Security and Compliance
The Struggle of Packaging Applications
Topics: Security and Compliance
Last month, my colleagues Nico Zieck and Ben Ward hosted a session on packaging applications at the Modern Endpoint Management Summit, EMEA edition, at the Microsoft campus in Paris. Since this topic is quite popular, I’ve decided to write a blog post about it, but with a slightly different twist. In this blog, I’ll compare the. intunewin format, MSIX, and Liquit using the incredibly popular Notepad++ app as an example. Just kidding—it’s just a cool application to demo!
Common Scenario in Packaging Applications
Ever found yourself in this all-too-familiar scenario? You’ve added your applications, including Win32 and MSIX apps, into Microsoft Intune with all the settings. Then your IT manager or Security Officer informs you that something needs to be updated for those apps immediately. Dang. Really? Now you must redo the entire package process.
Why Repackage Applications into .intunewin or MSIX Formats?
Why are we still repackaging into .intunewin or MSIX formats? Is it still necessary, or could the process be significantly simplified?
In this blog, I dive into a comparison of .intunewin format, MSIX, and Liquit. First, let’s briefly explain both formats.
Understanding the .intunewin Format
The .intunewin format is utilized by Microsoft Intune to package classic Windows (Win32) applications for distribution. To upload a Win32 app to Microsoft Intune, it’s essential to prepare the app using the Microsoft Win32 Content Prep Tool. This tool processes classic Windows (Win32) apps and transforms the application installation files into the .intunewin format. It also identifies several attributes that Intune requires to determine the application’s installation status. Essentially, it’s a zip file containing installation files and any necessary subfolders.
What is MSIX?
Introduced by Microsoft in 2018, MSIX is the newest packaging format for distributing Windows applications. It aims to modernize the packaging, deployment, and update processes of Windows software. An MSIX package is a container that houses all of an application’s components, including executable files, libraries, registry settings, and other dependencies. It’s a comprehensive solution designed to simplify application management.
The Cost of Packaging Applications
To shed some light on this, we’ve researched on Reddit and directly asked a few of our customers. The first step is categorizing an application into the right complexity level. Generally, there are three levels:
- Standard: Including installation and deployment testing, a standard app takes about 4 hours to package.
- Medium: A medium complexity app can take up to 8 hours.
- Complex: The most intricate applications can require 12 hours or more.
Predicting whether an application will be standard, medium, or complex is a challenge. Sometimes, you don’t know until you’ve already spent hours troubleshooting one issue after another.
From our research, we’ve found that packaging a single application can take 4 hours or more, with the average cost around $250 per hour. Even for small organizations, 5-10 applications need repackaging each month due to updates. Notepad++, for example, releases a new version monthly. Google Chrome Enterprise and Adobe Reader DC release new versions every four weeks. So, repackaging 5-10 applications per month is a conservative estimate for small organizations. On the other end of the spectrum, we work with medium to large organizations who package 100-300+ applications per month.
Real-World Example: Packaging Notepad++
Let’s use Notepad++ as our case study. Our aim is to carry out a custom installation of this application in .intunewin format, MSIX, and within Liquit to understand the major differences and how much time it takes to package using each method. We’ll implement the following settings:
- Disable Auto Update
- Make the Dutch language available
- Set the Dutch language as default
- Turn on Dark Mode with Green Tones
- Set Large Icons
- Install the plugin ComparePlus
Let’s get started!
Creating a Win32 App in Microsoft Intune
Creating the Install.cmd: 1:00 min (necessary for adjustments we want to achieve for Notepad++) | 1:00 min |
Create .intunewin file and putting it in Intune | 2:52 min |
Total | 3:52 min |
Adding 1 minute for creating Batch Script which is used and shown in the video. Creating the Batch script is an integral part of the process. However, these steps won’t be visible in the video. From my perspective, the time estimates are conservative.
Challenges within Intune
To get a Win32 app up and running within Intune, complete with all custom settings, scripting within the .intunewin file is essential. If a new version of Notepad++ becomes available next month, we’ll need to create a fresh .intunewin package with the updated version and tweak the script as necessary. Finally, there’s the deployment phase, which can span anywhere from 2 to 4 hours.
