Several methods exist for deploying applications on Windows devices using Intune, such as the Win32 app deployment method and the Line of Business (LOB) App deployment method. This blog post will explore another app deployment method: deploying Microsoft Store apps.
Intune now offers a new Microsoft Store integration and an app type, Microsoft Store apps (new), accessible from the Intune portal.
While Microsoft Store offers valuable business applications, it also hosts applications that may not be relevant to some organizations, such as Netflix, Spotify, WhatsApp, etc.
These non-business apps can pose a security risk to the organization as users may download third-party apps that could potentially facilitate uploading internally classified documents.
If you would like to block the installation of random applications from the Store application, refer to a step-by-step guide: How to disable Microsoft Store apps in Windows using Intune. If you want to block Store apps but keep Winget working, refer to the guide: Block Microsoft Store apps using Intune except Winget.
The Microsoft Store supports various types of apps, including UWP apps, desktop apps packaged in .msix format, and Win32 apps packaged in .exe or .msi installers. You can search for these apps directly from the Intune portal, create the deployment, and assign it to the desired devices or users.
Table of Contents
Microsoft Store app (legacy) vs Microsoft Store app (new)
The Microsoft Store app (legacy) is an older method of deploying Microsoft Store apps using Intune. With this legacy method, you must provide the app link or URL during the app creation process. Unlike the newer methods, no direct search capability is integrated with Intune when using this legacy approach.
The Microsoft Store app (new) deployment method offers significant improvements over the legacy method. Some of these improvements include:
- You can browse and search for store apps within Intune.
- You can install and uninstall with the required app deployments.
- You can monitor the installation progress and results for store apps.
- Win32 store apps are also supported.
- System context and user context are supported for UWP apps.
Steps to deploy Microsoft Store Apps using Intune
Please find below the steps to deploy Microsoft Store apps using Intune.
- Sign in to the Intune admin center.
- Click on Apps and then click on All Apps.
- Click on + Add and Select Microsoft Store app (new) from the App type.
- In the App Information tab, Click on Search the Microsoft Store app (new) to search for any store application.
- Type the name of the app you want to search and press Enter. Select the app from the search results.
- After selecting the app, most of the information related to the app will be auto-filled, including Name, Package Identifier, Publisher, Description, etc. You can modify some of this information if you want.
- The application’s Install behavior is System context, which cannot be changed. Depending on the application, you can toggle between System and User context. But if the Install behavior is pre-selected and greyed out, it cannot be changed. Click on Next to proceed.
- Click Add groups and select the Entra security group containing Windows 10/11 test devices. Once testing proves successful, you can expand the deployment by including additional devices in the group.
- Add or target the devices to the Required section to ensure that the app is deployed automatically.
- If you target devices using the Available for Enrolled Devices option, the app will not be installed automatically. It will be available for Installation from the Company Portal App.
- On the Review + Create tab, review the app and click on Create.
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the devices also triggers the Intune device check-in process.
End User Experience
Let’s examine the end-user experience and verify if the application has been successfully installed. It took approximately 10-15 minutes for the application to download and install.
A toast notification may also appear in the system tray via the Microsoft Intune Management Extension, indicating that the app has been installed successfully.
Let’s verify the application installation status from Programs and Features and confirm the application’s version. As you can see, the latest version of the application has been successfully installed.
You can also find the application in the Start Menu as well:
FAQs
1. Unable to find an Application when using the Microsoft Store app (new) method
If you’re searching for an app using the Microsoft Store app (new) app type and can’t find it, you can follow the steps below:
- You can search for the app in the Microsoft public store to see if it’s available.
- If the app is available in the Microsoft Store, find its Package Identifier using the App URL.
- Search for the application on the Intune portal using the Package Identifier to see if you can find it now.
2. The application was not detected after the installation was completed successfully (0x87D1041C)
If you encounter error code 0x87D1041C after deploying the Company Portal app on Windows devices, it may be because the application is already installed on the target device. This is a known issue documented on Microsoft’s website.
Assigning a UWP app using the “Microsoft Store app (new)” type with the installation behavior set as “System” to a device which already has that app installed will result in this error: “The application was not detected after installation completed successfully (0x87D1041C)”. Uninstalling all previous installations of the app from the device, and then re-installing the app to the device will resolve this.
0x87D1041C
3. Which functionality is not supported in Microsoft Store Apps
Any application that has an ARM64 installer is not supported.
4. What happens if an existing app is deployed using Microsoft Store App (new)
If a Win32 app is already on the end user’s device and was either deployed using Microsoft Store for Business or installed manually, and you attempt to deploy the same application using the Microsoft Store app (new) method, the application will not be re-installed. Intune will take over the management of the application without reinstalling it.
5. Does the Win32 App Deployed Through the Microsoft Store App (New) Method Receive Regular Updates?
Yes, similar to UWP apps, a Win32 app deployed using the Microsoft Store app (new) method will be automatically kept up to date by Intune.
Conclusion
In this blog post, we’ve covered how to deploy Microsoft Store applications using the new method available in Intune. Searching for the app, creating it, and assigning it to devices is straightforward. Additionally, the application will receive automatic updates. Uninstalling the application is as simple—adding devices to the Uninstall section will automatically uninstall it.
