Public/Add-IntuneWin32App.ps1

function Add-IntuneWin32App {
    <#
    .SYNOPSIS
        Create a new Win32 application in Microsoft Intune.
 
    .DESCRIPTION
        Create a new Win32 application in Microsoft Intune.
 
    .PARAMETER FilePath
        Specify a local path to where the win32 app .intunewin file is located.
 
    .PARAMETER DisplayName
        Specify a display name for the Win32 application.
     
    .PARAMETER Description
        Specify a description for the Win32 application.
     
    .PARAMETER Publisher
        Specify a publisher name for the Win32 application.
 
    .PARAMETER AppVersion
        Specify the app version for the Win32 application.
     
    .PARAMETER Developer
        Specify the developer name for the Win32 application.
 
    .PARAMETER Owner
        Specify the owner property for the Win32 application.
 
    .PARAMETER Notes
        Specify the notes property for the Win32 application.
 
    .PARAMETER InformationURL
        Specify the information URL for the Win32 application.
     
    .PARAMETER PrivacyURL
        Specify the privacy URL for the Win32 application.
     
    .PARAMETER CompanyPortalFeaturedApp
        Specify whether to have the Win32 application featured in Company Portal or not.
 
    .PARAMETER CategoryName
        Specify the name of either a single or an array of category names for the Win32 application.
 
    .PARAMETER InstallCommandLine
        Specify the install command line for the Win32 application.
     
    .PARAMETER UninstallCommandLine
        Specify the uninstall command line for the Win32 application.
 
    .PARAMETER InstallExperience
        Specify the install experience for the Win32 application. Supported values are: system or user.
     
    .PARAMETER RestartBehavior
        Specify the restart behavior for the Win32 application. Supported values are: allow, basedOnReturnCode, suppress or force.
 
    .PARAMETER MaximumInstallationTimeInMinutes
        Specify the maximum installation time in minutes for the Win32 application (default is 60 minutes).
 
    .PARAMETER AllowAvailableUninstall
        Specify whether to allow the Win32 application to be uninstalled from the Company Portal app when assigned as available.
     
    .PARAMETER DetectionRule
        Provide an array of a single or multiple OrderedDictionary objects as detection rules that will be used for the Win32 application.
 
    .PARAMETER RequirementRule
        Provide an OrderedDictionary object as requirement rule that will be used for the Win32 application.
 
    .PARAMETER AdditionalRequirementRule
        Provide an array of OrderedDictionary objects as additional requirement rule, e.g. for file, registry or script rules, that will be used for the Win32 application.
 
    .PARAMETER ReturnCode
        Provide an array of a single or multiple hash-tables for the Win32 application with return code information.
 
    .PARAMETER Icon
        Provide a Base64 encoded string of the PNG/JPG/JPEG file.
 
    .PARAMETER ScopeTagName
        Specify the name of either a single or an array of Scope Tag names to be set instead of the Default tag.
 
    .PARAMETER UseAzCopy
        Specify the UseAzCopy parameter switch when adding an application with source files larger than 500MB.
 
    .PARAMETER AzCopyWindowStyle
        Specify whether the AzCopy content transfer progress should use -WindowStyle Hidden or -NoNewWindow parameters for Start-Process. NoNewWindow will show transfer output, Hidden will not show progress but will support multi-threaded jobs.
 
    .PARAMETER UnattendedInstall
        Specify to enforce the MSI installer to run silently, with /quiet added to the install command line of the Win32 application.
 
    .PARAMETER UnattendedUninstall
        Specify to enforce the MSI installer to run silently, with /quiet added to the uninstall command line of the Win32 application.
 
    .NOTES
        Author: Nickolaj Andersen
        Contact: @NickolajA
        Created: 2020-01-04
        Updated: 2023-09-02
 
