Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V


Office 365 msi

How to sign a MSI file for deployment with Microsoft Intune

If you want to use Microsoft Intune to deploy a MSI file it needs to be signed by a Code Signing Certificate. Most MSI’s from software vendors are signed already, but if you created a custom MSI (e.g. Office 365) by wrapping an EXE then you need to sign that MSI.

Using a MSI will enable Intune to push that software using the MDM channel. All MDM joined PC’s will be able to recieve this software.

Scenario this covers: I want to use Microsoft Intune to deploy apps and exe files to PC’s e.g. Office 2016/Custom Software

Step 1 – Buy or get a code certificate. If you do not have it, buy it here:

Step 2 – Download and Install Windows 7 SDK to get the signtool.exe get the SDK from here:
->Accept all defaults and do not change anything. It will prompt errors
->Check that you have the signtool.exe in this folder:
C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin

Step 3 – Get your certificate exported in a PXF file. and put it in the same folder as your MSI file.

Step 4 – Run CMD as administrator and input this command:

“C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\signtool.exe” sign /v /f “c:\exemsi\HaukebergCert.pfx” /p “PASSWORD” /t /v “C:\exemsi\OfficeProPlus.msi

sign ok
The password has been removed


Now you are ready to deploy this MSI file through the MDM channel

Follow this guide to deploy the MSI file in Microsoft Intune MDM channel


IT DEV Connections
We are covering MDM channel here

Adapted from these posts:

Convert Office 2016/365 click to run into a MSI

*UPDATED with new screenshots of Office 365 generator

You can use this free tool to create a Office 365/2016 MSI in order to deploy it with Microsoft Intune.

Office 365 install generator
Click Install Generator
Launch it and install it
Start New
Click Start New
Select 32 bit if a fresh install, if you have 32 bit installed you can not select 64 bit.
Feel free to add a lanugage
Just click Next
Remove stuff you do not want
Ensure you have the right edition or mabye you want to add 64 bit?
Of course you want automatic updates. Click next
Make it real silent. Don’t do Auto Activate
NEW: Self signing certificate. Remember to check and generate. If you do not do this there will be a UAC prompt
Could be anything
Give it a name and click save


You can manually sign the MSI

Or simply Deploy it to Microsoft Intune using the MDM channel.

Blog at

Up ↑

%d bloggers like this: