How to convert existing discovered apps for windows 11 enrolled devices to intune managed apps

Copper Contributor

I have a number of enrolled computers that are EntraID joined which have marketplace applications like WinRAR and Notepad++ that were installed locally before enrollment.  Additional users also had local Admin permissions and had installed those apps at some point.

 

By using Defender Vulnerability and Intune Discovered apps, I added Win32 WinRAR and NotePad++ as available apps for enrolled devices, for example, in hopes of being able to then have the apps become Intune Managed.    My next hopes were then to use Intune Supersedence to then manage their revisions, accomplishing the ability to manage vulnerabilities and application versions.

 

Does anyone know if there is a way to take a discovered app that was preinstalled on a computer like WinRAR or Notepad++ and "convert" them to managed apps in Intune?

 

3 Replies

Not supported or available out of the box what you are aiming to do. Also supersedence is currently only supported for managed apps. If the users are not expected to have admin permissions then you can look at modifying the membership of administrators group using local group membership profile. Something like this —https://rahuljindalmyit.blogspot.com/2022/02/fixing-issue-of-remote-sign-in-though.html

Thank you Rahul,

Do you think potentially the best approach would be to create a group with the application, then script an uninstall on the discovered apps group that are unmanaged and then perform a required install to the same group? This way the user would not see a difference and then the application on the device would become a managed app? Could I then swap it from Required to Available and would it still be managed at that point?
Again, the uninstall assignment will work for already installed managed app. It will not work for an already installed discovered unmanaged app. There are some options available to tackle this. Push out PS scripts to uninstall unmanaged discovered apps in question first. Then push the apps you want to install. Alternatively you can add logic in your app installation scripts to remove the existing installation and then install the version you want installed. This can tied to supersedence after the app becomes managed. Most importantly, I will suggest to address the provisioning process of the OS. The SOE should be managed from the get go and the users should be setup as standard users.