        Version history:
        1.0.0 - (2020-01-04) Function created
        1.0.1 - (2020-01-27) Added support for RequirementRule parameter input
        1.0.2 - (2020-09-20) Added support for Owner, Notes, InformationURL, PrivacyURL and CompanyPortalFeaturedApp parameter inputs
        1.0.3 - (2021-04-01) Removed unused comments
        1.0.4 - (2021-04-01) Updated token expired message to a warning instead of verbose output
        1.0.5 - (2021-08-31) Updated to use new authentication header
        1.0.6 - (2021-08-31) Added AppVersion optional parameter
        1.0.7 - (2022-09-02) Removed break command that would prevent the Win32 app body JSON output from being display in case an error occured
        1.0.8 - (2022-10-02) Added UseAzCopy parameter switch to override the native transfer method. Specify the UseAzCopy parameter switch when uploading large applications.
                             Added fallback removal code for the cleanup operation at the end of this function, since OneDrive's Files On Demand feature sometimes blocks the
                             expanded .intunewin file cleanup process.
        1.0.9 - (2023-01-20) Added parameter AzCopyWindowStyle and ScopeTagName. Updated regex pattern for .intunewin file and parameter FilePath.
                             Added support for specifying Scope Tags when creating the Win 32 app, using the ScopeTagName parameter. Added UnattendedInstall and
                             UnattendedUninstall parameters for MSI parameter set, to automatically add /quiet to the respectively generated command line.
                             Added CategoryName parameter. UseAzCopy parameter will now only be allowed if content size is 100MB or more.
        1.1.0 - (2023-03-17) Added parameter switch AllowAvailableUninstall. Fixed issue #77 related to scope tags and custom roles.
        1.1.1 - (2023-09-02) Added parameter MaximumInstallationTimeInMinutes. Updated with Test-AccessToken function.
    #>

    [CmdletBinding(SupportsShouldProcess=$true, DefaultParameterSetName = "MSI")]
    param(
        [parameter(Mandatory = $true, ParameterSetName = "MSI", HelpMessage = "Specify a local path to where the win32 app .intunewin file is located.")]
        [parameter(Mandatory = $true, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [ValidateScript({
            # Check if file name contains any invalid characters
            if ((Split-Path -Path $_ -Leaf).IndexOfAny([IO.Path]::GetInvalidFileNameChars()) -ge 0) {
                throw "File name '$(Split-Path -Path $_ -Leaf)' contains invalid characters"
            }
            else {
                # Check if full path exist
                if (Test-Path -Path $_) {
                    # Check if file extension is intunewin
                    if ([System.IO.Path]::GetExtension((Split-Path -Path $_ -Leaf)) -like ".intunewin") {
                        return $true
                    }
                    else {
                        throw "Given file name '$(Split-Path -Path $_ -Leaf)' contains an unsupported file extension. Supported extension is '.intunewin'"
                    }
                }
                else {
                    throw "File or folder does not exist"
                }
            }
        })]
        [string]$FilePath,

        [parameter(Mandatory = $true, ParameterSetName = "MSI", HelpMessage = "Specify a display name for the Win32 application.")]
        [parameter(Mandatory = $true, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [string]$DisplayName,

        [parameter(Mandatory = $true, ParameterSetName = "MSI", HelpMessage = "Specify a description for the Win32 application.")]
        [parameter(Mandatory = $true, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [string]$Description,

        [parameter(Mandatory = $true, ParameterSetName = "MSI", HelpMessage = "Specify a publisher name for the Win32 application.")]
        [parameter(Mandatory = $true, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [string]$Publisher,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify the app version for the Win32 application.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [string]$AppVersion = [string]::Empty,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify the developer name for the Win32 application.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [string]$Developer = [string]::Empty,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify the owner property for the Win32 application.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [string]$Owner = [string]::Empty,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify the notes property for the Win32 application.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [string]$Notes = [string]::Empty,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify the information URL for the Win32 application.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [ValidatePattern("(http[s]?|[s]?ftp[s]?)(:\/\/)([^\s,]+)")]
        [string]$InformationURL = [string]::Empty,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify the privacy URL for the Win32 application.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [ValidatePattern("(http[s]?|[s]?ftp[s]?)(:\/\/)([^\s,]+)")]
        [string]$PrivacyURL = [string]::Empty,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify whether to have the Win32 application featured in Company Portal or not.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [bool]$CompanyPortalFeaturedApp = $false,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify the name of either a single or an array of category names for the Win32 application.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [string[]]$CategoryName,

        [parameter(Mandatory = $true, ParameterSetName = "EXE", HelpMessage = "Specify the install command line for the Win32 application.")]
        [ValidateNotNullOrEmpty()]
        [string]$InstallCommandLine,

