Deploy EXE file from Microsoft Intune using Azure Blob Storage

A couple of weeks ago I managed to get my first deployment of executables to work with Microsoft Intune. This approach not only allows for deployment of EXE files but also MSI files alongside other files like DLL, CAB and MSP files. Basically building a deployment package that can be distributed by using Microsoft Intune and Microsoft Azure blob storage. The solution is not the most beautiful in the world by far, but it seems to do the job which is the important part until Microsoft provides a better solution for the community.

The solution is using a combination of Microsoft Azure blob storage and the newly introduced PowerShell script support in Intune (Also known as Project Sidecar). We will be able to use a PowerShell scripted deployment on the clients like many admins have done for many years in Active Directory using either a Batch, VBScript or PowerShell in Group Policies.

The PowerShell scripts showned in this article are intentionally fairly basic, but you can add your own logic into the script to check for whether the software is already installed, previous installations or any pre-requistes on the client.


<Will be posted at a later time…. >


  • You need a Microsoft Azure Subscription for using Azure Storage Account
  • You are using Windows 10 version 1607 or later
  • You have a Microsoft Intune subscription
  • Device needs to be Azure AD Joined


The following steps provides guidence on how to configure your Azure storage account for storing your setup files.

  1. Create a Microsoft Azure Storage Account.
  2. Within the newly created storage account create a new “container”.
  3. Upload the Installer/Package you need to deploy.
  4. Create a new “Shared Access Signature“.
  5. Combine this SAS with the URL for your package and test that you can download the package with your package from a browser. ex.
  6. Modify either the PowerShell script for single file executable deployment or package deployment witih multiple files.
  7. Import the script into Microsoft Intune PowerShell script.
  8. Assign the PowerShell script to a group.
  9. Wait for the magic to happen on the clients.

Dropbox PowerShell Script example:

Other examples can be found here:


For the solution to work as expected you need to have the “Microsoft Intune Management Extension” installed on the client. The extension is automatic installed by Microsoft Intune and should be in “App/Remove Programs”. You can see that Microsoft Intune will download a temporary copy of the PowerShell script to the folder “C:\Program Files (x86)\Microsoft Intune Management Extension\Policies\Script” during execution of the PowerShell.

You should also take a look at the blog post by Oliver Kieselbach:

A BIG THANKS for some great input to Per Larsen.



Peter van der Woude made a greate article on Chocolatey: “Combining the powers of the Intune Management Extension and Chocolatey

Aaron Parker wrote a blog post on deployment of the Citrix Receiver: “Deploy Citrix Receiver to Windows 10 with Intune and PowerShell

Another approach would be to use NuGet packages and deploy them using Chocolatey as mentioned by both Per Larsen and Lars Krogh.






  1. Curious about how Intune Management extensions retries to install powershell script. I performed the example you showed and I found the install trying to happen repeatedly over a long period of time even though the initial install went fine.

    1. I have not seen this behavior myself, but they due to a change to the Intune Management Extension that might allow the script to execute multiple times or perform re-execution of the script. What is the status of the script deployment within the Intune Console (Azure Portal)? Did the deployment fail?

      Have anyone else seen this behavior?

  2. This article is great, potentially saved me a lot of headache!

    I’ve got a device which is AAD Joined, I’ve set up the files in Azure blob storage as listed above, added them to InTune, assigned a group, but the scripts look to not be running. I attempted running one of the scripts on the machine itself and it advised that my execution policy wouldn’t allow the scripts to run. Could this be blocking it from the cloud? I’ve got it set to Unrestricted for testing purposes at the moment.They run unrestricted, but with the security prompt in the PS window.

    Any ideas?

Leave a Reply

Your email address will not be published. Required fields are marked *