Skip to content

Deploy IAP Desktop automatically

If multiple users in your organizations use IAP Desktop, you can automate the process of deploying IAP Desktop to users' workstations by using Active Directory or Intune.

To use an Active Directory Group Policy object (GPO) to automate IAP Desktop deployments, do the following:

  1. Download the IAP Desktop MSI package and copy it to a file share that is readable by domain users.
  2. In the Group Policy Management Console, create or select a GPO.

  3. Link the GPO to an organizational unit that contains the users who should be able to use IAP Desktop.

    Note

    IAP Desktop is installed per-user, not per-computer. Make sure you choose a scope that captures relevant users, not computers.

  4. Right-click the GPO and select Edit.

  5. Navigate to User Configuration > Policies > Software Settings > Software installation
  6. In the right window pane, right click on the empty list and select New > Package.
    1. Enter the UNC path to the IAP Desktop MSI package.
    2. In the Deploy software dialog, select Assigned and click OK.
  7. Right-click IAP Desktop in the list of packages and select Properties.
    1. Switch to the Deployment tab.
    2. Set Install this application at logon to Enabled.
    3. Click Advanced
    4. Set Ignore language when deploying this package to Enabled, then click OK.
    5. Click OK to close the properties dialog.
  8. Close the Group Policy Management Editor window.

To use the Intune Settings Catalog to automate IAP Desktop deployments, do the following:

  1. Create an empty folder on your local computer.
  2. Download the IAP Desktop MSI package and save it to the empty folder.
  3. Download the Microsoft Win32 Content Prep Tool .

  4. Open a command prompt and convert the IAP Desktop MSI package into a .intunewin file:

    IntuneWinAppUtil -c FOLDER -s IapDesktopX64.msi -o .

    Replace FOLDER with the path of the folder that contains the IAP Desktop MSI package.

  5. In the Intune admin center , go to Apps > Windows..

  6. Click Add and configure the following:

    1. Set App type to Windows app (Win32).
    2. Click Select.

  7. Click Select app package file and do the following:

    1. Select the .intunewin file that you created previously by running IntuneWinAppUtil.
    2. Click OK.

  8. On the App information page, do the following:

    1. Set Publisher to Google
    2. Click Next.

  9. On the Program page, click Next.

  10. On the Requirements page, do the following:

    1. Set Operating systema architecture to 64 bit.
    2. Set Minimum operating system to Windows 1607.
    3. Click Next.

  11. On the Detection rules page, do the following:

    1. Set Rules format to Manually configure detection rules.
    2. Set Rule type to MSI.
    3. Click OK.
    4. Click Next.

  12. On the Dependencies page, click Next.

  13. On the Supersedence page, click Next.

  14. On the Assignments page, do the following:

    1. Select users who should be able to use IAP Desktop.
    2. Click Next.

  15. Click Create.

What's next