        [parameter(Mandatory = $true, ParameterSetName = "EXE", HelpMessage = "Specify the uninstall command line for the Win32 application.")]
        [ValidateNotNullOrEmpty()]
        [string]$UninstallCommandLine,

        [parameter(Mandatory = $true, ParameterSetName = "MSI", HelpMessage = "Specify the install experience for the Win32 application. Supported values are: system or user.")]
        [parameter(Mandatory = $true, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [ValidateSet("system", "user")]
        [string]$InstallExperience,

        [parameter(Mandatory = $true, ParameterSetName = "MSI", HelpMessage = "Specify the restart behavior for the Win32 application. Supported values are: allow, basedOnReturnCode, suppress or force.")]
        [parameter(Mandatory = $true, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [ValidateSet("allow", "basedOnReturnCode", "suppress", "force")]
        [string]$RestartBehavior,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify the maximum installation time in minutes for the Win32 application (default is 60 minutes).")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [ValidateRange(1, 1440)]
        [int]$MaximumInstallationTimeInMinutes = 60,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify whether to allow the Win32 application to be uninstalled from the Company Portal app when assigned as available.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [switch]$AllowAvailableUninstall,

        [parameter(Mandatory = $true, ParameterSetName = "MSI", HelpMessage = "Provide an array of a single or multiple OrderedDictionary objects as detection rules that will be used for the Win32 application.")]
        [parameter(Mandatory = $true, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [System.Collections.Specialized.OrderedDictionary[]]$DetectionRule,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Provide an OrderedDictionary object as requirement rule that will be used for the Win32 application.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [System.Collections.Specialized.OrderedDictionary]$RequirementRule,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Provide an array of OrderedDictionary objects as additional requirement rule, e.g. for file, registry or script rules, that will be used for the Win32 application.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [System.Collections.Specialized.OrderedDictionary[]]$AdditionalRequirementRule,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Provide an array of a single or multiple hash-tables for the Win32 application with return code information.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [System.Collections.Hashtable[]]$ReturnCode,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Provide a Base64 encoded string of the PNG/JPG/JPEG file.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [string]$Icon,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify the name of either a single or an array of Scope Tag names to be set instead of the Default tag.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [string[]]$ScopeTagName,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify the UseAzCopy parameter switch when adding an application with source files larger than 500MB.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [switch]$UseAzCopy,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify whether the AzCopy content transfer progress should use -WindowStyle Hidden or -NoNewWindow parameters for Start-Process. NoNewWindow will show transfer output, Hidden will not show progress but will support multi-threaded jobs.")]
        [parameter(Mandatory = $false, ParameterSetName = "EXE")]
        [ValidateNotNullOrEmpty()]
        [ValidateSet("Hidden", "NoNewWindow")]
        [string]$AzCopyWindowStyle = "NoNewWindow",

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify to enforce the MSI installer to run silently, with /quiet added to the install command line of the Win32 application.")]
        [ValidateNotNullOrEmpty()]
        [switch]$UnattendedInstall,

        [parameter(Mandatory = $false, ParameterSetName = "MSI", HelpMessage = "Specify to enforce the MSI installer to run silently, with /quiet added to the uninstall command line of the Win32 application.")]
        [ValidateNotNullOrEmpty()]
        [switch]$UnattendedUninstall
    )
    Begin {
        # Ensure required authentication header variable exists
        if ($Global:AuthenticationHeader -eq $null) {
            Write-Warning -Message "Authentication token was not found, use Connect-MSIntuneGraph before using this function"; break
        }
        else {
            if ((Test-AccessToken) -eq $false) {
                Write-Warning -Message "Existing token found but has expired, use Connect-MSIntuneGraph to request a new authentication token"; break
            }
        }

        # Set script variable for error action preference
        $ErrorActionPreference = "Stop"
    }
    Process {
        try {
            # Attempt to gather all possible meta data from specified .intunewin file
            Write-Verbose -Message "Attempting to gather additional meta data from .intunewin file: $($FilePath)"
            $IntuneWinXMLMetaData = Get-IntuneWin32AppMetaData -FilePath $FilePath -ErrorAction Stop

            if ($IntuneWinXMLMetaData -ne $null) {
                Write-Verbose -Message "Successfully gathered additional meta data from .intunewin file"

