There’s a known issue for Windows Autopilot device preparation. When a managed installer policy is enabled and you’re trying to install Win32 apps during device preparation, you will experience deployment issues.
Managed installer is commonly used by organizations to ensure only trusted applications are allowed to install. The managed installer policy in Intune is configured at the tenant level so it affects all Win32 apps deployed within the organization. Windows Autopilot device preparation doesn’t currently have the capability to ensure the managed installer policy is delivered prior to delivering applications. This can cause deployments with Win32 apps selected in the Windows Autopilot device preparation policy to fail at the App installation phase.
Workaround
To work around this, you can remove Win32 apps from all Windows Autopilot device preparation policies. The managed installer policy and the dependent apps will install after the user gets to the desktop.
Resolution
We’re currently rolling out a change with Intune’s October (2410) service release which will allow deployments to succeed even if Win32 apps are configured by skipping all Win32 and Microsoft Store apps (New) via WinGet selected in the device preparation policy and continuing to the desktop. However, the managed installer policy and the dependent apps will install after the user gets to the desktop.
After this change, in the Windows Autopilot device preparation deployment report, you’ll see the selected Win32 and Microsoft Store apps reported as “Skipped”.
This is a temporary change until a fix is ready to ensure managed installer policy is delivered prior to application delivery during Windows Autopilot device preparation.
We’ll continue to update this post as new information becomes available. If you have questions or comments for the Intune team, reply to this post or reach out on X @IntuneSuppTeam.
