This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 64%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA0%3C/text%3E%3C/svg%3E)
We use InTune for about 50 users, some work in the office and others from home some of the time.
They need to use a Win32 app that is updated every couple of months.
If it was a one-off, I'd create an InTune app from it but its a pain to do every 2 months.
I understand there is a way to allow standard users to do this by trusting the certificate of the publisher. Any suggestions how to do this? I'm a general IT/Network guy not a software developer. Believe me, I've asked the app developer to use a more modern approach. Remote support with QuickAssist doesn't work as I can't enter admin credentials for the UAC. We are a charity so little money for Teamviewer or the like.
Maybe this can be an option for you - https://learn.microsoft.com/en-us/mem/intune/protect/epm-overview
Unfortunately, this requires additional licensing and would triple our costs.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@AdamPollardPowell-0167, Thanks for posting in Q&A. From your description, I know you want to update win32 app. Based as I know, to bulk update win32 app, you can consider win32 supersedence. When you supersede an application, you can specify which app will be updated or replaced. To update an app, disable the uninstall previous version option. To replace an app, enable the uninstall previous version option. Here is a link with more details:
https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-add#step-6-supersedence
If you just want to update some device, not too many and want user to update themselves, you can consider EPM which mentioned by Rahul. Microsoft Intune Endpoint Privilege Management (EPM) allows your organization’s users to run as a standard user (without administrator rights) and complete tasks that require elevated privileges.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Its an option but still quite a time outlay for something that is updated so regularly. I see little or no advantage to just rolling it out again with app deployment using .intunewin files.
@AdamPollardPowell-0167, Thanks for the reply. For the regular update app, maybe you can consider upload to Microsoft store and deploy it via Intune. Based as I know, the update for store app is automatic.
https://learn.microsoft.com/en-us/mem/intune/apps/apps-add#app-types-in-microsoft-intune
I wish the developers would modernise their software. They only release updates to customers who are still paying for the licence and not sure how they could monetize that via the MS Store. I guess they could just have a renewable key that could be emailed out.
@AdamPollardPowell-0167, Thanks for the reply. I agree with this too. modernize the software will bring convenient. You can feedback to the software developer to take this into consideration.