                # Get scope tag identifier if parameter is passed on command line
                if ($PSBoundParameters["ScopeTagName"]) {
                    $ScopeTagList = New-Object -TypeName "System.Collections.ArrayList"
                    foreach ($ScopeTagItem in $ScopeTagName) {
                        # Ensure a Scope Tag exist by given name from parameter input
                        Write-Verbose -Message "Querying for specified Scope Tag: $($ScopeTagItem)"
                        $ScopeTag = (Invoke-IntuneGraphRequest -APIVersion "Beta" -Route "deviceManagement" -Resource "getRoleScopeTagsByResource(resource='MobileApps')?`$filter=displayName eq '$($ScopeTagItem)'" -Method "GET" -ErrorAction "Stop").value
                        if ($ScopeTag -ne $null) {
                            Write-Verbose -Message "Found Scope Tag with display name '$($ScopeTag.displayName)' and id: $($ScopeTag.id)"
                            $ScopeTagList.Add($ScopeTag.id) | Out-Null
                        }
                        else {
                            Write-Warning -Message "Could not find Scope Tag with display name: '$($ScopeTagItem)'"
                        }
                    }
                }

                # Get category identifier if parameter is passed on the command line
                if ($PSBoundParameters["CategoryName"]) {
                    $CategoryList = New-Object -TypeName "System.Collections.ArrayList"
                    foreach ($CategoryNameItem in $CategoryName) {
                        # Ensure category exist by given name from parameter input
                        Write-Verbose -Message "Querying for specified Category: $($CategoryNameItem)"
                        $Category = (Invoke-IntuneGraphRequest -APIVersion "Beta" -Resource "mobileAppCategories?`$filter=displayName eq '$([System.Web.HttpUtility]::UrlEncode($CategoryNameItem))'" -Method "GET" -ErrorAction "Stop").value
                        if ($Category -ne $null) {
                            $PSObject = [PSCustomObject]@{
                                id = $Category.id
                                displayName = $Category.displayName
                            }
                            $CategoryList.Add($PSObject) | Out-Null
                        }
                        else {
                            Write-Warning -Message "Could not find category with name '$($CategoryNameItem)' or provided name resulted in multiple matches which is not supported"
                        }
                    }
                }
                
                # Generate Win32 application body data table with different parameters based upon parameter set name
                Write-Verbose -Message "Start constructing basic layout of Win32 app body"
                switch ($PSCmdlet.ParameterSetName) {
                    "MSI" {
                        # Determine the execution context of the MSI installer and define the installation purpose
                        $MSIExecutionContext = $IntuneWinXMLMetaData.ApplicationInfo.MsiInfo.MsiExecutionContext
                        $MSIInstallPurpose = "DualPurpose"
                        switch ($MSIExecutionContext) {
                            "System" {
                                $MSIInstallPurpose = "PerMachine"
                            }
                            "User" {
                                $MSIInstallPurpose = "PerUser"
                            }
                        }

                        # Handle special meta data variable values
                        $MSIRequiresReboot = $IntuneWinXMLMetaData.ApplicationInfo.MsiInfo.MsiRequiresReboot
                        switch ($MSIRequiresReboot) {
                            "true" {
                                $MSIRequiresReboot = $true
                            }
                            "false" {
                                $MSIRequiresReboot = $false
                            }
                        }

                        # Handle special parameter inputs
                        if (-not($PSBoundParameters["DisplayName"])) {
                            $DisplayName = $IntuneWinXMLMetaData.ApplicationInfo.Name
                        }
                        if (-not($PSBoundParameters["Description"])) {
                            $Description = $IntuneWinXMLMetaData.ApplicationInfo.Name
                        }
                        if (-not($PSBoundParameters["Publisher"])) {
                            $Publisher = $IntuneWinXMLMetaData.ApplicationInfo.MsiInfo.MsiPublisher
                        }
                        if (-not($PSBoundParameters["Developer"])) {
                            $Developer = [string]::Empty
                        }
                        
