For Windows to be successfully updated regularly, administrators must diligently manage the application update process in Intune.

Managing the application update process in Intune is crucial for maintaining security, performance, and compatibility. Regular updates ensure that applications are fortified against security vulnerabilities, reducing the risk of breaches and data compromise. Bugs are fixed, performance is optimized, and new features are introduced, all contributing to a seamless user experience that enhances productivity. By centralizing control through Intune, IT administrators can efficiently ensure that updates are consistent across devices, limiting errors and compatibility issues. This approach also aligns with regulatory compliance standards, reduces support costs, and fosters future readiness by keeping businesses adaptable to evolving technology.

The Windows Application Update Process

Over time, you will have likely deployed a number of Win32 apps, but those apps need to be maintained or updated. You may need to update or replace a Win32 app based on a new version number.

In Microsoft Intune, supersedence is where you update or replace an instance of an existing Win32 application. This guide provides an overview of the supersedence feature.

Prerequisites: App supersedence can only be applied to Win32 apps (Apps deployed from the MS store or M365 Apps are automatically updated/patched).

Below is a demonstration of how to use Supersedence. In this example, we will replace the existing version of Notepad++ with a newer version through a Win32 App deployment.

1. Review existing deployed version

When you are planning to upgrade or replace an existing version of a Windows application with a new one, you should review the existing application deployed in your environment and identify all older versions which will be superseded by the new deployment. This information will be helpful when you create the supersedence relationship at a later stage.

2. Prepare Win32 App Installation Source for Intune

The Intune Prep Tool for Win32 apps allows the creation of a single package for deployment through Microsoft Intune.  We will use this tool to create an Intunewin package file for Notepad++ 7.9.1. The following steps are required for an Intunewin package creation.

  • Download the Intune prep tool (intuneWinAppUtil.exe)
  • Copy all the installation files and other supported files (if any) inside a single source folder (Notepad++ 7.9.1 in this case)
  • Copy the intuneWinAppUtil.exe outside of the installation source folder.
  • You can either launch the utility or open a command prompt and launch it from there. If launching from the command prompt, make sure to change the directory to the root of the folder you created (which contains the executable).
  • Run IntuneWinAppUtil.exe and provide the required input.

As you see below, the Intunewin file has been created in the root directory. This file will be uploaded into Intune at a later stage.

3. Setup and Deploy Win32 App Deployment in Endpoint Manager

Add Win32 App:

  • In the Endpoint Manager console (, select Apps > Windows App > Add
  • Select Windows app (Win32) from the App type drop-down list
  • Click on Select
  • Click on Select app package file
  • Browse to the folder where you kept the Intunewin file and select the file. Review the file information displayed and click on Ok.

App Information:

  • On the App information page, review and update the details as needed. You can update the description to reflect the new app version.
  • Click on Next


On the Program page, review and update the information as needed. We will go ahead with default values as it serves well for this MSI deployment.


On the Requirements page, update the deployment requirements for the application.  The following have been configured below but this is subject to change and based on preference.

Operating system architecture: 64-bit

Minimum operating system: Windows 10 1903

Detection rule:

  • The Detection rule is used to validate the presence of the app. We will use MSI product code for this deployment.
  • Select Manually configure detection rules from the Rules format drop-down list
  • Click on Add
  • Select Rule type > MSI
  • The MSI product code will populate automatically
  • Click on Ok

Review the Detection rule on the next page and click on Next


This app (Notepad ++) does not have any dependencies. So, we can simply skip this step. Click on Next.


  • Supersedence enables you to update and replace existing Win32 apps with newer versions of the same app.
  • Follow the below steps to add a supersedence relationship for the deployment.
  • In the Supersedence pane, click on Add

Type the name of the application in the search box to quickly find the version you want to replace (the older version of the application). Chose the application and click on Select. We have chosen Notepad++ version 7.8.9 here which will be replaced by the new version 7.9.1

-If you wish to replace an older version, then select Yes under Uninstall previous version.

Click on Next

Note: It is more effective to always test if an application is capable of upgrading.

Follow Microsoft documentation if you need further clarification on the supersedence behavior of an application.


  • In the Assignments pane, you can assign the application to an Azure AD Group. For demonstration purposes, we will deploy this application as a mandatory deployment to an Azure AD group named “App Notepad++ users”
  • Click on Add group under Required section.
  • Chose the Azure AD group and click on Select

Review the assignments and click on Next


In the Review + create pane, review the details and click on Create

The wizard will now create the application and upload the setup file to the Intune portal. Watch the notification area to validate the successful creation of the application.

4. Validate the Supersedence Deployment on Test Machine

To check the deployment status, go to Devices > Windows > <Computer Name>

The image below shows the old version of Notepad++ 7.8.9 is still installed. The status of the new version of Notepad++ 7.9.1 is Waiting for install status.

After some time you will see the new status as shown below. Notepad++ 7.9.1 is now Installed while the status of the old version (Notepad++ 7.8.9) is Not Installed.

As we configured the Supersedence rule, the older version of the application was uninstalled and the new version was installed successfully.

5. End-User Notifications

Application Downloaded:

The user received the toast notification below for the application download. The message clearly states that the targeted application will replace the existing application.

Note: The name for both applications are identical due to the version name not being added yet. It may be more effective to add the version name in the deployment name to avoid confusion for the end-user.

Application Uninstalled:

The toast notification below shows the uninstall of a previous version of the application.

Application Installed:

The toast notification below shows the new version of Notepad ++ installed successfully.

Download the Six Pillars of Modern Endpoint Management

Deep Dive Concepts such as:

  • Zero Trust
  • Passwordless Authentication
  • Zero Touch Provisioning
  • App Management
  • Over-The-Air Updates
  • Remote Support