Importing Packages on Windows¶
To run the package factory locally, clone the repository to a Windows machine, and install the required PowerShell modules.
PowerShell Modules¶
The factory requires that the MSAL.PS, IntuneWin32App, Evergreen, VcRedist PowerShell modules are installed. Ensure you have setup your environment before attempting to create packages.
Authentication¶
When running the packaging factory locally on Windows to create application packages and import into an Intune tenant, you must first authenticate to the tenant. The user account used to authenticate must be an Intune Administrator or an Intune Application manager.
Interactive Authentication¶
Interactive authentication to a tenant can be performed with Connect-MSIntuneGraph
:
Connect-MSIntuneGraph -TenantId stealthpuppylab.onmicrosoft.com
This will launch a sign-in window where you can authenticate with an account that has at least the Intune Administrator role. Note that Microsoft Intune PowerShell application is required. Access to this application must be granted by a global administrator.
Authentication via an App Registration¶
Connect-MSIntuneGraph
can authenticate to an app registration by passing the tenant ID, application (or client) ID and the client secret:
$params = @{
TenantId = "6cdd8179-23e5-43d1-8517-b6276a8d3189"
ClientId = "60912c81-37e8-4c94-8cd6-b8b90a475c0e"
ClientSecret = "<secret>"
}
Connect-MSIntuneGraph @params
The app registration requires the following API permissions:
API / Permissions name | Type | Description | Admin consent required |
---|---|---|---|
DeviceManagementApps.ReadAll | Application | Read Microsoft Intune apps | Yes |
DeviceManagementApps.ReadWriteAll | Application | Read and write Microsoft Intune apps | Yes |
Parameters¶
New-Win32Package.ps1
has several parameters:
-Path
- The literal path to the packages directory within the downloaded project. This defaults to the same directory as whereNew-Win32Package.ps1
is located-PackageManifest
- the package manifest file name stored in each package directory. This defaults toApp.json
and does not need to be specified-InstallScript
- the template install script file name that will be copied into the package. This parameter does not need to be specified and should not be changed-Application
- an array of application names to import into the target Intune tenant. The application names must match those applications stored in the project-Type
- the package type to import into the target Intune tenant - App or Update. The array passed to Applications must match those application packages defined for this type.-WorkingPath
- path to a working directory used when creating the Intunewin packages. This defaults to a directory namedoutput
in the project directory and does not need to be specified; however, you can choose to provide a working directory in an alternative location
Create an Application Package¶
New-Win32Package.ps1
is used to read the application package manifest, create the Intune Win32 package and call Create-Win32App.ps1
to import the package into the target Intune tenant. The value passed to the -Application
parameter must match a supported application package in the App directory.
Here's an example with importing Adobe Acrobat Reader DC and Citrix Workspace app into your Intune tenant by passing an array of package names to the -Application
parameter:
Set-Location -Path "E:\projects\packagefactory"
$params = @{
Path = "E:\projects\packagefactory\packages"
Application = "AdobeAcrobatReaderDCMUI", "CitrixWorkspaceApp"
Type = "App"
WorkingPath = "E:\projects\packagefactory\output"
Import = $true
}
.\New-Win32Package.ps1 @params
Create an Update Package¶
New-Win32Package.ps1
can also create update packages where an application update is defined. The usage is exactly the same (because the update package logic is stored in the App.json
for that package) - pass the package name to the -Application
parameter, but also specify Update for the -Type
parameter. The value passed to the -Application
parameter must match a supported application package in the Update directory.
Here's an example with importing a Adobe Acrobat Reader DC update into your Intune tenant:
Set-Location -Path "E:\projects\packagefactory"
$params = @{
Path = "E:\projects\packagefactory\packages"
Application = "AdobeAcrobatReaderDCMUIx64"
Type = "Update"
WorkingPath = "E:\projects\packagefactory\output"
Import = $true
}
.\New-Win32Package.ps1 @params