← Blog |

How to Limit Microsoft Intune Win32 App Installs to New Devices

By John Marcum

How to Limit Microsoft Intune Win32 App Installs to New Devices

Have you ever needed to deploy a Win32 app via Microsoft Intune to a group of users but wanted the app to install only on their new devices? I recently faced this challenge and found a unique solution. Unlike previous situations where detecting the Autopilot Enrollment Status Page (ESP) was enough, this time I had to account for a variety of scenarios: some users would use Autopilot, some wouldn’t, and others would use Windows 365 (Cloud PCs), which do not support Autopilot.

To address this, I devised a PowerShell script to use as a requirement rule for the Win32 app. This script determines if a computer is “new” by checking the Intune enrollment date from the registry and comparing it to the current date and time. If the enrollment date is within a specified number of hours, the script deems the computer as new.

The Script

Here’s the PowerShell script that accomplishes this:

The script(s) referenced above are available on GitHub:

github mark2

Get the scripts on GitHub: powerstacks-corp/intune-win32-app-tooling

Using the Script in Intune Win32 App Requirement Rule

To use this script as a requirement rule in an Intune Win32 app deployment, follow these steps:

  1. Create the PowerShell Script: Save the provided PowerShell script as Check-InstallationWindow.ps1.
  2. Create the Win32 App:
    • Package your application using the Microsoft Win32 Content Prep Tool.
    • In the Intune portal, go to Apps > Windows > Add.
    • Select Windows app (Win32) and upload the .intunewin file created by the Content Prep Tool.
  3. Define the required settings for the Program.
  4. In the Requirements section:Select the Operating system architecture and the minimum operating systemrequirements.
  5. Add the Requirement Script:Select + Add to add a new requirement rule.
  6. Choose Script as the requirement type.
  7. Select the Check-InstallationWindow.ps1 script to upload it.
  8. Set Select output data type to Boolean.
  9. Set Operator to Equals.
  10. Set the Value to Yes. Define the Detection rules.Assign the App: Assign the application to the desired user or device groups.

Want better visibility into your Win32 app deployments? BI for Intune gives you pre-built Power BI dashboards to monitor deployment status, compliance, and device health across your fleet. Start a free trial →

Intune