If you want to use Microsoft Intune to deploy a MSI file it needs to be signed by a Code Signing Certificate. Most MSI’s from software vendors are signed already, but if you created a custom MSI (e.g. Office 365) by wrapping an EXE then you need to sign that MSI.
Using a MSI will enable Intune to push that software using the MDM channel. All MDM joined PC’s will be able to recieve this software.
Scenario this covers: I want to use Microsoft Intune to deploy apps and exe files to PC’s e.g. Office 2016/Custom Software
Step 1 – Buy or get a code certificate. If you do not have it, buy it here: https://www.digicert.com/code-signing/
Step 2 – Download and Install Windows 7 SDK to get the signtool.exe get the SDK from here: https://www.microsoft.com/en-us/download/confirmation.aspx?id=8279
->Accept all defaults and do not change anything. It will prompt errors
->Check that you have the signtool.exe in this folder: C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin
Step 3 – Get your certificate exported in a PXF file. and put it in the same folder as your MSI file.
Step 4 – Run CMD as administrator and input this command:
“C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\signtool.exe” sign /v /f “c:\exemsi\HaukebergCert.pfx” /p “PASSWORD” /t http://timestamp.digicert.com /v “C:\exemsi\OfficeProPlus.msi
Now you are ready to deploy this MSI file through the MDM channel
Follow this guide to deploy the MSI file in Microsoft Intune MDM channel