How to Deploy Batch Files to Windows Devices using Microsoft Intune

First, download the Microsoft Win32 Content Prep Tool from the official GitHub repository. This tool converts your batch file into the .intunewin format required for Intune deployment.

Navigate to https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool and download the latest IntuneWinAppUtil.exe file.

Create a working directory structure on your packaging workstation:

mkdir C:\IntunePackaging
mkdir C:\IntunePackaging\Source
mkdir C:\IntunePackaging\Output

Copy the downloaded IntuneWinAppUtil.exe to C:\IntunePackaging.

cd C:\IntunePackaging
IntuneWinAppUtil.exe

You should see the tool's help information displaying available parameters.

Create a robust batch file that includes logging and error handling. This ensures you can troubleshoot deployment issues and verify successful execution.

Create a new file called deploy.bat in C:\IntunePackaging\Source:

@echo off
setlocal enabledelayedexpansion

REM Set up logging
set LOGFILE=C:\Windows\Temp\batch_deployment.log
set COMPLETION_FILE=C:\Windows\Temp\batch_deployment_complete.txt

REM Start logging
echo ============================================ >> %LOGFILE%
echo Starting batch deployment script >> %LOGFILE%
echo Timestamp: %date% %time% >> %LOGFILE%
echo Running as: %USERNAME% >> %LOGFILE%
echo ============================================ >> %LOGFILE%

REM Example: Create a company directory
mkdir "C:\CompanyApps" >> %LOGFILE% 2>&1
if %ERRORLEVEL% NEQ 0 (
    echo ERROR: Failed to create directory >> %LOGFILE%
    exit /b 1
)

REM Example: Copy configuration files
echo Copying configuration files... >> %LOGFILE%
REM xcopy "config\*" "C:\CompanyApps\" /Y >> %LOGFILE% 2>&1

REM Example: Install MSI silently (uncomment and modify as needed)
REM echo Installing application... >> %LOGFILE%
REM msiexec /i "setup.msi" /quiet /norestart /l*v C:\Windows\Temp\msi_install.log
REM if %ERRORLEVEL% NEQ 0 (
REM     echo ERROR: MSI installation failed with code %ERRORLEVEL% >> %LOGFILE%
REM     exit /b %ERRORLEVEL%
REM )

REM Create completion marker
echo Deployment completed successfully > "%COMPLETION_FILE%"
echo Batch deployment completed successfully >> %LOGFILE%
echo End timestamp: %date% %time% >> %LOGFILE%

exit /b 0

cd C:\IntunePackaging\Source
deploy.bat

Check that the log file and completion marker are created in C:\Windows\Temp.

Now convert your batch file into the .intunewin format that Intune can deploy. The Win32 Content Prep Tool will create a package containing your batch file and any dependencies.

Open an elevated command prompt and navigate to your packaging directory:

cd C:\IntunePackaging

Run the Win32 Content Prep Tool with the following parameters:

IntuneWinAppUtil.exe -c "C:\IntunePackaging\Source" -s "deploy.bat" -o "C:\IntunePackaging\Output"

When prompted for the catalog folder, type N and press Enter (unless you have specific catalog requirements).

The tool will process your files and create a deploy.intunewin file in the output directory.

dir C:\IntunePackaging\Output\*.intunewin

You should see deploy.intunewin with a file size greater than 0 bytes.

Access the Microsoft Endpoint Manager admin center and upload your packaged batch file as a new Win32 application.

Open your web browser and navigate to https://endpoint.microsoft.com. Sign in with your Intune administrator credentials.

Navigate through the portal:

1. Click Apps in the left navigation pane
2. Select All apps
3. Click Add
4. Choose Windows app (Win32) from the app type dropdown
5. Click Select

In the App package file section:

1. Click Select app package file
2. Browse to C:\IntunePackaging\Output
3. Select deploy.intunewin
4. Click OK

Wait for the file to upload and process. Intune will extract metadata from your package.

• Name: deploy
• Publisher: (your organization)
• Command line: deploy.bat

Click Next to proceed to app configuration.

Configure the application details and program execution settings to ensure proper deployment behavior on target devices.

In the App information section, fill in the required fields:

• Name: Company Batch Deployment Script
• Description: Automated deployment script for company configuration
• Publisher: Your Organization Name
• Category: Business (or appropriate category)
• Optionally upload a logo image

Click Next to proceed to Program settings.

In the Program section, configure the execution parameters:

Configure return codes by clicking Add and setting:

• Return code: 0, Code type: Success
• Return code: 1641, Code type: Soft reboot
• Return code: 3010, Code type: Soft reboot
• Return code: 1618, Code type: Retry

Define the system requirements and detection logic that Intune will use to determine deployment eligibility and success.

In the Requirements section, configure:

• Operating system architecture: 64-bit (recommended)
• Minimum operating system: Windows 10 21H1 or later
• Add any additional requirements like disk space or memory if needed

Click Next to proceed to Detection rules.

In the Detection rules section, click Add and configure a file-based detection rule:

This detection rule tells Intune to check for the completion marker file that your batch script creates upon successful execution.

Configure deployment assignments to specify which users or devices should receive the batch file deployment.

Click Next to skip Dependencies (unless your batch script requires other applications to be installed first).

In the Assignments section, click Add group under the appropriate assignment type:

• Required: Automatically installs on assigned devices
• Available for enrolled devices: Users can install from Company Portal
• Uninstall: Removes the application (not applicable for batch scripts)

For a typical deployment, choose Required and configure:

1. Click Select groups
2. Choose your target device group (e.g., "All Windows Devices" or "Test Devices")
3. Set Make this app required for all devices to Yes
4. Configure delivery optimization if needed

Set the assignment schedule:

• Assignment type: Required
• Start date and time: As soon as possible (or schedule for later)
• Deadline: As soon as possible

Click Next to proceed to Review + create.

Complete the deployment process and monitor the rollout to ensure successful execution across your target devices.

In the Review + create section, verify all your configuration settings:

• App information matches your requirements
• Install command is deploy.bat
• Detection rule points to the completion marker file
• Target groups are correctly assigned

Click Create to deploy the application.

Monitor the deployment progress:

1. Navigate to Apps > All apps
2. Find your "Company Batch Deployment Script" application
3. Click on it to view details
4. Select Device install status to see per-device results

Check deployment status on target devices using PowerShell:

# Check if completion marker exists
Test-Path "C:\Windows\Temp\batch_deployment_complete.txt"

# View deployment log
Get-Content "C:\Windows\Temp\batch_deployment.log" -Tail 20

# Check Intune management extension logs
Get-WinEvent -LogName "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin" | Where-Object {$_.TimeCreated -gt (Get-Date).AddHours(-2)} | Select-Object TimeCreated, LevelDisplayName, Message

• Device install status: Installed
• Completion marker file exists on target devices
• Log file shows successful execution without errors