There are various way in which you can deploy the applications on windows devices using Intune e.g. Win32 app deployment method, Line of Business (LOB) App deployment method etc. Another method of app deployment which we are going to see in this blog post is Microsoft Store apps deployment.
As we know Microsoft store for business is getting retired soon. There is a new Microsoft store integration and app type available in Intune. App type that is now available from Intune portal is called Microsoft store apps (new) which leverages Windows package manager.
As Microsoft store provides useful business applications, it also contains applications which may not be relevant to the organization. For Example: Apps like NetFlix, Spotify, Whatsapp etc. This could be a security risk for the organization where users can download any third party app which could allow upload of Internal classified documents.
If you would like to block installation of random applications from the Store application by the end user without blocking the Intune and Windows Package Manager store integration, Just enable ApplicationManagement/RequirePrivateStoreOnly. You can use a step by step guide which provides detailed information on How to disable Microsoft Store in Windows using Intune.
Microsoft Store supports UWP apps, desktop apps packaged in .msix, and Win32 apps packaged in .exe or .msi installers. You can simply search for the apps directly from the Intune portal, create the app deployment and assign it to the devices / users.
Difference between Microsoft Store app (legacy) vs Microsoft Store app (new)
Microsoft store app (legacy) is old method of deployment of Microsoft store apps using Intune. You will have to provide app link / URL while creating the app while using legacy method, there is no direct search capability integrated with Intune with this method.
Microsoft store app (new) method of deployment has significant improvements over legacy method. Some of the Improvements are given below:
- You can browse and search for store apps within Intune.
- You can install and uninstall with required app deployments.
- You can monitor the installation progress and results for store apps.
- Win32 store apps are also supported.
- System context and user context are supported for UWP apps.
Steps to deploy Microsoft Store apps using Intune
Please find below steps to deploy Microsoft store apps using Intune.
- Login on Microsoft Intune admin center
- Click on Apps and then click on All Apps
- Click on + Add and Select Microsoft store app (new) from the App type
- In App Information tab, Click on Search the Microsoft Store app (new) to search for any store application.
- Type the name of the app you want to search and press enter. Select the app from the search results.
- After selecting the app, most of the information related to the app will be auto-filled including Name, Package Identifier, Publisher, Description etc. You can modify some of this information if you want.
- For this application, the application Install behavior is System context which cannot be changed. Depending upon the application, you may be able to toggle between System and User context. But if Install behavior is pre-selected and greyed out then it cannot be changed. Click on Next to proceed.
- On the Assignments tab, you can click on + Add all users or + Add all devices to target all users or all devices. However, if you want to target this deployment only to specific group of users / devices, then you have to create an Azure AD security group and then target that group.
- Add / target devices to Required section to make sure the app is deployed automatically.
- If you target devices using Available for enrolled devices option then the app will not be installed automatically, it will be available to be installed from Company portal app.
- On Review + Create tab, review the app and click on Create. This will create the app and assign it to the devices.
Intune Policy Refresh Cycle
The Device will Sync / Check in to start deployment of this app. It may take some time for the process to start. Therefore, if you are testing it on a test device, you can force initiate Intune refresh cycle on the device which will speed up the download and installation process. You can also use Powershell to force initiate Intune refresh cycle.
Also, you can restart the device first which also starts the device check-in process. Manual sync is not mandatory on user’s devices as the device check-in process happens automatically. But if you are testing the deployment on a test device then this can speed up your testing and can save some time.
End User Experience
Let’s check the End user experience and see if the application is installed successfully. I have waited for around 10-15 minutes for the application to download and Install. There will be a toast notification in system tray via Microsoft Intune Management Extension which shows that Citrix Workspace App has been installed successfully.
Let’s check the application Installation status from Programs and features and confirm the version of the application. As you can see the latest version of the application has been installed.
You can also find the application in the start menu as well:
FAQs
I am unable to find the application on Intune Portal
If you are searching for an app while using Microsoft store app (new) app type and unable to find it then you could follow below steps:
- Try to search for the app in Microsoft public store on your computer to see if its available.
- If the app is available in Microsoft store then find its Package Identifier using App URL.
- Search for the application on the Intune portal using Package Identifier to see if you are able to find the application now.
The application was not detected after installation completed successfully (0x87D1041C)
If you are getting error code 0x87D1041C after deploying company portal app on windows devices then this could be because the application is already Installed on the target device. This is a known Issue and clearly documented on Microsoft’s website:
Assigning a UWP app using the “Microsoft Store app (new)” type with the installation behavior set as “System” to a device which already has that app installed will result in this error: “The application was not detected after installation completed successfully (0x87D1041C)”. Uninstalling all previous installations of the app from the device, and then re-installing the app to the device will resolve this.
0x87D1041C
Which functionality is not supported in Microsoft Store Apps
Any application that has an ARM64 installer is not supported.
What happens if an existing app is deployed using Microsoft Store App (new)
If a Win32 app is already existing on the end user device and was either deployed using Microsoft store for business or was installed manually and you deploy the same application using Microsoft store app (new) method. The application will not be re-installed. Intune will also take over the mangement of the application.
Is Win32 app deployed via Microsoft store app (new) method is regularly updated
Yes, Like UWP apps, a Win32 app deployed using Microsoft store app (new) method will be kept up to date automatically by Intune.
Conclusion
In this blog post, we have seen how to deploy Microsoft store application using new method available in Intune. Its very easy to search for the app, create it and assign it to the devices. Application will also be updated automatically. As you have assigned the application by adding devices to the Required section of the app. You can also Uninstall the application by simply adding the devices Under the Uninstall section and the application will be uninstalled automatically.