Windows Autopatch: Migrate to Win32 App
Introduction
If you have configured Autopatch a while back, you might know that the client broker, is getting deployed by a platform script in Microsoft Intune. This is about to change!
Microsoft is recommending to migrate this to a Win32 app for several reasons. See below information from the M365 message center (MC1139484).
As you can see above, it gives us multiple benefits. When support requests are created, it enables automated log collection and additional flexibility to deploy the client broker on-demand.
If you take a look under tenant administration and tenant management in the Autopatch section, you can see the recommendation for migrating to Win32.
Even though this isn't a enforced change, I see multiple benefits of migrating to Win32 app instead. So if you haven't done it already, let's do it together!
Configuration
Navigate to tenant administration in the Intune portal, and click on tenant management under the Windows Autopatch category.
You will now see all your actions available for Autopatch, one of them is "Manage client broker"
If you click on that specific action, you will now get the below view. You can add more groups, or by default you will have the "Windows Autopatch - Devices All".
There is also an option to click "Migrate to Win32 app". Let's go ahead and click on that option.
When we click that botton, we have to confirm, that we want to migrate to Win32.
Once that's done, a new Win32 app will be created in the portal for the client broker. It will contain the same assignments as the platform script.
To make sure that it doesn't cause any issues with the existing deployment, there is a detection rule in place to detect the application.
Once the Win32 app has been fully migrated, the platform script will be automatically removed from the portal.
The Win32 App
I was wondering what was included in the .intunewin file, so I had to check it. With the help of Oliver Kieselbachs tool "IntuneWinAppUtilDecoder", I could retrieve the file from Intune and decode it.
Now to the big surprise, what's really included in the .intunewin file?
Hmm, not that exciting! But we had to take a look, the file only consists of the MSI installer of the ClientBroker.
From Device Perspective
When a device that already has Autopatch installed checks in with the Intune service, it will evaluate the detection rule that has been created in Intune. As you can see from below picture, the application is detected.
This means if you got the client broker from the old method (platform script), it will not install the client broker again.
I was waiting and waiting for the toast notification "Downloading and installing..." on a new device, however after a fair amount of time waiting, I checked the app in Intune.
It seems like Microsoft have hidden all toast notifications from the end users. This means that the client broker will get installed in the background, without the users noticing it.
Conclusion
Thanks for reading this short blog, about migrating the client broker from platform script to Win32. I hope it gave you some insights, about what happens when you click on the magic migrate button.