Technical Tip: How to create an Intune Application with a built-in enrollment bundle

If required, it is possible to publish an Intune Application that contains a 'baked-in' copy of an enrollment bundle, which means it is not necessary to store the bundle file on an accessible filestore.

This does, however, mean that a new application must be created regularly to update the enrollment bundle inside the package, rather than just replacing the file on the shared filestore.

Full details of creating an application using IntuneWinAppUtil.exe can be found here: Win32 app management in Microsoft Intune.

The important factors to remember are:

1. Place both agent_x64_release_signed.msi and your generated bundle in the 'source folder' on the local machine.
2. Run IntuneWinAppUtil.exe to create the Intune bundle as described above to create a single .intunewin file for upload to Intune.
3. When setting the 'Install command' during the App creation, make sure to include the BUNDLE_FILEPATH=<enrollment.bundle> in the command, where <enrollment.bundle> matches the filename of the bundle in step 1.
4. The detection rule should be configured with the following registry key set to 'Key exists':

HKEY_CLASSES_ROOT\Installer\UpgradeCodes\729C78E253AAC574EA50AA3E043B5629

Agent updates are recommended to be pushed via the FortiDLP platform agent auto-update process once this detection rule has been configured.