Breadcrumbs

Packaging Enpass for Windows via Microsoft Intune

This guide covers deploying Enpass Password Manager to Windows endpoints using Microsoft Intune. Two deployment methods are available: Win32 app (recommended) and Microsoft Store app.

Method 1: Win32 App (Recommended)

The Win32 method uses the standalone Enpass-setup.exe installer and supports full app configuration via registry keys.

Step 1: Prepare the Installer

  1. Download the latest Enpass Windows installer from enpass.io/downloads.

  2. Use the Microsoft Win32 Content Prep Tool to convert Enpass-setup.exe into the .intunewin format.

Step 2: Add the App in Intune

  1. Open the Microsoft Intune admin center.

  2. Navigate to Apps → Windows and select Add.

  3. In the Select app type window, select Windows app (Win32) from the App type dropdown.

  4. Click Select.

Step 3: App Information

  1. On the App information screen, select Select app package file.

  2. Select your converted .intunewin installer and click OK.

  3. Note the app name and version number, then click Next.

Step 4: Program

On the Program screen, configure the following:

Setting

Value

Install command

Enpass-setup.exe /ALLUSER /S

Uninstall command

/uninstall.exe /ALLUSER /S

Choose an Install behavior appropriate for your environment, then click Next.

Step 5: Requirements

Setting

Value

Operating system architecture

64-bit

Minimum operating system

Windows 10 (Version 1809, OS build 17763)

Click Next.

Step 6: Detection Rules

  1. From the Rules dropdown, select Manually configure detection rules.

  2. Click Add and configure:

Field

Value

Rule type

File

Path

C:\Program Files (x86)\Enpass

File or folder

Enpass.exe

Detection method

File or folder exists

Associated with a 32-bit app on 64-bit clients

No

Click Next through Dependencies.

Step 7: Assignments

Add the appropriate groups or users, then click Next.

Step 8: Review + Create

Review your settings and click Create.

Configuring App Policy via PowerShell Script

To apply policy-enforced and policy-email registry keys for each user, deploy the following PowerShell script via Devices → Manage devices → Scripts and remediations → Platform scripts.

Adding the Script

  1. In the Intune Portal, navigate to Devices → Manage devices.

  2. Select Scripts and remediations, then Platform scripts.

  3. Click Add and select Windows 10 and later.

  4. On the Basics screen, enter a name and description, then click Next.

  5. On the Script settings screen:

Setting

Value

Script file

Upload the .ps1 file below

Run this script using logged on credentials

No

Enforce script signature check

No

Run script in 64-bit PowerShell host

No

  1. On the Assignments screen, add your groups, then click Next.

  2. On the Review + add screen, click Add.

PowerShell Script

Save the following as a .ps1 file and upload it in the Script Location field:

# Fetch the User Principal Name (UPN)
$userUPN = whoami /UPN

# Validate UPN format
if ($userUPN -match '^[^@]+@[^@]+\.[^@]+$') {
    $registryPath = "HKCU:\SOFTWARE\Sinew Software Systems Pvt Ltd\Policy"

    if (-not (Test-Path $registryPath)) {
        New-Item -Path $registryPath -Force | Out-Null
    }

    Set-ItemProperty -Path $registryPath -Name "policy-email" -Value $userUPN
    Set-ItemProperty -Path $registryPath -Name "policy-enforced" -Value "true"

    Write-Host "Enpass policy keys set for: $userUPN"
} else {
    Write-Host "Error: Invalid UPN format detected: $userUPN"
}

This script assumes the user's email address matches their User Principal Name (UPN). Adjust the UPN retrieval method if your environment uses a different mapping.

For Citrix, VDI, or other non-persistent desktop environments, consider also setting policy-enforced-data-location to a path within the user's persistent profile (e.g. C:\Users\%USERNAME%\AppData\Roaming\Enpass) to ensure vault data is retained across sessions. Add a Set-ItemProperty line to the script above with this key and your target path.

Method 2: Microsoft Store App

Endpoint devices must have access to the Microsoft App Store and must support the Intune Management Extension (IME).

  1. In the Intune Portal, navigate to Apps → Windows and select Add.

  2. In the Select app type window, select Microsoft Store app (new) from the App type dropdown, then click Select.

  3. On the App information screen, click Search the Microsoft Store app (new).

  4. Search for Enpass Password Manager, select it, and click Select.

  5. Choose an Install behavior, then click Next.

  6. On the Assignments screen, add your groups, then click Next.

  7. On the Review + create screen, click Create.

Once deployed, apply the same PowerShell-based registry configuration described in the Configuring App Policy via PowerShell Script section above to set policy-enforced and policy-email for each user.