Skip to main content
Mobile app resources enable you to deploy and manage applications across all major platforms in Microsoft Intune.

Available Resources

Windows Applications

Win32 App

Resource: microsoft365_graph_beta_device_and_app_management_win32_appDeploy Win32 line-of-business apps with custom detection rules and requirements.

WinGet App

Resource: microsoft365_graph_beta_device_and_app_management_win_get_appDeploy apps from the Windows Package Manager repository.

Windows Web App

Resource: microsoft365_graph_beta_device_and_app_management_windows_web_appCreate web shortcuts for Windows devices.

Office Suite App

Resource: microsoft365_graph_beta_device_and_app_management_office_suite_appDeploy Microsoft 365 Apps (Office suite).

macOS Applications

macOS PKG App

Resource: microsoft365_graph_beta_device_and_app_management_macos_pkg_appDeploy macOS PKG installer packages.

macOS DMG App

Resource: microsoft365_graph_beta_device_and_app_management_macos_dmg_appDeploy macOS DMG applications.

macOS LOB App

Resource: microsoft365_graph_beta_device_and_app_management_macos_lob_appDeploy macOS line-of-business applications.

macOS VPP App

Resource: microsoft365_graph_beta_device_and_app_management_macos_vpp_appDeploy apps from Apple Business Manager (VPP).

iOS/iPadOS Applications

iOS Store App

Resource: microsoft365_graph_beta_device_and_app_management_ios_store_appDeploy apps from the Apple App Store.

iOS/iPadOS Web Clip

Resource: microsoft365_graph_beta_device_and_app_management_ios_ipados_web_clipCreate web shortcuts for iOS/iPadOS devices.

Android Applications

Android Managed Mobile App

Resource: microsoft365_graph_beta_device_and_app_management_android_managed_mobile_appDeploy Android managed apps.

Cross-Platform Resources

Application Category

Resource: microsoft365_graph_beta_device_and_app_management_application_categoryCreate custom app categories for organization.

Managed Mobile App

Resource: microsoft365_graph_beta_device_and_app_management_windows_managed_mobile_appManage Windows mobile apps with protection policies.

App Supersedence

Resource: microsoft365_graph_beta_device_and_app_management_mobile_app_supersedenceDefine app replacement relationships.

Win32 App Example

resource "microsoft365_graph_beta_device_and_app_management_win32_app" "firefox" {
  display_name    = "Mozilla Firefox 140.0.4 x64"
  description     = "Mozilla Firefox web browser"
  publisher       = "Mozilla"
  developer       = "Mozilla"
  display_version = "140.0.4.0"
  
  app_installer = {
    installer_file_path_source = "/path/to/Firefox_Setup.intunewin"
  }
  
  allowed_architectures             = ["x64", "arm64"]
  minimum_supported_windows_release = "Windows11_23H2"
  
  install_experience = {
    device_restart_behavior = "allow"
    max_run_time_in_minutes = 60
    run_as_account          = "system"
  }
  
  setup_file_path        = "Firefox Setup 140.0.4.msi"
  install_command_line   = "msiexec /i \"Firefox Setup 140.0.4.msi\" /qn"
  uninstall_command_line = "msiexec /x {1294A4C5-9977-480F-9497-C0EA1E630130} /qn"
  
  msi_information = {
    package_type    = "perMachine"
    product_code    = "{1294A4C5-9977-480F-9497-C0EA1E630130}"
    product_name    = "Mozilla Firefox 140.0.4"
    publisher       = "Mozilla"
    product_version = "140.0.4.0"
    requires_reboot = false
  }
  
  # Detection rule
  rules = [
    {
      rule_type                             = "detection"
      rule_sub_type                         = "powershell_script"
      enforce_signature_check               = true
      run_as_32_bit                         = true
      powershell_script_rule_operation_type = "notConfigured"
      lob_app_rule_operator                 = "notConfigured"
      script_content                        = <<EOT
$path = "$${env:ProgramFiles}\\Mozilla Firefox\\firefox.exe"
if (Test-Path $path) {
    exit 0
} else {
    exit 1
}
EOT
    }
  ]
  
  return_codes = [
    {
      return_code = 0
      type        = "success"
    },
    {
      return_code = 3010
      type        = "softReboot"
    },
    {
      return_code = 1641
      type        = "hardReboot"
    }
  ]
}

