today I want to show you how to update Win32 Apps using Applicability Rules in Intune. Let’s pretend all Apps are brought to the User as an Available assignment via Company Portal. This way every user can install all Apps that he needs by himself and still has only the Apps installed that he wants. (Just like from an App Store on a mobile Phone).
When we decide to update one of these Apps in Intune, we will see that now a newer Version is available for the users, but the already installed ones are only getting updated if the user actually searches in Company Portal for a newer Version. If you still have SCCM / Co-Management, there are a few options to update such Apps. You can create a Collection in SCCM, containing all Devices that have the old version installed, and assign an Update Package in SCCM, or you could use the Collection Sync Option to Sync these groups to AAD Groups via Co-Management.
Since we already went cloud only, we did not have this options anymore, and needed an Intune only Solution for this. These is no obvious solution for this at first sight, you can’t assign the App as Required to a user group that sees the App as available, cause then all of the users get forced to install this app, event when it was not installed in the first place. We also can’t easily create an Device Group only containing the devices with the older version installed, as there is currently no direct way to create a dynamic group based on Inventory. We could do some scripting using GraphAPI to do something like this, but there is a much easier way for this…
We simply create a second Win32 App, basically duplicate the existing one, and add an Applicability Rule PowerShell script, that checks if the older version is present. If the Rule states there is an older version found, we will continue the installation, if not we will stop with a “Not applicable” state. This way we can assign this second “Update” Package to all devices, and archived what we wanted in the first place, all older versions get automatically update, while all other clients reminds untouched.
The Applicability Rule can be added in the Requirements part of the app creation wizard
I’ve added a sample Script for 7-Zip to my GitHub: Scripts/Intune_Applicability_Rule_Script_sample.ps1 at main · mmeierm/Scripts · GitHub
Leave a Reply