Microsoft Intune Management Extension – Win32 Apps

What is the Intune Management Extension

The Intune Management Extension is a complement to the out of the box windows management functions like the Mdmclient. The IME allows to install applications on managed systems or to execute e.g., PowerShell scripts. Additionally, the IME checks and reports the compliance state of your device.

How often does the IME sync

The IME syncs per default ever 60 min but you can change the time if you create a registry value Interval in HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\Settings. In this value you can specify the time in seconds.

Where can I find the logfiles

You can find the logfiles in the following folder C:\ProgramData\Microsoft\IntuneManagementExtension\Logs

AgentExecution.log: Logfile for troubleshooting of PowerShell or Proactive Remediation scripts.

ClientHealth.log: Write health events related to the IME and remediation action

IntuneManagementExtension.log: Logfile for installations of Intune Win applications

Sensor.log: Logging of subscribed events

Processing App

Search for the line —->>[Win32App] … from here the actual processing of the app starts

Installation checks

Before the installation can start, two checks are made. The first is a detection if the app is already installed and the second is if the app is applicable for this system this means does the system full fill the requirements of the app.

App Detection check

The detection check is to check if the app is already installed on the system or not. This can be a registry key or the existence of a file or an MSI product code. Addition to that there are also the possibility to write a PowerShell script for the detection. This check is configured during the app creation in Intune.

App Applicability / Requirements check

The applicability check is used to check if the system meets the requirements of the app like min disk space, OS architecture, OS version or you can also create custom checks for a file, registry key or a custom script. Also, this is configured during the creation of the app in Intune.

After that a new download job will be created. This is also where delivery optimization comes into play. The *.intune.bin file is now downloaded into the “C:\Program Files (x86) \Microsoft Intune Management Extension\Content\Incoming\” folder.

When the download is completed the Delivery Optimizations Service is notified that the download is done, and telemetry data is generated for the Deliver Optimization reporting. You can see how many bytes from which source (Internet/Lan/Group/MCC) are downloaded or how long the download took.

Finally, the file hash is checked and the intunewin.bin file is decrypted and unzipped. This *.intunewin file is now located in the “C:\Windows\IMECache\” folder.

App Installation

The detection logic runs based on the app and then they are progressing

for this, the installation script is executed. In our case it is the install.bat script. For the installation an installer process is started as a user or machine session. After the installation is finished the process is evaluated if it ended with an error or if the installation was successful. The status of the installation can be found in the registry: “HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps\user\appid “.

Completion of installation:

In the compliance phase, the compliance is checked based on the status of the installation and the app detection. This compliance status is written into the registry under: “HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps\user\appid\ComplianceStateMessage”. When this is done, the content of “C:\Program Files (x86) \Microsoft Intune Management Extension\Content\Incoming\” is deleted.

In the very last phase, a report of the installation is saved locally and sent to Intune. Additionally, also the IME Cache in “C:\Windows\IME Cache\” is cleaned to finally complete the installation.