(Presented by Mahyar Ghadiali, Senior Program Manager, at Microsoft Ignite 2018)
One of the most eagerly awaited features for Microsoft Intune customers is the ability to deploy most of their existing Windows applications to MDM-managed Windows clients. This article provides a sneak peek at this exciting capability that was announced at Microsoft Ignite. Building upon the existing support for line-of-business (LOB) apps and Microsoft Store for Business apps, administrators will use Intune to add, install, and uninstall applications for Windows 10 users in a variety of formats such as MSI, Setup.exe, or MSP. Intune will evaluate requirement rules before the start of app download/ install and notify end users of the status or reboot requirements using the Windows 10 Action Center. This fully cloud-based capability will provide the management flexibility and simplicity to help organizations shift to the modern desktop. The Intune feature is built by the same team that perfected Windows app deployment via Configuration Manager, serving applications to hundreds of thousands of Windows PCs worldwide. The public preview for Windows app deployment is expected to be available in the next release of Intune, and we will continue to add significant new capabilities over the next few months based on your feedback.
This article provides a quick summary of the steps you may follow once the preview is available. It does not replace the official Intune product documentation that will provide the complete details at the time of release.
Process overview
The overall process is quite straightforward. First you package and upload your existing apps to Intune using a new utility. Then you configure the relevant application properties, and add the app to Intune’s Company Portal catalog. Finally, you assign the apps to specific users or user groups, optionally marking the apps as featured, required, or available. The cloud-based management simplifies monitoring and troubleshooting during the application lifecycle. Let us start with a look at some of the pre-requisites
Client and application pre-requisites
- Windows 10 version 1607 or later (Enterprise). We are currently testing Pro and Education editions of Windows 10 version 1607 and will be happy to hear your feedback.
- Windows 10 client needs to be:
- joined to Azure Active Directory (AAD) or Hybrid Azure Active Directory, and
- enrolled in Intune (MDM-managed)
- Windows application size is capped at 8GB per app in the public preview. In this article, we will refer to it as “Win32 app”
Prepare content for upload to Intune
In order to deploy to the Windows 10 clients, you must upload your existing Windows application to the Intune cloud. To prepare the application for upload, download the Intune Win32 App Packaging Tool from GitHub. Point the tool at your installer directory, which should include all the files for the proper installation of your application. This generates an app manifest file, and will encrypt and compress the installer bundle to produce a bundle with the .intunewin file extension. This does not change or otherwise repackage your application content. It is simply an optimization for upload to the cloud.
Create, assign, and monitor a Win32 app
Many organizations use custom Win32 apps that are typically written in-house or by a 3rd party. The following steps provide guidance to help you add a standard Win32 app to Intune.
Step 1: In the Add app pane, select Windows app (Win32) – preview from the provided drop-down list.
Step 2: In the add app pane, select App package file to select a file. In the App package file pane, click the browse button and select the Windows installation bundle you previously created with the extension .intunewin. Click OK when you're done.
Step 3: You will now configure the application properties within the add app pane.
Select App information to configure a name and other app metadata used by the admin to identify and monitor the application. This is the name displayed in the Windows Company Portal and selected by end-user to launch the application. IT administrators may choose to categorize the apps or highlight them as “Featured App” in the company portal.
Step 4: Configure app installation details in the Program properties, such as any command-line switches and options to perform the installation and uninstallation.
Step 5: Configure app ‘Requirements’, still in the add app pane. The requirement rules are executed at the time of install so you have better chance of success when you deploy your app. Requirement rules are useful because they guard against content download to the target client machine by Intune until the requirements are met.
Step 6: Configure app Detection Rules to help guard against redeploying the app repeatedly on a device. The app will not install on a system where it may be already installed. Your detection method expression can be built by creating multiple rules using file, registry and MSI product code. If your environment requires more detailed detection methods, you may deploy PowerShell scripts to detect the application.
Step 7: Configure app return codes, still within the “Properties” pane of the “add app” pane. Return code entries are added by default during app creation. However, you can add additional return codes or change existing return codes. Select Return codes and change these settings only if you must customize either app installation retry behavior or post-installation behavior.
Step 8: You are now ready to add the app. In the Add app pane, verify that you configured the app information correctly. Select Add to upload the app to Intune.
Step 9: App assignment and monitoring is one of the key benefits of managing Windows software with Intune. Once your app is uploaded to Intune, it will be visible in the Intune console. You can assign it to groups based on the requirements of your organization and easily monitor app information.
Step 10: The end-user will see Windows Action Center Notifications for required and available app installations. The following image shows an example of one such notification where the app installation is not complete until the device is restarted.
Next steps
If you are already a Microsoft Intune customer, look for the public preview to be available in your tenant shortly. We will make the release announcement on the What’s New page of Intune product documentation. If you are a future Microsoft customer, sign up for the 90-day free trial of Enterprise Mobility + Security (EMS), which gives you access to the complete solution for modern management and security including Microsoft Intune.
If you already have eligible subscriptions to Microsoft 365 or EMS, remember to use the FastTrack benefits available at no additional cost for the life of your subscription. Move confidently to cloud-managed Windows with end-to-end guidance throughout your Microsoft Intune deployment, delivered by Microsoft engineers or partners. We’re also pleased to announce Desktop App Assure—a new service from Microsoft FastTrack designed to address issues with Windows 10 and Office 365 ProPlus app compatibility. Windows 10 is the most compatible Windows operating system ever, so you should generally expect that apps that work on Windows 7 will continue to work on Windows 10 and subsequent feature updates. But if you find any app compatibility issues after a Windows 10 or Office 365 ProPlus update, Desktop App Assure is designed to help you get a fix. Learn more in this blog.
We’re excited to bring you this much awaited public preview of Windows app deployment with Intune and look forward to hearing about your experience!
Click here to read about other Microsoft Intune and Configuration Manager news from Microsoft Ignite 2018