                        # Generate Win32 application body
                        $AppBodySplat = @{
                            "MSI" = $true
                            "DisplayName" = $DisplayName
                            "Description" = $Description
                            "Publisher" = $Publisher
                            "AppVersion" = $AppVersion
                            "Developer" = $Developer
                            "Owner" = $Owner
                            "Notes" = $Notes
                            "InformationURL" = $InformationURL
                            "PrivacyURL" = $PrivacyURL
                            "CompanyPortalFeaturedApp" = $CompanyPortalFeaturedApp
                            "FileName" = $IntuneWinXMLMetaData.ApplicationInfo.FileName
                            "SetupFileName" = $IntuneWinXMLMetaData.ApplicationInfo.SetupFile
                            "InstallExperience" = $InstallExperience
                            "RestartBehavior" = $RestartBehavior
                            "MaximumInstallationTimeInMinutes" = $MaximumInstallationTimeInMinutes
                            "MSIInstallPurpose" = $MSIInstallPurpose
                            "MSIProductCode" = $IntuneWinXMLMetaData.ApplicationInfo.MsiInfo.MsiProductCode
                            "MSIProductName" = $DisplayName
                            "MSIProductVersion" = $IntuneWinXMLMetaData.ApplicationInfo.MsiInfo.MsiProductVersion
                            "MSIRequiresReboot" = $MSIRequiresReboot
                            "MSIUpgradeCode" = $IntuneWinXMLMetaData.ApplicationInfo.MsiInfo.MsiUpgradeCode
                        }
                        if ($PSBoundParameters["Icon"]) {
                            $AppBodySplat.Add("Icon", $Icon)
                        }
                        if ($PSBoundParameters["RequirementRule"]) {
                            $AppBodySplat.Add("RequirementRule", $RequirementRule)
                        }
                        if ($PSBoundParameters["ScopeTagName"]) {
                            if ($ScopeTagList.Count -ge 1) {
                                $AppBodySplat.Add("ScopeTagList", $ScopeTagList)
                            }
                        }
                        if ($PSBoundParameters["CategoryName"]) {
                            if ($CategoryList.Count -ge 1) {
                                $AppBodySplat.Add("CategoryList", $CategoryList)
                            }
                        }
                        if ($UnattendedInstall) {
                            $AppBodySplat.Add("UnattendedInstall", $true)
                        }
                        if ($UnattendedUninstall) {
                            $AppBodySplat.Add("UnattendedUninstall", $true)
                        }
                        if ($AllowAvailableUninstall) {
                            $AppBodySplat.Add("AllowAvailableUninstall", $true)
                        }

                        $Win32AppBody = New-IntuneWin32AppBody @AppBodySplat
                        Write-Verbose -Message "Constructed the basic layout for 'MSI' Win32 app body type"
                    }
                    "EXE" {
                        # Generate Win32 application body
                        $AppBodySplat = @{
                            "EXE" = $true
                            "DisplayName" = $DisplayName
                            "Description" = $Description
                            "Publisher" = $Publisher
                            "AppVersion" = $AppVersion
                            "Developer" = $Developer
                            "Owner" = $Owner
                            "Notes" = $Notes
                            "InformationURL" = $InformationURL
                            "PrivacyURL" = $PrivacyURL
                            "CompanyPortalFeaturedApp" = $CompanyPortalFeaturedApp
                            "FileName" = $IntuneWinXMLMetaData.ApplicationInfo.FileName
                            "SetupFileName" = $IntuneWinXMLMetaData.ApplicationInfo.SetupFile
                            "InstallExperience" = $InstallExperience
                            "RestartBehavior" = $RestartBehavior
                            "MaximumInstallationTimeInMinutes" = $MaximumInstallationTimeInMinutes
                            "InstallCommandLine" = $InstallCommandLine
                            "UninstallCommandLine" = $UninstallCommandLine
                        }
                        if ($PSBoundParameters["Icon"]) {
                            $AppBodySplat.Add("Icon", $Icon)
                        }
                        if ($PSBoundParameters["RequirementRule"]) {
                            $AppBodySplat.Add("RequirementRule", $RequirementRule)
                        }
                        if ($PSBoundParameters["ScopeTagName"]) {
                            if ($ScopeTagList.Count -ge 1) {
                                $AppBodySplat.Add("ScopeTagList", $ScopeTagList)
                            }
                        }
                        if ($PSBoundParameters["CategoryName"]) {
                            if ($CategoryList.Count -ge 1) {
                                $AppBodySplat.Add("CategoryList", $CategoryList)
                            }
                        }
                        if ($AllowAvailableUninstall) {
                            $AppBodySplat.Add("AllowAvailableUninstall", $true)
                        }

