Microsoft Endpoint Manager. You get an authentication prompt for Microsoft Endpoint Manager:
After that, this is the output :
Lastly, the assignment part starts. You get an authentication prompt for Azure AD:
After that, the script detects if the group exists or not. If it does not, a new group gets created. Shown in the example:
This is assigned to the application in Intune.
Lastly:
A cleanup job removes the packaging folder, this way your Pc/Agent stays clean.
Intune Output:
And the assignment:
.MSI Example:
In addition, I will make this example shorter that the one before. The output is exactly the same, only the package name differs. We will package and upload the 7-zip application.
Furthermore, I will show you the input code:
$PackageType = "MSI"
$PackageName = "7-Zip"
$DownloadURL = "https://www.7-zip.org/a/7z1900.msi"
$TenantName = "TENANTNAME.onmicrosoft.com"
$Assignment = "7-Zip"
D:\GIT\NKO\PSScripts\Intune\_IntuneDevOpsPackaging.ps1 -PackageType $PackageType `
-PackageName $PackageName `
-DownloadURL $DownloadURL `
-TenantName $TenantName `
-Assignment $Assignment
A lot less variables and arguments needed because the metadata which holds the install information is extracted from the MSI/Intunewin file. This is the code which performs these actions:
Output:
I hope you enjoyed reading this post about the Endpoint Manager Packaging Script. Check out the other parts:
2. Part 2: Creating a packaging pipeline.
3. Part 3: Publishing the package as an artifact to a storage account
References
Again the link to the IntuneWin32App module.
Other Posts:
Deploy Single App via Company Portal App
[…] we create a packaging pipeline. If you have not read Part 1, please check it out in the link below:Part 1: Endpoint Manager Packaging Scriptif you want to skip to part 3 (publishing the packages as artifacts), check out the link below: […]
[…] you need to complete to other parts of this series:1. Part 1, Endpoint Manager Packaging Script2. Part 2, Create a packaging pipelineDownload and Install Azure CLINext, I have updated the script […]
[…] More information about security baselines:Security baselinesOther Posts:Endpoint Manager Packaging Script […]
[…] this script has come together with some help from others; First up, Niels Kok for his excellent Packaging Script which gave me inspiration for this oneAlso to Nickolaj Andersen and his Intune module which does a […]