Third Party Patching

How to Automatically Update Apps in Intune with Dynamic Win32 App Deployment

Topics: Third Party Patching

Greetings, fellow IT admins! Have you ever deployed Win32 applications through Intune, only to discover a week later that a new version has been released? Repackaging setup files and editing your Win32 app again can be tedious and time-consuming. I bring you good news! There is a way to deploy a Win32 app and have it always install the latest version of the app on the computer. 

To achieve this, we will deploy a PowerShell script as a Win32 app. This script will grab the latest version from the vendor’s site, download it, and then install it on the end computer. IT admins will not have to repackage the same app over and over again, edit their Win32 apps with every patch, and all your new devices/users will always get the latest version of the application.  

Step by Step Guide

How to Automatically Update Apps in Intune with Dynamic Win32 App Deployment 

The hardest and most important step is finding the permanent download link (aka permalink) for the target application, which will enable the download of the latest version of the application. Find the permalink by either exploring the vendor’s website, reading documentation and release notes, or simply reaching out to the vendor and asking them for it. 

For this example, we will deploy Zoom. See the appendix section below to see a few common apps and their permalinks. 

Building the Script 

Once you find the permalink, it’s time to build the script. You can copy the full script from my GitHub here. I have added comments in the script to assist you in understanding it. 

    Script to install or uninstall latest version of Zoom via PowerShell. This script can be packaged as win32 app and then deployed via intune.

    This script allows you to install or uninstall Zoom on a Windows system.
    Author: Lovepreet Singh (Recast Software)
    Date: March 13, 2024
    Version: 3.0
    This script is provided as-is and without warranty. Use it at your own risk.

    Copy and paste the below commands in Command prompt (run as admin), Or in Intune install/unisntall command section.

    For Install:> Powershell.exe -NoProfile -ExecutionPolicy ByPass -File .\Install_Zoom.ps1 --install
    For Uninstall:> Powershell.exe -NoProfile -ExecutionPolicy ByPass -File .\Install_Zoom.ps1 --uninstall

param (

#Give a app name and specify the permalink
$AppName = "Zoom"
$DownloadURL = ""

# Specify the full path to the MSI file. In my case i am storing this in the Temp folder.
$MSIFilePath = "$env:TEMP\$AppName.msi"

if ($Install) {
    $InstallCommand = "msiexec /i '$MSIFilePath' /qn"

    # Suppress progress reporting                           #By suppressing the progress bar, the download speed increases 10x. This is a global variable used by powershell itself.
    $ProgressPreference = 'SilentlyContinue'     

    # Download the MSI file
    Invoke-WebRequest -Uri $DownloadURL -OutFile $MSIFilePath

    # Install Zoom silently and enable Zoom auto updates
    Start-Process -FilePath "msiexec" -ArgumentList "/i `"$MSIFilePath`" /qn /lex zoommsi.log ZoomAutoUpdate=1" -Wait

    # Remove the downloaded MSI file
    Remove-Item -Path $MSIFilePath -Force

#Below is the Uninstall parameter of this script. At first i wanted to copy the Install parameter and just replace the /i with /x to uninstall. But this is a bad idea. Why?
# Maybe the user will uninstall after 6 months, by then Zoom might have a new version with new MSI, with a differnt msi product code, so the uninstall can fail, instead we will below mentioned method

elseif ($Uninstall) {

    $Query = "SELECT * FROM Win32_Product WHERE Name LIKE '%$AppName%'"

    # Query for products that match the criteria
    $Product = Get-WmiObject -Query $Query | Select-Object -ExpandProperty IdentifyingNumber

    # Un-Install Zoom silently
    Start-Process -FilePath "msiexec" -ArgumentList "/x $Product /qn" -Wait


Packaging the Script 

Now that you have the .ps1 script file downloaded and edited (if needed), it’s time to package it. Use the Microsoft Win32 Content Prep Tool, which you can download here

For more information on this tool visit

Using the Win32 Content Prep Tool 

Refer to this previous post to learn how to package using the Win32 content prep tool. There are three major differences for us in this scenario compared to the post: 

  • We will use “Install_Zoom.ps1” as the setup file instead of “Zoom.msi”.  
  • We will use our custom Install and Uninstall commands in Intune win32 application setup. 
Update Apps in Intune with Dynamic Win32 - install and uninstall commands
  • For Detection Rule, we will use the file version. 
Update Apps in Intune with Dynamic Win32 - file version
Update Apps in Intune with Dynamic Win32 - Rule created

Note: While this method is great for ensuring that new users and devices will always get the latest version available, it is not perfect. For example, when a newer version of Zoom is released after, the detection rule will read it as already installed because “Greater than or equal to” will be true for all new versions. 

Thankfully, Zoom has a prebuilt MSI switch (ZoomAutoUpdate=1) as shown in the script, which will always keep Zoom updated. However, this switch may not be available for other applications.

Beyond Updating Apps with Win32 App Deployment   

If you are looking for a more complete and comprehensive third-party application lifecycle management tool, which will create, deploy, update, retire, and delete your applications automatically, check out Application Manager by Recast.  

This eBook also gives some good perspective on the challenges and risks of manually patching apps. 


Back to Top