Manage all Windows Features with Intune and PowerShell

Reply A+ A-

In this post I will show you a way to manage Windows Features of your computers using Intune and PowerShell.

You have many computers enrolled in Intune.
You want that all those computers have the same Windows Features configuration.
For instance, you want to enable Hyper-V and Windows Sandbox on all of them, or you want to disable some features.

We will use Microsoft Win32 Content Prep Tool from MS
To download it, go to this link.

The script
You can find the script to set settings, the EXE to create package and the XML file example on the below link.

In this method I will use an XML file to store all Windows Features.
There are three status I configured in the XML:
- Default: Let the current Windows Feature by default on the computer
- Enabled: Enable the current Windows Feature on the computer
- Disabled: Disable the current Windows Feature on the computer

If the Windows Feature status from the XML and the current one from the computer are the same the feature won't change.
For instance, if the Windows Sandbox is already enabled on your computer and the status is set to Enabled in the XML, the Windows Feature won't be in the process.

See below an overview of my XML:

How to generate the XML ?
You can generate the XML file by using the script Generate_XML.ps1 available on GitHub.
Add the parameter -XML_output_Folder with the path where to save th XML.
You can of course creat your own with features you want.
Just keep the same nodes name.

How it works ?
This will work in 3 steps:
- Configure the XML file
- Create the intunewin package
- Create the Win32 app in Intune
- Assign the app

Create the folder project
1. Create a folder Manage_Windows_Features
2. Copy the Manage_Windows_Features.ps1 in this folder
3. Copy the XML file in this folder

Create the package
1. Run IntuneWinAppUtil.exe
2. Select the Source folder 
3. Select the ps1 file
4. Select an output folder
5. A package Manage_Windows_Features.intunewin will be created

Create the Win32 app
We will now integrate the intunewin package into Intune.
1. Go to Intune
2. Go to Client apps
3. Go to Apps
4. Click on Add
5. Select Windows app (Win32) then Select
6. Click on Select app package file

7. Browse to Manage_Windows_Features.intunewin

8. Click on OK
9. Type a name and a publisher name and configure as you want

10. In Install command type the below one:
11. In Uninstall command type the below one:
12. Click on Next
13. Choose your requirements

14. Click on Next
15. In Detection rules, select Manually configure detection rules and click on Add

16. Configure as below or as you want

17. Click on OK 
18. Click on Next
19. In the Dependencies part click on Next
20. In the Scope tags part click on Next
21. In Assignments, go to Required and click on Add group

22. The group will be added

23. Click on Next
24. Click on Create
25. Go to Device install status
26. Once it has been installed, status will be as below:

Get the log
The process will create a log file under C:\Windows\Debug.
See below an overview:

Windows features 7503513369506573529

Enregistrer un commentaire

Accueil item




Learn KQL in one month

You want to support me ?

Mes articles en français

Books in French