How to Delay an Applicaiton to be Installed AFTER Autopilot Enrollment.

Posted on by Summa Lai

To make sure the app isn’t installed during Autopilot, we have got some options at our disposal.

1. You could configure the app as available so end-users could install the app on their own.

2. We could change the App availability to make sure the app is downloaded on a specific date but that’s not what I want.

3. You could configure a Win32app requirement rule to determine if the process: Microsoft Account Sign-in page (WWAHOST.exe) is running

You could do so by using this PowerShell Script as a Requirement rule. When WWAHost is still running it will output False. If WWAHost isn’t running anymore, the output will be True

$ProcessActive = Get-Process "WWAHost" -ErrorAction silentlycontinue
$CheckNull = $ProcessActive -eq $null
$CheckNull

Save above 3 lines as a PowerShell ps1 file. 

And then add it to the "requirements" tab.

If you want to ensure that each time the device gets enrolled, the app is installed AFTER the device is working for a minimum of 1 hour.

Why not just use the creation time of the IntuneManagementExtension folder?

Graphical user interface, text, application, email Description automatically generated

This folder will only be created when a device is enrolling into Intune (when you have WIn32apps/PowerShell scripts in place) We are also blocking the enrolment of personal devices to be 100% sure ONLY autopilot devices/corporate devices can be usedGraphical user interface Description automatically generated

This script below is just as I want it to be, simple!

$AppInstallDelay = New-TimeSpan -Days 0 -Hours 1 -Minutes 0

$ime = Get-Item "C:\Program Files (x86)\Microsoft Intune Management Extension"  | select Name,CreationTime 
$EnrolmentDate = $ime.creationtime

$futuredate = $EnrolmentDate + $AppInstallDelay


#checking date and futuredate
$outcome = ((Get-Date) -ge ($futuredate))  
$outcome

When adding a new App in Intune you could also add a Script as a requirement rule.

Graphical user interface, text, application, email Description automatically generated

After clicking on “add” you will be asked to select the script file and the output data type. As shown below I selected the “Boolean” data type and made sure the “Operator” was configured to “Equals” and the corresponding “Value” to “True/yes”

Graphical user interface, text, application Description automatically generated

After finishing the app creation, I wiped my test device and I made sure the enrollment date was correct

Graphical user interface, text, application Description automatically generated

As shown above, the device was enrolled into Intune around 11:23 and the PowerShell script result is False

Text, letter Description automatically generated

I guess we now need to wait an hour until the requirement rule is met because Intune is also mentioning the App as not applicable.

After waiting some time and rebooting the device to trigger the detection, the requirement rule was met and the app finally started installing!

Ref: Configure Apps to be installed AFTER enrolling in Autopilot (call4cloud.nl)