WinGet App Example

resource "microsoft365_graph_beta_device_and_app_management_win_get_app" "vscode" {
  display_name = "Visual Studio Code"
  description  = "Code editor"
  publisher    = "Microsoft Corporation"
  
  package_identifier = "Microsoft.VisualStudioCode"
  
  install_experience = {
    run_as_account = "user"
  }
}

macOS PKG App Example

resource "microsoft365_graph_beta_device_and_app_management_macos_pkg_app" "company_portal" {
  display_name = "Company Portal"
  description  = "Microsoft Intune Company Portal for macOS"
  publisher    = "Microsoft Corporation"
  
  # Configuration details
}

iOS Store App Example

resource "microsoft365_graph_beta_device_and_app_management_ios_store_app" "edge" {
  display_name        = "Microsoft Edge"
  description         = "Web browser for iOS"
  publisher           = "Microsoft Corporation"
  bundle_id           = "com.microsoft.msedge"
  applicable_device_type = {
    ipad  = true
    iphone = true
  }
}

iOS/iPadOS Web Clip Example

resource "microsoft365_graph_beta_device_and_app_management_ios_ipados_web_clip" "company_portal" {
  display_name = "Company Portal Web"
  url          = "https://portal.manage.microsoft.com"
  
  app_icon = {
    icon_url_source = "https://example.com/icon.png"
  }
}

Detection Rules

Win32 apps support multiple detection rule types:

PowerShell Script Detection

rules = [
  {
    rule_type                             = "detection"
    rule_sub_type                         = "powershell_script"
    enforce_signature_check               = false
    run_as_32_bit                         = false
    powershell_script_rule_operation_type = "notConfigured"
    lob_app_rule_operator                 = "notConfigured"
    script_content                        = <<EOT
# Check if app is installed
$path = "C:\\Program Files\\MyApp\\app.exe"
if (Test-Path $path) {
    $version = (Get-Item $path).VersionInfo.FileVersion
    if ($version -ge "1.0.0") {
        exit 0  # App detected
    }
}
exit 1  # App not detected
EOT
  }
]

File System Detection

rules = [
  {
    rule_type                  = "detection"
    rule_sub_type              = "file_system"
    check_32_bit_on_64_system  = false
    path                       = "C:\\Program Files\\MyApp"
    file_or_folder_name        = "app.exe"
    file_system_operation_type = "exists"
    lob_app_rule_operator      = "notConfigured"
  }
]

Registry Detection

rules = [
  {
    rule_type                 = "detection"
    rule_sub_type             = "registry"
    check_32_bit_on_64_system = false
    key_path                  = "HKLM\\SOFTWARE\\MyApp"
    value_name                = "Version"
    operation_type            = "exists"
    lob_app_rule_operator     = "notConfigured"
  }
]

App Supersedence

Define app replacement relationships: 
resource "microsoft365_graph_beta_device_and_app_management_mobile_app_supersedence" "firefox_upgrade" {
  superseding_app_id = microsoft365_graph_beta_device_and_app_management_win32_app.firefox_new.id
  superseded_app_id  = microsoft365_graph_beta_device_and_app_management_win32_app.firefox_old.id
  
  supersedence_type = "update"
}

Import Syntax

# Import Win32 app
terraform import microsoft365_graph_beta_device_and_app_management_win32_app.firefox <app-id>

# Import WinGet app
terraform import microsoft365_graph_beta_device_and_app_management_win_get_app.vscode <app-id>

# Import iOS Store app
terraform import microsoft365_graph_beta_device_and_app_management_ios_store_app.edge <app-id>

# Import macOS PKG app
terraform import microsoft365_graph_beta_device_and_app_management_macos_pkg_app.portal <app-id>

Schema Reference

For complete schema documentation including all attributes, refer to the Terraform Registry documentation for each resource.

Build docs developers (and LLMs) love

Get started for freeTalk to us