| **Field name** | **Details** |
| Name | This field sets a meaningful application name to display to users (i.e., **Apptimized Intune Test**) |
| Supported accounts | This option identifies types of accounts that can use the application. Three options available: - Accounts in this organizational directory only; - Accounts in any organizational directory; - Accounts in any organizational directory and personal Microsoft accounts; - Personal Microsoft account only. |
| Redirect URI | This setting is optional, and the values can be provided later. [](https://docs.apptimized.com/uploads/images/gallery/2020-05/dEYiRGrv0j8eCFmJ-intune_07.png) |
**Note.** When clicking on the **Add** button, the client secret value appears (i.e., **~\_fd-Y49~haNZ~g8RbDz9yQCF4KQ\_\_1j49**). A user must copy the value to the clipboard to use it in the client’s application code. It becomes inaccessible once a user leaves this page. The **Client secret** value correlates with the **Client secret** field when integrating **Intune** into the **Apptimized** portal.
[](https://docs.apptimized.com/uploads/images/gallery/2022-08/ksgCXV9lGzvrlvxw-intune_11_02.png) The option to [configure permissions](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent) to the application to call API is available under **All services** > **App registrations** > Select the application in the list > **Manage** menu > **API permissions** > Add a permission > **Microsoft Graph**. [](https://docs.apptimized.com/uploads/images/gallery/2020-05/vcOAtYP74pNPHpkV-intune_12.png) **Microsoft Azure** portal shows the following screen when successful: [](https://docs.apptimized.com/uploads/images/gallery/2020-05/LbjJm0Jl5zdNW88e-intune_13.png) The option to set the types of permissions to the application is available under the **Delegated permissions** button > Select the permissions from the list > **Add permissions** button. The screenshot below shows the list of enabled permissions: [](https://docs.apptimized.com/uploads/images/gallery/2024-03/intunepermissions1.png) Some delegated permissions can be consented by non-administrative users, but some higher-privileged permissions require administrator consent. The option to grant permissions is available under the **Grant admin consent for \[company name\]** button. [](https://docs.apptimized.com/uploads/images/gallery/2022-11/7x9tcR8L6ovBVp9e-Intune_51_1.png)**Note.** If the application runs as a background service or daemon without a signed-in user, the required option is **Application permissions**. The **Applications permissions** are the permissions that are used by applications that run without a signed-in user present. Using Application permissions enables Apptimized users to push packages to Intune without requiring an own Intune access or even an AAD account in the target Azure directory. By configuring the use of application permissions, the API will be authorized to push packages to Intune without requiring an authenticated AAD Intune user with adequate permissions to provide this authorization. [](https://docs.apptimized.com/uploads/images/gallery/2024-03/intuneapppermisions.png) The **DeviceManagementApps** permissions in **Applications permissions** are identical to **Delegated permissions** group. [](https://docs.apptimized.com/uploads/images/gallery/2024-03/permissionsintune.png)
#### Integration of the application from the Microsoft Azure portal into the Apptimized portal The one-time configuration is available for project administrators under the **Project** menu > **Administration** > **Settings** > Integration section > **Intune**. [](https://docs.apptimized.com/uploads/images/gallery/2020-05/NtaZSECAxPcl6tTM-intune_22.png) **Intune** becomes active when switched on and once the required settings are completed. All required fields are marked with an asterisk \*. [](https://docs.apptimized.com/uploads/images/gallery/2021-12/4gqSRUSIBNFOGS8Q-intune_23_2.png) Table 2. Basic settings| **Settings** | **Details** |
| Tenant Identifier | The **Tenant Identifier** corresponds to the term **Directory (tenant) ID** in the **Microsoft Azure** portal. The Directory (tenant) ID is a unique identifier generated automatically by the Microsoft Azure portal for every application during its creation. [](https://docs.apptimized.com/uploads/images/gallery/2020-05/fw0KzOjRiNVogdTB-intune_25_1.png) |
| Client Identifier | The **Client Identifier** corresponds to the term **Application (client) ID** in the **Microsoft Azure** portal. The Application (client) ID is a unique identifier generated automatically by the Microsoft Azure portal for every application during its creation. [](https://docs.apptimized.com/uploads/images/gallery/2020-05/Z0tLJtUsY8NZG6bs-intune_25_2.png) |
| Client Secret | The **Client Secret** corresponds to the term **Value of secret** in the **Microsoft Azure** portal. The **Client Secret** is a unique identifier generated automatically by the Microsoft Azure portal for every application during its creation. [](https://docs.apptimized.com/uploads/images/gallery/2021-12/SDy363ecyaq35vzd-intune_42.png) [Learn more](#bkmrk-application-registra). |
