Microsoft Intune Integration
Microsoft Intune integrates with Big Picture to deploy Win32 apps when tenant policy is set to MANAGED_BY_IT mode. This integration enables IT teams to control deployment timing and methods while maintaining vendor-controlled release governance.
Overview
Section titled “Overview”Intune integration provides artifacts and metadata for Intune Win32 app deployment. Big Picture continues to govern releases and update policies, while Intune handles deployment scheduling and execution through the Intune Management Extension (IME).
Prerequisites
Section titled “Prerequisites”- Tenant policy — Tenant policy set to
MANAGED_BY_ITmode - Intune configuration — Intune tenant configured for Win32 app deployment
- API access — Service account with
license:readandmirrors:readscopes - Network access — Intune can access Big Picture API and artifact URLs
Integration Flow
Section titled “Integration Flow”- Tenant policy — Vendor sets tenant policy to MANAGED_BY_IT
- Release publishing — Vendor publishes releases through Big Picture
- Metadata query — Intune queries Big Picture for available releases
- Artifact packaging — Intune packages artifacts as Win32 apps
- Deployment — Intune deploys apps using Intune Management Extension
Use Cases
Section titled “Use Cases”Enterprise IT-Managed Deployment
Section titled “Enterprise IT-Managed Deployment”Enterprise customers require IT-controlled deployment for security and compliance. Intune integration enables IT teams to deploy vendor software through familiar tools.
Regulated Environments
Section titled “Regulated Environments”Regulated environments require strict deployment controls. Intune integration enables IT to manage deployments while maintaining vendor-controlled release governance.
Existing Intune Infrastructure
Section titled “Existing Intune Infrastructure”Organizations with existing Intune infrastructure can integrate Big Picture without changing deployment workflows.
Integration Points
Section titled “Integration Points”- Update decisions API — Query available releases and artifacts
- Artifact metadata — Retrieve artifact URLs, checksums, and platform information
- Win32 app packaging — Package artifacts for Intune deployment
- Mirror support — Support for self-hosted artifact mirrors
Configuration
Section titled “Configuration”Tenant Policy
Section titled “Tenant Policy”Configure tenant policy to enable MANAGED_BY_IT mode:
curl -X PUT "${BP_BASE_URL}/v1/tenants/${TENANT_ID}/policy" \ -H "Authorization: Bearer $BP_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "update_action": "MANAGED_BY_IT" }'Intune Win32 App Packaging
Section titled “Intune Win32 App Packaging”Package Big Picture artifacts as Intune Win32 apps:
- Download artifact from Big Picture
- Create Intune Win32 app package
- Configure installation and uninstallation commands
- Upload to Intune
Next Steps
Section titled “Next Steps”Detailed step-by-step guides for Intune integration are planned. These guides will include:
- Complete Intune Win32 app packaging procedures
- Automated metadata query and packaging workflows
- Mirror configuration for regulated environments
- Deployment testing and validation
For now, see the Endpoint Management Tools overview for general integration patterns.
Related Documentation
Section titled “Related Documentation”- Endpoint Management Tools — General endpoint management integration
- Comparisons: Big Picture vs Intune — Intune comparison
- Workflows: Managing Update Policies — Update policy configuration