How to Deploy Bitwarden Password Manager Using Microsoft Intune

Start by downloading the latest Bitwarden Windows installer from the official website. Navigate to bitwarden.com/download/ and download the Windows desktop installer. The file will be named something like Bitwarden-installer-2024.8.0.exe (version numbers may vary).

Create a working directory on your computer for the deployment files:

New-Item -ItemType Directory -Path "C:\BitwardenDeploy\Source" -Force
New-Item -ItemType Directory -Path "C:\BitwardenDeploy\Output" -Force

Move the downloaded Bitwarden installer to your source directory. Next, download the Microsoft Win32 Content Prep Tool from the official Microsoft documentation. Extract the tool and place IntuneWinAppUtil.exe in your working directory.

Use the Microsoft Win32 Content Prep Tool to convert the Bitwarden installer into the required .intunewin format. Open Command Prompt as administrator and navigate to your working directory.

Run the conversion command:

IntuneWinAppUtil.exe -c "C:\BitwardenDeploy\Source" -s "Bitwarden-installer-2024.8.0.exe" -o "C:\BitwardenDeploy\Output" -q

Replace 2024.8.0 with your actual version number. The -q parameter runs the tool in quiet mode, while -c specifies the source folder, -s the setup file, and -o the output folder.

The tool will create a .intunewin file in your output directory. This process typically takes 1-2 minutes depending on the installer size.

Log into the Microsoft Intune admin center at endpoint.microsoft.com. Navigate to Apps > All apps > Add. Select Windows app (Win32) from the app type dropdown.

Click Select app package file and upload your .intunewin file. Intune will automatically extract metadata from the package. Fill in the app information:

• Name: Bitwarden Password Manager
• Description: Secure password manager for enterprise use
• Publisher: Bitwarden Inc.
• Category: Productivity

For the app information, you can optionally add an icon by downloading the Bitwarden logo from their brand assets page. Set the information URL to https://bitwarden.com and privacy URL to https://bitwarden.com/privacy/.

Click Next to proceed to the program configuration step.

In the Program tab, configure the installation behavior. Set the install behavior to System since Bitwarden should be available to all users on the device.

Configure the install command with silent installation parameters:

Bitwarden-installer-2024.8.0.exe /allusers /S

The /allusers parameter installs for all users, while /S runs the installation silently without user interaction. Replace the version number with your actual installer version.

For the uninstall command, use:

"C:\Program Files\Bitwarden\Uninstall Bitwarden.exe" /allusers /S

Set the device restart behavior to No specific action since Bitwarden doesn't require a restart. Leave the return codes at their default values (0 for success, 3010 for success with restart).

In the Requirements tab, configure the minimum system requirements. Set the operating system architecture to support both 64-bit and 32-bit systems. Set the minimum operating system to Windows 10 1607 as per Bitwarden's official requirements.

For additional requirements, you can specify minimum RAM (2 GB recommended) and disk space (500 MB free space).

In the Detection rules tab, create a file detection rule to verify successful installation:

• Rules format: Manually configure detection rules
• Rule type: File
• Path: C:\Program Files\Bitwarden
• File or folder: Bitwarden.exe
• Detection method: File or folder exists
• Associated with a 32-bit app on 64-bit clients: No

This detection rule ensures Intune can verify that Bitwarden is properly installed by checking for the main executable file.

In the Assignments tab, configure which users or devices will receive the Bitwarden app. Click Add group and select your assignment type:

• Required: Automatically installs on assigned devices
• Available for enrolled devices: Users can install from Company Portal
• Uninstall: Removes the app from assigned devices

For enterprise deployment, typically use Required assignment. Select your target groups - this could be all users, specific departments, or pilot groups for testing.

Configure the assignment settings:

• End user notifications: Show all toast notifications
• App availability: As soon as possible
• Installation deadline: As soon as possible (for required assignments)

If you have any app dependencies (like Visual C++ redistributables), configure them in the Dependencies tab. For Bitwarden, dependencies are typically not required as they're bundled with the installer.

Review all your configuration settings in the final Review + create tab. Verify the app information, install commands, requirements, detection rules, and assignments are correct. Click Create to deploy the application.

Monitor the deployment progress by navigating to Apps > All apps > Bitwarden Password Manager > Overview. The overview page shows installation statistics:

• Succeeded: Devices where installation completed successfully
• Failed: Devices where installation encountered errors
• Pending: Devices where installation is queued or in progress

For detailed troubleshooting, check the Device install status and User install status tabs. These show per-device and per-user installation results with error codes if applicable.

Common installation timeframes:

• Policy sync: 15-30 minutes
• Download and installation: 5-10 minutes
• Reporting back to Intune: 5-15 minutes

As an alternative to Win32 deployment, you can deploy Bitwarden through the Microsoft Store. This method provides automatic updates but requires devices to have Microsoft Store access.

In the Intune admin center, navigate to Apps > All apps > Add. Select Microsoft Store app (new) from the app type dropdown.

Search for "Bitwarden" in the Microsoft Store search box and select the official Bitwarden app. The app details will automatically populate including name, description, publisher, and category information.

Configure the assignments similar to the Win32 method - select your target groups and assignment type. The Microsoft Store method supports the same assignment options (Required, Available, Uninstall).

Benefits of Microsoft Store deployment:

• Automatic updates managed by Microsoft Store
• Simplified deployment process
• No need for .intunewin conversion

Limitations:

• Requires Microsoft Store access (not blocked by policy)
• Devices need two-core processors minimum
• Less control over installation parameters

If your organization uses a self-hosted Bitwarden server, configure client settings to point to your custom server URL. This requires additional Intune configuration policies after the app deployment.

Navigate to Devices > Configuration profiles > Create profile. Select Windows 10 and later as the platform and Settings catalog as the profile type.

Search for and add the following settings:

• Administrative Templates/Bitwarden/Server URL: Your self-hosted server URL (e.g., https://vault.company.com)
• Administrative Templates/Bitwarden/Identity URL: Your identity server URL
• Administrative Templates/Bitwarden/API URL: Your API server URL

If these specific Bitwarden settings aren't available in your Settings catalog, you can use registry settings instead:

Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Bitwarden
Value Name: ServerUrl
Value Type: REG_SZ
Value Data: https://vault.company.com

Assign this configuration profile to the same groups that received the Bitwarden app deployment. Users will need to restart Bitwarden or log out and back in for the server settings to take effect.

For detailed self-hosted configuration, refer to the official Bitwarden documentation at bitwarden.com/help/configure-clients-selfhost/.