| Use applications permissions | The **Use application permissions **correspond to the term [**Applications permissions**](https://docs.apptimized.com/link/110#bkmrk-note.-if-the-applica) in the **Microsoft Azure **portal. The **Applications permissions** are the permissions that are used by applications that run without a signed-in user present. Using Application permissions enables Apptimized users to push packages to Intune without requiring an own Intune access or even an AAD account in the target Azure directory. By configuring the use of application permissions, the API will be authorized to push packages to Intune without requiring an authenticated AAD Intune user with adequate permissions to provide this authorization. [](https://docs.apptimized.com/uploads/images/gallery/2021-12/njgHHWqpr71fI9Zd-intune_end_2.png) |
| **Package type** | **Details** |
| MSI | Only packages with a single **MSI** file are supported. All external files (i.e., **CAB** and **CMD** files) should be included in the MSI package. The package size is capped at **8 GB** per package. |
| IntuneWin | The **INTUNEWIN** file is created through the use of the **Microsoft Win32 Content Prep Tool**. The packaging tool converts application installation files into the **.intunewin** format via zipping all files and subfolders To use Win32 app management, a user must ensure the following criteria: - Windows 10 version 1607 or later (Enterprise, Pro, and Education versions); - Devices must be joined to Azure AD and auto-enrolled; - Windows application size is capped at **8 GB** per app. [Learn more](https://docs.microsoft.com/en-us/mem/intune/apps/apps-win32-app-management). |
**Note.** Packages are available for upload from the Apptimized portal to Intune only after finishing the **Packaging** step (Self Service or Factory Service). In other words, the ready-made package that was imported to the project on the **Import** step (i.e., the Package step is skipped) is not available for upload to Intune.
Apptimized portal supports the One-To-One-Integration model (i.e., 1 Apptimized project can be integrated into 1 Client App on the Microsoft Intune). The option to upload the package to Microsoft Intune is available under the **Project** menu > **Dashboards** > **Portfolio** > Select an application > **Actions** column > **Push to Intune** option. [](https://docs.apptimized.com/uploads/images/gallery/2020-05/oqh2j8Kgi7cZoYWi-intune_30.png) [](https://docs.apptimized.com/uploads/images/gallery/2020-05/5tOUbKuDalJrAK0I-intune_31.png) Apptimized portal shows the following screen when successful: [](https://docs.apptimized.com/uploads/images/gallery/2021-09/uRNEXyBlmScubEwy-intune_32_2.png) The **Intune apps list** provides a user the information on the full list of applications from the **Microsoft Intune** portal available in the **Apptimized** portal. The **Intune apps list** enables a user to manage applications from the **Microsoft Intune** portal without leaving the **Apptimized** portal. The option to upload the package to the **Microsoft Intune** portal is available under the **Add IntuneWin** button. The application information screen appears when successful: [](https://docs.apptimized.com/uploads/images/gallery/2021-09/tzGQAIeHL50nEaHk-intune_34_2.png) Table 4. Application settings| **Setting** | **Description** |
| **Application metadata block** | |
| Display name | This setting indicates the application name that will be displayed in the Intune apps list (i.e., **Tim Kosse FileZilla**). A user must make sure that the name of the application is entered as it appears in the Company Portal. All names must be unique. The field comes pre-filled based on the application’s metadata. This field is required. |
| Description | This setting helps the device users to understand what the application is and/or what they can do in the application. This description appears in the company portal. This field is required. |
| Publisher | This setting indicates the name of the developer or the company’s name that distributes the application. This information appears in the company portal. This field is required. |
| Privacy URL | This setting indicates the URL of a website that contains privacy information about the application. The URL appears in the company portal. |
| Information URL | This setting indicates the URL of a website that contains information about the application (I.e., a link to a website or documentation that provides more information about the application). The URL appears in the company portal. |
| **Application installation block** | |
| Install command | This setting configures the application installation command line to install the application (i.e., **msiexec /i "TimKosse\_FileZilla\_3.46.3.msi" /q**). The field comes pre-filled based on the package’s metadata (in the case a package contains the MSI). This field is required. |
