Microsoft Intune Management Extension – Win32 Apps

What is the Intune Management Extension

The Intune Management Extension is a complement to the out of the box windows management functions like the Mdmclient. The IME allows to install applications on managed systems or to execute e.g., PowerShell scripts. Additionally, the IME checks and reports the compliance state of your device.

How often does the IME sync

The IME syncs per default ever 60 min but you can change the time if you create a registry value Interval in HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\Settings. In this value you can specify the time in seconds.

Where can I find the logfiles

You can find the logfiles in the following folder C:\ProgramData\Microsoft\IntuneManagementExtension\Logs

AgentExecution.log: Logfile for troubleshooting of PowerShell or Proactive Remediation scripts.

ClientHealth.log: Write health events related to the IME and remediation action

IntuneManagementExtension.log: Logfile for installations of Intune Win applications

Sensor.log: Logging of subscribed events

Processing App

Search for the line —->>[Win32App] … from here the actual processing of the app starts

Installation checks

Before the installation can start, two checks are made. The first is a detection if the app is already installed and the second is if the app is applicable for this system this means does the system full fill the requirements of the app.

App Detection check

The detection check is to check if the app is already installed on the system or not. This can be a registry key or the existence of a file or an MSI product code. Addition to that there are also the possibility to write a PowerShell script for the detection. This check is configured during the app creation in Intune.

App Applicability / Requirements check

The applicability check is used to check if the system meets the requirements of the app like min disk space, OS architecture, OS version or you can also create custom checks for a file, registry key or a custom script. Also, this is configured during the creation of the app in Intune.

After that a new download job will be created. This is also where delivery optimization comes into play. The *.intune.bin file is now downloaded into the “C:\Program Files (x86) \Microsoft Intune Management Extension\Content\Incoming\” folder.

When the download is completed the Delivery Optimizations Service is notified that the download is done, and telemetry data is generated for the Deliver Optimization reporting. You can see how many bytes from which source (Internet/Lan/Group/MCC) are downloaded or how long the download took.

Finally, the file hash is checked and the intunewin.bin file is decrypted and unzipped. This *.intunewin file is now located in the “C:\Windows\IMECache\” folder.

App Installation

The detection logic runs based on the app and then they are progressing

for this, the installation script is executed. In our case it is the install.bat script. For the installation an installer process is started as a user or machine session. After the installation is finished the process is evaluated if it ended with an error or if the installation was successful. The status of the installation can be found in the registry: “HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps\user\appid “.

Completion of installation:

In the compliance phase, the compliance is checked based on the status of the installation and the app detection. This compliance status is written into the registry under: “HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps\user\appid\ComplianceStateMessage”. When this is done, the content of “C:\Program Files (x86) \Microsoft Intune Management Extension\Content\Incoming\” is deleted.

In the very last phase, a report of the installation is saved locally and sent to Intune. Additionally, also the IME Cache in “C:\Windows\IME Cache\” is cleaned to finally complete the installation.

Script to Add the Hostname for a URL

# Script to add the Hostname
# C:\Windows\System32\drivers\etc - Hosts has been added newly

Function Test-hostname	{
## Allows the use of -WhatIf
    [CmdletBinding(SupportsShouldProcess=$True)]

param(
    ## LogFile path for the transcript to be written to
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)]
        $LogFile = ("C:\xyz\LOGS\"+"Addtohosts"+'.log'),

    ## All verbose outputs will get logged in the transcript($logFile)
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)]
        $VerbosePreference = "Continue",

    ## All errors should be withheld from the console
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)]
        $ErrorActionPreference = "SilentlyContinue"
		
  ## Hostname declaration and its IP
      ,[string]$DesiredIP = "00.00.00.00"
    ,[string]$Hostname = "kamalakannansccmblog.wordpress.com"
	,[bool]$CheckHostnameOnly = $false 
	)
	
