Intune Update Scenario

Copper Contributor

Hi Guys,


I havent found something that helps me with my question so I created a new thread for this.


When deploying a software package in intune you do this by using Active Directory groups. When deploying an update of a pre-existing app what is the best case szenario for it? I have already read, that it is recommended to edit the already pre-existing package and change the installation file. But what about having two ad groups? The first parent group is for managing all the end users (Example Group Name: Google Chrome). And then there is another child ad group which is the installation group of the current version (Google Chrome Version 1.2.3)? So if adding a new version, i just change the child group, so that i can keep all older versions in case of emergency Downgrades? Would that be a practicable way?


Thanks for your help!

5 Replies

To upgrade a LOB App in intune, just replace the msi with a newer version.


No need to make groups for different versions as Intune only supports upgrading, not downgrading.


The only reason to publish different versions would be for a pilot group or for users that require a spesific version.

- Jens Tore Fremmegaard -



Hey thanks for your fast reply.


So in my case it isnt a MSI we use a Powershell-Wrapper, that is packed into a intunewin-file. With that way, downgrading should be still possible I guess?


So if I replace the MSI (or in my case the intunewin-file) intune will start a (re)installation on every client, even though it is already installed on that client with a different version? Or does intune still compares the detection rule if the app is already installed?

I belive you have to update your detection rule to something version spesific to trigger a new install as the detection rule is one of the first actions that's triggered during Win32 deployment.

You can try adetection rule with type File with detection method String(version)

- Jens Tore Fremmegaard -


Okay thats also an interesting point; My Wrapper writes a Branding with the Softwareversion into the registry. Actually I only check, if the Branding exists, but due to your information I will compare the Version-Key.


What still dont me make happy is that intune doesnt removes the old version. If you have a MSI this will probably be no problem as it checks the Upgradecode. But if you have an EXE-File, then you could get trouble when the software doesnt detects, that theres already a preversion installed - which could end in having two different Versions on that client. Still trying to find a solution for that...


If I choose the way, to create an app for each version, then I could assign the uninstallation of the preversion to the current version. But is there a chance to create a installation order? So that first of all the uninstallation assignment will be executed and then after it the installation?

@sebamedo For a spesific installation order, trigger a script as the installation executable or as a custom detection rule to clean up the old version before triggering the new install.

- Jens Tore Fremmegaard -