| Uninstall command | This setting configures the application uninstallation command line to uninstall the application based on its GUID (i.e., **msiexec /x "{C67DBEF5-4637-451C-991C-8794D3ECA1F6}" /q**). The field comes pre-filled based on the package’s metadata (in the case a package contains the MSI). This field is required. |
| Minimal system architecture | This setting indicates the minimal system architecture requirements. The following options are available: - Windows 10 1607; - Windows 10 1703; - Windows 10 1709; - Windows 10 1803; - Windows 10 1809; - Windows 10 1903. The default value is **Windows 10 1607**. This field is required. |
| Operating system architecture | This setting indicates the operating system architecture type. The following options are available: - 32-bit; - 64-bit. Multiple choice is available. This field is required. |
| Install context | This field indicates the type of execution context the app runs in. The following options are available: - System - User The default value is **System**. |
| **MSI information block** | |
| Product name | This setting indicates the product name that will be displayed n the Microsoft Intune portal (i.e., **FileZilla**). The field comes pre-filled based on the application’s metadata. This field is required. |
| Product code | This setting indicates the product code that is generated automatically using the GUID function (i.e., **{C67BDEF5-4637-451C-661C-8794D3ECA1F6}**). The field comes pre-filled. This field is required. |
| Publisher | This setting indicates the publisher's name that will be displayed in the Microsoft Intune portal (i.e., **Tim Kosse**). The field comes pre-filled based on the application’s metadata. This field is required. |
| Product version | This setting indicates the application version that will be displayed in the Microsoft Intune portal (i.e., **3.46.3**). The field comes pre-filled based on the application’s metadata. |
| **Detection rules block** | |
| Detection type | This setting indicates the detection rule type. The following options are available: - Msi (Verify based on MSI version check); - File (Verify based on file or folder detection, date, version, or size); - Registry (Verify based on value, string, integer, or version). - Script (Verify based on script). |
**Note.** The detection rules are used to detect the presence of the application (i.e., **Microsoft Intune** can determine that the **IntuneWin** package has been installed).
Table 5. Detection rule types| **Detection rule type** | **Description** |
| Msi | [](https://docs.apptimized.com/uploads/images/gallery/2020-05/xOMosFi8LGmF9KdU-intune_35_2.png) The **Product Code** field requires a valid MSI product code for the application. The following options to provide the product code available: - Msi information block > Product code; - To extract from the MSI package. The option to verify the MSI product version in addition to the MSI product code is available under the **Check product version** checkbox. [](https://docs.apptimized.com/uploads/images/gallery/2020-05/k3bgtY3rzyWQLBE7-intune_35_3.png) The option to set the operator condition rules is available under the **Operator** field. The following options are available: - Equals; - Not equal to; - Greater than or equal to; - Greater than; - Less than or equal to; - Less than. The default value is **Equals**. The **product version** field sets the application version that will be used for applying the operator condition rules. All required fields are marked with an asterisk \*. |
| File | [](https://docs.apptimized.com/uploads/images/gallery/2020-05/4WA63h3jpWrJjUdS-intune_35_5.png) The **Path** field requires the full path of the folder containing the file or folder to detect. The **File or folder** field requires the file or folder to detect. The **Detection method** field requires the type of detection method used to validate the presence of the application. The following options are available: - Date created; - Date modified; - File or folder exists; - Size in MB; - String (version). The default value is **File or folder exists**. All required fields are marked with an asterisk \*. |
| Registry | [](https://docs.apptimized.com/uploads/images/gallery/2020-05/xQ2Q3WinuPziw3Cd-intune_35_7.png) The **Key path** field requires the full path of the registry entry containing the value to detect. The **Value name** field requires the name of the registry value to detect. The **Detection method** field requires the type of detection method used to validate the presence of the application. The following options are available: - Key exists; - Key does not exist; - Integer comparison; - String comparison; - Version comparison. The default value is **Key exists**. All required fields are marked with an asterisk \*. |
| Script | [](https://docs.apptimized.com/uploads/images/gallery/2021-07/n6qElzAQIUPY77ef-intune_39.png) The **Script content **field requires the full script code containing the PowerShell script to detect app presence The option to reprioritize signature check is available under **Enforce signature check **checkbox The option to run script in 32 bit mode is available under **Run as 32 bit **checkbox. |