	  ## Begin the timer
        $Starters = (Get-Date) 
	
	 ## Check $VerbosePreference variable, and turns -Verbose on
        Function global:Write-Verbose ( [string]$Message ) {
            if ( $VerbosePreference -ne 'SilentlyContinue' ) {
                Write-Host "$Message" -ForegroundColor 'Green'
            }
        }

        Start-Transcript -Path $LogFile
        Write-Verbose "Start time: $starters"
        
    ## Check $VerbosePreference variable, and turns -Verbose on
        Function global:Write-Verbose ( [string]$Message ) {
            if ( $VerbosePreference -ne 'SilentlyContinue' ) {
                Write-Host "$Message" -ForegroundColor 'Green'
            }
        }
	
# Adds entry to the hosts file.
#Requires -RunAsAdministrator
$hostsFilePath = "$($Env:WinDir)\system32\Drivers\etc\hosts"
$hostsFile = Get-Content $hostsFilePath

Write-Host "About to add $desiredIP for $Hostname to hosts file" -ForegroundColor Gray

$escapedHostname = [Regex]::Escape($Hostname)
$patternToMatch = If ($CheckHostnameOnly) { ".*\s+$escapedHostname.*" } Else { ".*$DesiredIP\s+$escapedHostname.*" }
If (($hostsFile) -match $patternToMatch)  {
    Write-Host $desiredIP.PadRight(20," ") "$Hostname - not adding; already in hosts file" -ForegroundColor DarkYellow
} 
Else {
    Write-Host $desiredIP.PadRight(20," ") "$Hostname - adding to hosts file... " -ForegroundColor Yellow -NoNewline
    Add-Content -Encoding UTF8  $hostsFilePath ("$DesiredIP".PadRight(20, " ") + "$Hostname")
    Write-Host " done"
}
}
Test-hostname

RemoveAppxPackage – Windows OS

<
<#
.SYNOPSIS
   This is AppxPackage removal script for the autopilot build devices

.DESCRIPTION
RemoveAppxPackage

.PARAMETER  
	Default Parametername

.EXAMPLE
	powershell -executionpolicy bypass -file RemoveAppxPackage.ps1

.NOTES
	NAME:		<RemoveAppxPackage>
	AUTHOR:		Kamalakannan
	KEYWORDS:	Keyword1


.CHANGE
	Author : Kamal 25/01/2023
	Version 1.0
	#>

Function main {

## Allows the use of -WhatIf
    [CmdletBinding(SupportsShouldProcess=$True)]

param(
    ## LogFile path for the transcript to be written to
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)]
        $LogFile = ("C:\xyz\LOGS\"+"RemoveAppxPackage"+'.log'),

    ## All verbose outputs will get logged in the transcript($logFile)
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)]
        $VerbosePreference = "Continue",

    ## All errors should be withheld from the console
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)]
        $ErrorActionPreference = "SilentlyContinue"
)

    ## Begin the timer
        $Starters = (Get-Date) 
	
	 ## Check $VerbosePreference variable, and turns -Verbose on
        Function global:Write-Verbose ( [string]$Message ) {
            if ( $VerbosePreference -ne 'SilentlyContinue' ) {
                Write-Host "$Message" -ForegroundColor 'Green'
            }
        }

        Start-Transcript -Path $LogFile
        Write-Verbose "Start time: $starters"
        
