Intune Application Creation Options Explained

In this article, we will cover all of the Intune Application Creation Options that are available within the publisher. These are options that apply specifically to the creation of Win32 applications for your Intune tenant. Below is a screenshot of this section as of the writing of this article.

Intune Options

This article does not go over configuring authority, app ID, and secret. For documentation on configuring these items please refer to our setup documentation for Intune here.

Topics covered in this section include:

Digitally sign the detection method script and enforce signature checking on the application in Intune

When this option is checked, it will enforce signature checking for the detection method script.  This option will be reflected in the application’s properties in your Intune tenant under Detection Rules.

enforcing the signature property within Intune tenant

If this option is enabled, you will need to browse for a code-signing certificate from your local computer’s personal store to sign the Powershell detection method scripts for all created applications.  If you also use our product for MEMCM (SCCM), you can use your WSUS code signing certificate that you previously created also to sign the detection method script for Intune apps, as long you are running the service from the same server.  The certificate will still need to be deployed to your Intune-managed clients for the script to be trusted.

Copy the assignments from previously created applications when an updated application is created

The Publisher can immediately add assignments for the apps to Azure AD groups upon creation.  This option can be executed through a right-click action at a global, vendor, or individual level.  Right-clicking a product, vendor, or All Products will give you the option to Manage Assignments. From this window, you can add an assignment for an app or apps as Available, Required, or as an Uninstall.

assign app to azure group

When a new version of an app is created, and the box to copy assignments in the Intune Options window is checked, the Publisher will automatically transfer these assignments to the newly created application.

Update Enrollment Status Page associations with new application when an updated application is created

This option will ensure that the list of selected Win32 applications for an Intune Enrollment Status Page is kept up to date as new versions of applications are published. These Enrollment Status Pages are commonly used during Autopilot. With this checkbox checked the Publisher will ensure the latest version of the published application are associated with your ESP.

Delete the assignments from previously created applications when an updated application is created

This option corresponds with ‘Copy Assignments… feature from above. When the Publisher creates a new version of an application or update, the old version will still exist in the Intune tenant (unless specified to be deleted ie. 1 or 2).  This Win32 application will still have the same assignments that were set before the new version was created.  If the copy assignments option is set you will end up having two different versions of the same Win32 application assigned to your Intune clients.  To avoid this, you would want to enable this option to delete the assignments of the old application, so that only the latest version of the application is assigned to your clients.

Delete any previously created applications when an updated application is created

As explained in Option 2 and 4, when the Publisher runs a sync and finds a new version is released for an application, it will create the new version of the application.  Without selecting this option, the old version of the application will still exist in the Intune tenant.  If this option is enabled, however, the Publisher will delete the old version of the application when the new version is created.  Select this option if you only want to have the latest version of an application that exists in your Intune tenant.

Delete any previously created updates when a new update is published

As explained above, when the Publisher runs a sync and finds a new version is released for an application it will create the new version of the application as an Intune Update.  Without selecting this option, the old version of the Intune Update will still exist in the Intune tenant.  If this option is enabled, however, the Publisher will delete the old version of the Intune Update when the new version is created.  Select this option if you only want to have the latest version of an Intune Update that exists in your Intune tenant.

Run Intune Application Manager Utility

This button will open up a new window that will query for all applications in your Intune tenant.

This window allows you to quickly query all of your Win32 apps within your Intune tenant.  You can also delete assignments or delete the applications in bulk, whereas doing this directly in your Intune tenant requires you to make deletions one app at a time.

Disable the Applications tab for publishing applications to Configuration Manager

Selecting this option will render the ConfigMgr Apps tab invisible within the Publisher console.  If you are only managing devices using Intune, select this option to keep tabs relevant to Configuration Manager out of sight.

Disable the Updates tab for publishing software updates to WSUS

Selecting this option will render the Updates tab invisible within the Publisher console.  If you are only managing devices using Intune, select this option to keep tabs relevant to Configuration Manager out of sight.