                        $Win32AppBody = New-IntuneWin32AppBody @AppBodySplat
                        Write-Verbose -Message "Constructed the basic layout for 'EXE' Win32 app body type"
                    }
                }

                # Validate that correct detection rules have been passed on command line, only 1 PowerShell script based detection rule is allowed
                if (($DetectionRule.'@odata.type' -contains "#microsoft.graph.win32LobAppPowerShellScriptDetection") -and (@($DetectionRules).'@odata.type'.Count -gt 1)) {
                    Write-Warning -Message "Multiple PowerShell Script detection rules were detected, this is not a supported configuration"; break
                }
               
                # Add detection rules to Win32 app body object
                Write-Verbose -Message "Detection rule objects passed validation checks, attempting to add to existing Win32 app body"
                $Win32AppBody.Add("detectionRules", $DetectionRule)

                # Retrieve the default return codes for a Win32 app
                Write-Verbose -Message "Retrieving default set of return codes for Win32 app body construction"
                $DefaultReturnCodes = Get-IntuneWin32AppDefaultReturnCode

                # Add custom return codes from parameter input to default set of objects
                if ($PSBoundParameters["ReturnCode"]) {
                    Write-Verbose -Message "Additional return codes where passed as command line input, adding to array of default return codes"
                    foreach ($ReturnCodeItem in $ReturnCode) {
                        $DefaultReturnCodes += $ReturnCodeItem
                    }
                }

                # Add return codes to Win32 app body object
                Write-Verbose -Message "Adding array of return codes to Win32 app body construction"
                $Win32AppBody.Add("returnCodes", $DefaultReturnCodes)

                # Add additional requirement rules to Win32 app body object
                if ($PSBoundParameters["AdditionalRequirementRule"]) {
                    $Win32AppBody.Add("requirementRules", $AdditionalRequirementRule)
                }

                # Create the Win32 app
                Write-Verbose -Message "Attempting to create Win32 app using constructed body converted to JSON content"
                $Win32MobileAppRequest = Invoke-IntuneGraphRequest -APIVersion "Beta" -Resource "mobileApps" -Method "POST" -Body ($Win32AppBody | ConvertTo-Json)
                if ($Win32MobileAppRequest.'@odata.type' -notlike "#microsoft.graph.win32LobApp") {
                    Write-Warning -Message "Failed to create Win32 app using constructed body. Passing converted body as JSON to output."
                    Write-Warning -Message ($Win32AppBody | ConvertTo-Json); break
                }
                else {
                    Write-Verbose -Message "Successfully created Win32 app with ID: $($Win32MobileAppRequest.id)"

                    # Invoke request to setup the reference pointers of each category added to the Win32 app
                    if ($PSBoundParameters["CategoryName"]) {
                        if ($CategoryList.Count -ge 1) {
                            foreach ($CategoryItem in $CategoryList) {
                                $CategoryBodyTable = @{
                                    "@odata.id" = "https://graph.microsoft.com/beta/deviceAppManagement/mobileAppCategories/$($CategoryItem.id)"
                                }
                                Write-Verbose -Message "Adding '$($CategoryItem.DisplayName)' reference to Win32 app with category ID: $($CategoryItem.id)"
                                $Win32AppCategoryReference = Invoke-IntuneGraphRequest -APIVersion "Beta" -Resource "mobileApps/$($Win32MobileAppRequest.id)/categories/`$ref" -Method "POST" -Body ($CategoryBodyTable | ConvertTo-Json)
                            }
                        }
                    }

                    # Create Content Version for the Win32 app
                    Write-Verbose -Message "Attempting to create contentVersions resource for the Win32 app"
                    $Win32MobileAppContentVersionRequest = Invoke-IntuneGraphRequest -APIVersion "Beta" -Resource "mobileApps/$($Win32MobileAppRequest.id)/microsoft.graph.win32LobApp/contentVersions" -Method "POST" -Body "{}"
                    if ([string]::IsNullOrEmpty($Win32MobileAppContentVersionRequest.id)) {
                        Write-Warning -Message "Failed to create contentVersions resource for Win32 app"
                    }
                    else {
                        Write-Verbose -Message "Successfully created contentVersions resource with ID: $($Win32MobileAppContentVersionRequest.id)"