    ## Check $VerbosePreference variable, and turns -Verbose on
        Function global:Write-Verbose ( [string]$Message ) {
            if ( $VerbosePreference -ne 'SilentlyContinue' ) {
                Write-Host "$Message" -ForegroundColor 'Green'
            }
        }
  Function Removeappx 
{ 
$applist = @("*communications*"
"*camera*"
"*dolbyaccess*"
"*fitbitcoach*"
"*officehub*"
"*solitairecollection*"
"*Teams*"
"*bingfinance*"
"*zunevideo*"
"*bingnews*"
"*people*"
"*windowsphone*"
"*phototastic*"
"*picsart*"
"*plex*"
"*skypeapp*"
"*SpotifyMusic*"
"*bingsports*"
"*bingweather*"
"*xbox*")
foreach ($app in $applist)
{
	Write-Host "Searching for Appx Provisioned Package: $app"
	Get-AppxPackage $app | Remove-AppxPackage
	$pkglist = Get-AppxProvisionedPackage -online | Where-Object DisplayName -Like $app
	if ($pkglist -ne $null)
	{
		foreach ($pkg in $pkglist)
		{
			Write-Host "Removing Appx Provisioned Package: $app"
			Remove-AppxProvisionedPackage -online -packagename $pkg.PackageName
		}
	}
	else
	{
		Write-Host "Unable to find package $app"
	}	
}
}

 Removeappx
	
    ## Completed Successfully!
        Write-Host (Stop-Transcript) -ForegroundColor Green
}

main

 

Disable the Consumer teams on the windows11

<#
.SYNOPSIS
   This is for the Windows 11 build devices which gets the consumer version and work version of teams installed.

.DESCRIPTION
 Disablewindows11teamsconsumer

.PARAMETER  
	Default Parametername

.EXAMPLE
	powershell -executionpolicy bypass -file DisableTeamsforWindows11.ps1

.NOTES
	NAME:		<SystemTagging>
	AUTHOR:		Engineering
	KEYWORDS:	Keyword1


.CHANGE
	Author : Kamal  14/09/2022
  	Version 1.0

#>

Function main {

## Allows the use of -WhatIf
    [CmdletBinding(SupportsShouldProcess=$True)]

param(
    ## LogFile path for the transcript to be written to
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)]
        $LogFile = ("C:\xyz\LOGS\"+"DisableTeamsconsumerInstallwforwindows11"+'.log'),

    ## All verbose outputs will get logged in the transcript($logFile)
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)]
        $VerbosePreference = "Continue",

    ## All errors should be withheld from the console
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)]
        $ErrorActionPreference = "SilentlyContinue"
)

    ## Begin the timer
        $Starters = (Get-Date) 
	
	 ## Check $VerbosePreference variable, and turns -Verbose on
        Function global:Write-Verbose ( [string]$Message ) {
            if ( $VerbosePreference -ne 'SilentlyContinue' ) {
                Write-Host "$Message" -ForegroundColor 'Green'
            }
        }

        Start-Transcript -Path $LogFile
        Write-Verbose "Start time: $starters"
        
    ## Check $VerbosePreference variable, and turns -Verbose on
        Function global:Write-Verbose ( [string]$Message ) {
            if ( $VerbosePreference -ne 'SilentlyContinue' ) {
                Write-Host "$Message" -ForegroundColor 'Green'
            }
        }
	
Function WriteToTeams	{
    $regRoot = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Communications"   
    $installDate = (Get-Date -Format "yyyy-MM-dd HH:mm:ss") 
    $objScriptTime = New-Object -ComObject WbemScripting.SWbemDateTime
    $objScriptTime.SetVarDate($installDate)
    $installDateDMTF = $objScriptTime.Value 
	
	md $regRoot -force
	New-ItemProperty $regRoot -Name "ConfigureChatAutoInstall"     -Value "0"     -PropertyType "String" -Force
          }
		
	WriteToTeams
	
    ## Completed Successfully!
        Write-Host (Stop-Transcript) -ForegroundColor Green
}

main

Setting	Value
Name	Remove Chat
Description	Removes Windows 11 Teams Chat
OMA-URI	./Device/Vendor/MSFT/Policy/Config/Experience/ConfigureChatIcon
Data type	Integer
Value	3

Managing the Teams Chat icon on Windows 11 – Windows Client | Microsoft Docs – refer this link for the settings.

Getting rid of Teams (consumer), revisited – Out of Office Hours (oofhours.com) – we did this work based on the Mike blog.