There are several methods to deploy applications on Windows devices using Intune, such as the Win32 app deployment method and the Line of Business (LOB) App deployment method. In this blog post, we will explore another app deployment method, which is deploying Microsoft Store apps.
A new Microsoft Store integration and an app type is now available in Intune. This app type, accessible from the Intune portal, is called ‘Microsoft Store apps (new)‘.
While Microsoft Store offers valuable business applications, it also hosts applications that may not be relevant to some organizations. For instance, apps like Netflix, Spotify, WhatsApp, etc.
These non-business apps can pose a security risk to the organization as users may download third-party apps that could potentially facilitate the upload of internally classified documents.
If you would like to block the installation of random applications from the Store application, refer to a step-by-step guide: How to disable Microsoft Store apps in Windows using Intune. If you want to block Store apps but Keep Winget working, refer to the guide: Block Microsoft Store apps using Intune except Winget.
The Microsoft Store supports various types of apps, including UWP apps, desktop apps packaged in .msix format, and Win32 apps packaged in .exe or .msi installers. You can easily search for these apps directly from the Intune portal, create the app deployment, and assign it to the desired devices or users.
Table of Contents
Difference between Microsoft Store app (legacy) vs Microsoft Store app (new)
The ‘Microsoft Store app (legacy)‘ is an older method of deploying Microsoft Store apps using Intune. With this legacy method, you need to provide the app link or URL during the app creation process. Unlike the newer methods, there is no direct search capability integrated with Intune when using this legacy approach.
The ‘Microsoft Store app (new)‘ method of deployment offers significant improvements over the legacy method. Some of these improvements include:
- You can browse and search for store apps within Intune.
- You can install and uninstall with the required app deployments.
- You can monitor the installation progress and results for store apps.
- Win32 store apps are also supported.
- System context and user context are supported for UWP apps.
Steps to deploy Microsoft Store Apps using Intune
Please find below the steps to deploy Microsoft Store apps using Intune.
- Login on Microsoft Intune admin center
- Click on Apps and then click on All Apps
- Click on + Add and Select Microsoft Store app (new) from the App type
- In the App Information tab, Click on Search the Microsoft Store app (new) to search for any store application.
- Type the name of the app you want to search and press Enter. Select the app from the search results.
- After selecting the app, most of the information related to the app will be auto-filled including Name, Package Identifier, Publisher, Description, etc. You can modify some of this information if you want.
- For this application, the application Install behavior is System context which cannot be changed. Depending upon the application, you may be able to toggle between System and User context. But if the Install behavior is pre-selected and greyed out then it cannot be changed. Click on Next to proceed.
- On the Assignments tab, you have the option to click on ‘+ Add all users‘ or ‘+ Add all devices‘ to target all users or all devices. However, if you want to restrict this deployment to a specific group of users or devices, you’ll need to create an Azure AD security group, add the specific users or devices to that group, and then target the deployment to that group.
- To ensure that the app is deployed automatically, add or target the devices to the ‘Required‘ section.
- If you target devices using the ‘Available for enrolled devices‘ option, the app will not be installed automatically. Instead, it will be made available for installation through the Company Portal app.
- On the Review + Create tab, review the app and click on Create.
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync either from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Another way to trigger the Intune device check-in process is by restarting the devices.
End User Experience
Let’s examine the end-user experience and verify if the application has been successfully installed. It took approximately 10-15 minutes for the application to download and install.
A toast notification may also appear in the system tray via the Microsoft Intune Management Extension, indicating that the app has been installed successfully.
Let’s verify the application installation status from ‘Programs and Features‘ and confirm the application’s version. As you can see, the latest version of the application has been successfully installed.
You can also find the application in the Start Menu as well:
1. Unable to find an Application when using the Microsoft Store app (new) method
If you’re searching for an app using the Microsoft Store app (new) app type and can’t find it, you can follow the steps below:
- Try to search for the app in the Microsoft public store on your computer to see if it’s available.
- If the app is available in the Microsoft Store then find its Package Identifier using App URL.
- Search for the application on the Intune portal using Package Identifier to see if you are able to find the application now.
2. The application was not detected after the installation was completed successfully (0x87D1041C)
If you encounter error code 0x87D1041C after deploying the Company Portal app on Windows devices, it may be due to the application already being installed on the target device. This is a known issue and is documented on Microsoft’s website.
Assigning a UWP app using the “Microsoft Store app (new)” type with the installation behavior set as “System” to a device which already has that app installed will result in this error: “The application was not detected after installation completed successfully (0x87D1041C)”. Uninstalling all previous installations of the app from the device, and then re-installing the app to the device will resolve this.0x87D1041C
3. Which functionality is not supported in Microsoft Store Apps
Any application that has an ARM64 installer is not supported.
4. What happens if an existing app is deployed using Microsoft Store App (new)
If a Win32 app is already present on the end user’s device and was either deployed using Microsoft Store for Business or installed manually, and you attempt to deploy the same application using the Microsoft Store app (new) method, the application will not be re-installed. Intune will take over the management of the application without reinstalling it.
5. Does the Win32 App Deployed Through the Microsoft Store App (New) Method Receive Regular Updates?
Yes, similar to UWP apps, a Win32 app deployed using the Microsoft Store app (new) method will be automatically kept up to date by Intune.
In this blog post, we’ve covered how to deploy Microsoft Store applications using the new method available in Intune. It’s a straightforward process to search for the app, create it, and assign it to devices. Additionally, the application will receive automatic updates as you’ve assigned it by adding devices to the ‘Required’ section. Uninstalling the application is just as simple – by adding devices to the ‘Uninstall’ section, the application will be uninstalled automatically.