                        # Extract compressed .intunewin file to subfolder
                        $IntuneWinFilePath = Expand-IntuneWin32AppCompressedFile -FilePath $FilePath -FileName $IntuneWinXMLMetaData.ApplicationInfo.FileName -FolderName "Expand"
                        if ($IntuneWinFilePath -ne $null) {
                            # Create a new file entry in Intune for the upload of the .intunewin file
                            Write-Verbose -Message "Constructing Win32 app content file body for uploading of .intunewin file"
                            $Win32AppFileBody = [ordered]@{
                                "@odata.type" = "#microsoft.graph.mobileAppContentFile"
                                #"name" = $IntuneWinXMLMetaData.ApplicationInfo.FileName
                                "name" = [System.IO.Path]::GetFileName($FilePath)
                                "size" = [int64]$IntuneWinXMLMetaData.ApplicationInfo.UnencryptedContentSize
                                "sizeEncrypted" = (Get-Item -Path $IntuneWinFilePath).Length
                                "manifest" = $null
                                "isDependency" = $false
                            }

                            # Create the contentVersions files resource
                            $Win32MobileAppFileContentRequest = Invoke-IntuneGraphRequest -APIVersion "Beta" -Resource "mobileApps/$($Win32MobileAppRequest.id)/microsoft.graph.win32LobApp/contentVersions/$($Win32MobileAppContentVersionRequest.id)/files" -Method "POST" -Body ($Win32AppFileBody | ConvertTo-Json)
                            if ([string]::IsNullOrEmpty($Win32MobileAppFileContentRequest.id)) {
                                Write-Warning -Message "Failed to create Azure Storage blob for contentVersions/files resource for Win32 app"
                            }
                            else {
                                # Wait for the Win32 app file content URI to be created
                                Write-Verbose -Message "Waiting for Intune service to process contentVersions/files request"
                                $FilesUri = "mobileApps/$($Win32MobileAppRequest.id)/microsoft.graph.win32LobApp/contentVersions/$($Win32MobileAppContentVersionRequest.id)/files/$($Win32MobileAppFileContentRequest.id)"
                                $ContentVersionsFiles = Wait-IntuneWin32AppFileProcessing -Stage "AzureStorageUriRequest" -Resource $FilesUri

                                # Upload .intunewin file to Azure Storage blob
                                if ($PSBoundParameters["UseAzCopy"]) {
                                    $ContentSize = [System.Math]::Round($Win32AppFileBody.size / 1MB, 2)
                                    if ($ContentSize -lt 100) {
                                        Write-Verbose -Message "Content size is less than 100MB, falling back to using native method for file transfer"
                                        Invoke-AzureStorageBlobUpload -StorageUri $ContentVersionsFiles.azureStorageUri -FilePath $IntuneWinFilePath -Resource $FilesUri
                                    }
                                    else {
                                        try {
                                            Write-Verbose -Message "Using AzCopy.exe method for file transfer"
                                            $SplatArgs = @{
                                                StorageUri = $ContentVersionsFiles.azureStorageUri
                                                FilePath = $IntuneWinFilePath
                                                Resource = $FilesUri
                                                WindowStyle = $AzCopyWindowStyle
                                                ErrorAction = "Stop"
                                            }
                                            Invoke-AzureCopyUtility @SplatArgs
                                        }
                                        catch [System.Exception] {
                                            Write-Verbose -Message "AzCopy.exe transfer method failed with exception message: $($_.Exception.Message)"
                                            Write-Verbose -Message "Falling back to native method"
                                            Invoke-AzureStorageBlobUpload -StorageUri $ContentVersionsFiles.azureStorageUri -FilePath $IntuneWinFilePath -Resource $FilesUri
                                        }
                                    }
                                }
                                else {
                                    Write-Verbose -Message "Using native method for file transfer"
                                    Invoke-AzureStorageBlobUpload -StorageUri $ContentVersionsFiles.azureStorageUri -FilePath $IntuneWinFilePath -Resource $FilesUri
                                }