Creating an MSIX Package
Time to create MSIX package | 2:40 min |
Creating PowerShell Scripts and JSON file | 1:30 min |
Total | 4:10 min |
Adding 1:30 minute for creating PowerShell Script and JSON file which are being used and shown in the video. Creating the JSON file and the PowerShell script is an integral part of the process. However, these steps won’t be visible in the video. From my perspective, the time estimates are conservative.
Overcoming MSIX Limitations
MSIX does not offer a solution out of the box for custom actions. We need this to copy nativeLang.xml to %localappdata%PackagesNotepadplusplus_5akpkjxvda7ryLocalCacheRoamingNotepad++. This will set the default language to Dutch.
To make this available, you can trigger a PowerShell Script during the launch of the application with Package Support Framework (PSF).
I won’t delve deeply into the specifics of PSF, but in essence, it’s an open-source initiative facilitating the creation of straightforward remedies for applications lacking accessible source code.
The standard fixes include:
- Redirection of files (useful when the application needs to write in an inaccessible location).
- Adding arguments to applications (previously known as shortcuts).
- Executing PowerShell scripts upon launching or closing applications.
Steps to take:
1. | Add PSF Binaries in the root of the MSIX |
2. | Edit the manifest file in the MSIX Packaging Tool => Change the application to open the PSFLauncher64.exe |
3. | Create and add the config.json in the MSIX => This will tell the PSF Launcher what to do, in our case run our PowerShell script |
4. | Create and add the PowerShell script in the MSIX => Needed to run a custom action “copy the nativeLang.xml to the LOCALAPPDATA” during the launch of Notepad++. |
Now that we’ve got our MSIX package, we still need to get this distributed onto the devices. Naturally, this is a time investment, and there are several ways we could do this, including the use of Microsoft Intune, Liquit, Group Policy Objects (GPOs) with PowerShell Scripts, or third-party Workspace Management software.
Creating a Notepad++ Package in Liquit
Time to create Notepad++ package in Liquit and publish to the users | 2:45 min |
Total | 2:45 min |
Imagine having to keep Notepad++ up to date each month. With Liquit, you only need to create the Notepad++ package once from the Liquit Setup Store with the custom settings. From then on, Notepad++ will be automatically updated, eliminating the need for repackaging.
That is right. No more repackaging.
Time Comparison for Packaging Applications
Time for 1 package (minutes) | Time for 10 packages per year (minutes) | |
Intune | 3:52 | 38:40 |
MSIX Package | 4:10 | 41:40 |
Liquit | 2:45 | 2:45 |
Wrap-Up: Simplifying Application Management with Liquit
In the world of increasingly complex applications, the time savings with Liquit become significant. As application complexity grows, Liquit steps up to the challenge, delivering greater efficiency and productivity. The more complex the application, the more time you save. It’s as simple as that. Whether you’re dealing with a standard app or a complex one, Liquit is your go-to solution for simplifying app management.
Conclusion
At Liquit, we believe our platform can make things much simpler and faster for IT teams. As previously discussed, .intunewin and MSIX have their challenges and may not be suitable for repackaging all types of applications.
Liquit can help you save money in several ways:
- No More Repackaging: No need to repackage into .intunewin or MSIX formats, saving you time, energy, and expertise.
- Deployment Time Reduction: Reduce application deployment time from 4 hours to just minutes. Liquit executes every deployment action instantly.
- Ongoing Savings: With each new software version release, you avoid the repackaging process, leading to continuous cost savings.
- Automatically the Latest: Automatically install or patch applications with the latest version using our Liquit Setup Store, reducing worries about vulnerabilities and enhancing software compliance.
- Innovative Configuration Process: Configuring settings (registry keys, drivers, etc.) can be challenging and time-consuming with .intunewin or MSIX formats. Liquit offers an innovative approach, configuring settings just-in-time. Various trigger moments can be set, such as during installation or when launching the application.
Liquit’s platform is designed to streamline application management, making it more efficient and cost-effective. Say goodbye to the repackaging process and hello to a smoother, faster software deployment experience.
Do you have questions we can assist with? Want to learn more by talking with our team? Feel free to reach out to us. We’re always ready to help!