← Blog |

Intune Win32 App Maintenance Windows (Sort of)

By John Marcum

Intune Win32 App Maintenance Windows (Sort of)

Introduction

A common challenge faced by administrators transitioning from ConfigMgr (SCCM) to Intune is the perceived lack of control over application installation and reboot timing. ConfigMgr’s robust capabilities allow precise scheduling for application installations and reboots, minimizing disruption for end users. Intune, while powerful in its own right, lacks some of these granular controls, leading to concerns about application deployment timing and system reboots.

To address this gap, we’ve developed a PowerShell script that offers a simple yet effective solution for controlling application installations in Intune. While it doesn’t replicate the full feature set of ConfigMgr, this script provides a practical workaround to manage installation timing, aiming to install applications during specified maintenance windows.

The Solution: A PowerShell Script

This PowerShell script determines whether the current local time falls within a predefined maintenance window (10 PM to 5 AM). If it does, the script allows the application installation to proceed. If not, it creates a scheduled task to run an Intune Management Extension (IME) sync during the next maintenance window. This sync increases the chances that the computer checks for policy updates and installs the application during the maintenance window.

Script Overview

The script performs the following tasks:

  1. Check Current Time: Determines if the current time is within the maintenance window.
  2. Create a Scheduled Task: If the current time is outside the maintenance window, it creates a scheduled task to run a script that triggers an IME sync during the next maintenance window.
  3. Handle Existing Scripts and Tasks: Ensures old scripts and tasks are cleaned up before creating new ones.

Full Script

For your reference, here’s the complete script:

The script(s) referenced above are available on GitHub:

github mark2

Get the scripts on GitHub: powerstacks-corp/intune-win32-app-tooling

Key Features of the Script

  1. Time-Based Decision Making: The script checks if the current time is within the maintenance window. If it is, the installation proceeds immediately.
  2. Scheduled Task Creation: If the current time is outside the maintenance window, the script creates a scheduled task to run a PowerShell script that triggers an IME sync at the next available maintenance window.
  3. Script and Task Management: The script ensures that any existing script or task is removed before creating new ones, preventing conflicts and ensuring a clean setup.
  4. Error Handling: The script includes robust error handling to ensure administrators are informed if the scheduled task creation fails.

Using the Script in Intune Win32 App Requirement Rule

To use this script as a requirement rule in an Intune Win32 app deployment, follow these steps:

  1. Create the PowerShell Script: Save the provided PowerShell script as Check-InstallationWindow.ps1.
  2. Create the Win32 App:
    • Package your application using the Microsoft Win32 Content Prep Tool.
    • In the Intune portal, go to Apps > Windows > Add.
    • Select Windows app (Win32) and upload the .intunewin file created by the Content Prep Tool.
  3. Define the required settings for the Program.
  4. In the Requirements section:Select the Operating system architecture and the minimum operating systemrequirements.
  5. Add the Requirement Script:Select + Add to add a new requirement rule.
  6. Choose Script as the requirement type.
  7. Select the Check-InstallationWindow.ps1 script to upload it.
  8. Set Select output data type to Boolean.
  9. Set Operator to Equals.
  10. Set the Value to Yes. Define the Detection rules.Assign the App: Assign the application to the desired user or device groups.

Benefits and Limitations

While this script provides a simple and effective solution for controlling application installation timing in Intune, it does have some limitations compared to ConfigMgr:

  • Granularity: ConfigMgr offers more granular control over maintenance windows and deployment schedules.
  • Reboot Management: This script does not handle reboots; however, this can be controlled with the app deployment settings.
  • System Availability: The script depends on the system being powered on during the maintenance window. If the system is powered off, the task will not run as scheduled.
  • Intune Policy Retrieval: Windows 10/11 devices perform policy refresh cycles approximately every 8 hours. In an effort to ensure the device(s) perform a policy refresh cycles during the maintenance window this script creates a scheduled task to perform a policy refresh cycle at 11pm. YMMV.

Despite these limitations, this script offers a practical workaround for administrators looking to regain some control over application deployment timing in Intune.

Conclusion

Transitioning from ConfigMgr to Intune can be challenging, especially when it comes to managing maintenance windows. This PowerShell script provides a simple yet effective solution for controlling application installations during specified maintenance windows, helping to minimize disruption for end users. While it may not offer the full robustness of ConfigMgr, it serves as a valuable tool for administrators seeking to enhance their control over Intune deployments.

By incorporating this script into your Intune deployment process, you can aim for applications to be installed during designated maintenance windows, providing a more controlled and predictable deployment experience. However, it’s important to note that this solution is not foolproof and relies on systems being powered on during the maintenance windows as well as other unforeseen factors.

Want better visibility into your Win32 app deployments? BI for Intune gives you pre-built Power BI dashboards to monitor app installation status, compliance, and device health across your fleet. Start a free trial →

Intune