                                # Retrieve encryption meta data from .intunewin file
                                $IntuneWinEncryptionInfo = [ordered]@{
                                    "encryptionKey" = $IntuneWinXMLMetaData.ApplicationInfo.EncryptionInfo.EncryptionKey
                                    "macKey" = $IntuneWinXMLMetaData.ApplicationInfo.EncryptionInfo.macKey
                                    "initializationVector" = $IntuneWinXMLMetaData.ApplicationInfo.EncryptionInfo.initializationVector
                                    "mac" = $IntuneWinXMLMetaData.ApplicationInfo.EncryptionInfo.mac
                                    "profileIdentifier" = "ProfileVersion1"
                                    "fileDigest" = $IntuneWinXMLMetaData.ApplicationInfo.EncryptionInfo.fileDigest
                                    "fileDigestAlgorithm" = $IntuneWinXMLMetaData.ApplicationInfo.EncryptionInfo.fileDigestAlgorithm
                                }
                                $IntuneWinFileEncryptionInfo = @{
                                    "fileEncryptionInfo" = $IntuneWinEncryptionInfo
                                }

                                # Create file commit request
                                $CommitResource = "mobileApps/$($Win32MobileAppRequest.id)/microsoft.graph.win32LobApp/contentVersions/$($Win32MobileAppContentVersionRequest.id)/files/$($Win32MobileAppFileContentRequest.id)/commit"
                                $Win32AppFileCommitRequest = Invoke-IntuneGraphRequest -APIVersion "Beta" -Resource $CommitResource -Method "POST" -Body ($IntuneWinFileEncryptionInfo | ConvertTo-Json)

                                # Wait for Intune service to process the commit file request
                                Write-Verbose -Message "Waiting for Intune service to process the commit file request"
                                $CommitFileRequest = Wait-IntuneWin32AppFileProcessing -Stage "CommitFile" -Resource $FilesUri

                                switch ($CommitFileRequest.uploadState) {
                                    "commitFileFailed" {
                                        Write-Warning -Message "Failed to create Win32 app, commit file request operation failed"
                                    }
                                    "commitFileTimedOut" {
                                        Write-Warning -Message "Failed to create Win32 app, commit file request operation timed out"
                                    }
                                    default {
                                        # Update committedContentVersion property for Win32 app
                                        Write-Verbose -Message "Updating committedContentVersion property with ID '$($Win32MobileAppContentVersionRequest.id)' for Win32 app with ID: $($Win32MobileAppRequest.id)"
                                        $Win32AppFileCommitBody = [ordered]@{
                                            "@odata.type" = "#microsoft.graph.win32LobApp"
                                            "committedContentVersion" = $Win32MobileAppContentVersionRequest.id
                                        }
                                        $Win32AppFileCommitBodyRequest = Invoke-IntuneGraphRequest -APIVersion "Beta" -Resource "mobileApps/$($Win32MobileAppRequest.id)" -Method "PATCH" -Body ($Win32AppFileCommitBody | ConvertTo-Json)

                                        # Handle return output
                                        Write-Verbose -Message "Successfully created Win32 app and committed file content to Azure Storage blob"
                                        $Win32MobileAppRequest = Invoke-IntuneGraphRequest -APIVersion "Beta" -Resource "mobileApps/$($Win32MobileAppRequest.id)" -Method "GET"
                                        Write-Output -InputObject $Win32MobileAppRequest
                                    }
                                }                                
                            }

                            try {
                                # Cleanup extracted .intunewin file in Extract folder
                                Remove-Item -Path (Split-Path -Path $IntuneWinFilePath -Parent) -Recurse -Force -Confirm:$false | Out-Null
                            }
                            catch [System.Exception] {
                                # Fallback method if OneDrive's Files On Demand feature is blocking access
                                $FileItems = Get-ChildItem -LiteralPath $IntuneWinFilePath -Recurse
                                foreach ($FileItem in $FileItems) {
                                    $FileItem.Delete()
                                }
                                $ParentItem = Get-Item -LiteralPath $IntuneWinFilePath
                                $ParentItem.Delete($true)
                            }
                        }
                    }
                }
            }
        }
        catch [System.Exception] {
            Write-Warning -Message "An error occurred while creating the Win32 application. Error message: $($_.Exception.Message)"
        }
    }
}