Automated Application Management for Microsoft Endpoint Manager

Simplify third-party application management

Knowledge Base ArticlesRequest Trial

Intune Application Creation Options Explained

In this article, we will cover all of the Intune Application Creation Options that are available within the publisher. These are options that apply specifically to the creation of Win32 applications for your Intune tenant. Below is a screenshot of this section as of the writing of this article.

Intune Application Options

This article does not go over configuring authority, app ID, and secret. For documentation on configuring these items please refer to our setup documentation for Intune here.

Topics covered in this section include:

  1. Digitally sign the detection method script and enforce signature checking
  2. Copy the assignments from previously created applications when an updated app is created
  3. Delete the assignments from previously created applications when an updated application is created
  4. Delete any previously created applications when an updated application is created
  5. Run Intune Application Manager Utility
  6. Disable the Applications tab for publishing application to Configuration Manager
  7. Disable the Updates tab for publishing software updates to WSUS

Option 1: Digitally sign the detection method script and enforce signature checking on the application in Intune.

When this option is checked, it will enforce signature checking for the detection method script.  This option will be reflected in the application’s properties in your Intune tenant under Detection Rules.

enforcing the signature property within Intune tenant

If this option is enabled, you will need to browse for a code-signing certificate from your local computer’s personal store to sign the Powershell detection method scripts for all created applications.  If you also use our product for MEMCM (SCCM), you can use your WSUS code signing certificate that you previously created also to sign the detection method script for Intune apps, as long you are running the service from the same server.  The certificate will still need to be deployed to your Intune-managed clients for the script to be trusted. 

Option 2: Copy the assignments from previously created applications when an update application is created.

The Publisher can immediately add assignments for the apps to Azure AD groups upon creation.  This option can be executed through a right-click action at a global, vendor, or individual level.  Right-clicking a product, vendor, or All Products will give you the option to Manage Assignments. From this window, you can add an assignment for an app or apps as Available, Required, or as an Uninstall.

assign app to azure group

When a new version of an app is created, and the box to copy assignments in the Intune Options window is checked, the Publisher will automatically transfer these assignments to the newly created application. 

Option 3: Delete the assignments from previously created applications when an updated application is created.

This option corresponds with Option 2. When the Publisher creates a new version of an application, the old version of the application will still exist in the Intune tenant (unless Option 4 is enabled).  This application will still have the same assignments that were set before the new version was created.  If Option 2 is enabled to copy assignments from previous versions of applications to new versions, you will end up having two different versions of the same application assigned to your Intune clients.  To avoid this, you would want to enable this option to delete the assignments of the old application, so that only the latest version of the application is assigned to your clients.

Option 4: Delete any previously created applications when an updated application is created.

As explained in Option 2 and 3, when the Publisher runs a sync and finds a new version is released for an application, it will create the new version of the application.  Without selecting this option, the old version of the application will still exist in the Intune tenant.  If this option is enabled, however, the Publisher will delete the old version of the application when the new version is created.  Select this option if you only want to have the latest version of an application that exists in your Intune tenant. 

Option 5: Run Intune Application Manager Utility

This button will open up a new window that will query for all applications in your Intune tenant.

intune app manager in the publisher

This window allows you to quickly query all of your Win32 apps within your Intune tenant.  You can also delete assignments or delete the applications in bulk, whereas doing this directly in your Intune tenant requires you do make deletions one app at a time.

Option 6: Disable the Applications tab for publishing applications to Configuration Manager

Selecting this option will render the ConfigMgr Apps tab invisible within the Publisher console.  If you are only managing devices using Intune, select this option to keep tabs relevant to Configuration Manager out of sight.

Option 7: Disable the Updates tab for publishing software updates to WSUS

Selecting this option will render the Updates tab invisible within the Publisher console.  If you are only managing devices using Intune, select this option to keep tabs relevant to Configuration Manager out of sight.