Forum Widgets
Latest Discussions
AMA - Managing Windows 10 - July 25th
We are very excited to announce an upcoming opportunity to 'Ask Microsoft Anything' (AMA) about Windows 10 management! The AMA will take place on Tuesday, July 25th, 2017 from 9:00 AM to 10:00 AM Pacific Time in the Windows 10 management space. If you aren't familiar with the concept, an AMA is a live online question-and-answer event similar to a "YamJam" on Yammer or an "Ask Me Anything" on Reddit. The Windows 10 security AMA will give you the opportunity to connect with members of the Windows engineering and product teams, who will be on hand to answer your questions and listen to feedback about: Modern management scenarios: traditional, hybrid, and cloud-based Managing Windows devices with System Center Configuration Manager Managing Windows devices with Microsoft Intune Azure Active Directory Group Policy Microsoft Store for Business and application management Don't miss this opportunity. Add the event to your calendar. We hope to see you there!
ISV and Security tool readiness?
We are seeing issues with our ISV and Security tool vendors having issues keeping up with the feature build cadence. It seems like they are lagging behind at least 30 days after a release and many not offering full support until CBB/Broad. This is problematic and really cuts our our pilot phase timeline as we can't hand something out without our core security tools as well as giving the internal security tool teams time to test and implement. Has MS made any inroads with the major vendors to have greater parity with feature build readiness?What's new in Windows Package Manager 1.4
Last week, the Windows Package Manager team released WinGet 1.4. What's new? Support for .zip-based packages Additional manifest values in the output (if present): tags, purchase URL, etc. New command aliases! add for install update for upgrade remove and rm for uninstall ls for list config for settings Enhancements to detect that a package was already installed and switch to the upgrade flow. For all the details, and a cool tip, check out Demitrius_Nelon's post in the Windows Command Line blog.FAQ: Supporting Microsoft Store experiences on managed devices
Find answers to common questions about new Microsoft Store app integrations in Microsoft Intune and transitioning application management from the Microsoft Store for Business. Looking for more information? Read Update to Intune integration with the Microsoft Store on Windows. Editor's note: Questions in this FAQ may be added and/or updated over time to provide more detail. Updates and new questions will be indicated. Editor's note (3.23.2023): The retirement of the Microsoft Store for Business and the Microsoft Store for Education, originally scheduled for March 31, 2023, has been postponed. We will share an update here on future plans when they're available. In this FAQ: Early access and availability Application content Technical requirements Migration Application management and controls Benefits of integration with Endpoint Manager Options for app acquisition without Endpoint Manager Early access and availability What are the preview opportunities and when will they be available? Organizations looking to evaluate the new Microsoft Store app repository integration with Endpoint Manager will be able to sign up and participate in a private preview in the September 2022 release of Endpoint Manager. (Note: this date is subject to change.)) How can I sign up for the private, and later, the public preview? We will work with select organizations in the initial phase of the private preview and open it to additional organizations later in the process. When we move to Public Preview, there will be no need to sign up. The new capabilities will appear with the (Preview) tag in the Microsoft Endpoint Manager admin center. Contact your Microsoft account team for more information. When is the end-to-end replacement scenario for Microsoft Store for Business going to be generally available? The current plan is to make Microsoft Store support within Microsoft Endpoint Manager generally available in Q4 of 2022, with the community and private repository support in early 2023. This date is subject to change. When is the Microsoft Store for Business being retired? The retirement of the Microsoft Store for Business is planned for Q1 of 2023. This date is subject to change. What are the options for organizations to meet Microsoft Store for Business needs between now and general availability as the current Microsoft Store for Business does not work on Windows 11? Do we need to wait to update our estate to Windows 11? If deploying Store apps on Windows 11 is a core priority and you are not currently using Endpoint Manager, then you will not be able to deploy Store apps to devices on Windows 11. For organizations currently using Endpoint Manager, the process of deploying Microsoft Store apps to Windows 11 works currently with no interruptions. Application content Can I pick and choose from a combination of Stores and Apps? Yes. You will be able to pick from a variety of sources of Microsoft Store apps, including public Microsoft Store apps or apps made available from private sources including software vendor and line-of-business applications not available in public sources. The private sources will require prior authorization from the private repository owner and authentication to be able to access those applications. Is there a plan to incorporate the replacement of Microsoft Store for Business into the Store app tab on Windows 10/11 for employees to access the private store? No, the private Microsoft Store for Business, as it existed, is being retired. Organizations should leverage Microsoft Endpoint Manager and the Company Portal to provide end-to-end app experiences for their employees. Technical requirements Is the Company Portal App going to be free if we don't license Intune? An Intune license is required to take advantage of the new functionality and to continue to deploy Store apps directly to user and device groups. The Windows Package Manager platform is openly available to enable custom app installation apps and websites to be built. How can people download the Company Portal directly? Today there is not a standalone download to meet this need. The Company Portal app is a free download from the Microsoft Store on Windows. To discover and install applications, devices will need to be enrolled. It is expected that, as is the case today with Microsoft Endpoint Manager, IT admins will deploy the Company Portal app as part of the provisioning process. Employees that have access to the Store can also download and install it themselves, then login with their company credentials. How is servicing for apps installed from the Microsoft Store integration with Endpoint Manager going to work? What configuration (service accounts, ports, and policies) needs to be in place? Using Intune, you can assign applications as required or available to employees taking advantage of their existing device enrollment with their organization. IT admins and employees will be able to install and update Store apps. For more information, see Network endpoints for Microsoft Intune. Do our devices need to be managed by Intune (enrolled in MDM) or can Microsoft Configuration Manager be used instead? Microsoft Endpoint Manager includes both Intune and Configuration Manager. In order to leverage the new Store and private repositories for apps, you will need to enroll in MDM and use the Company Portal app for discovery and installation. Organizations using Configuration Manager can take advantage of co-management to deploy Store apps. Migration Will servicing of Microsoft Store in-box apps be able to be done in the same way? Yes, in-box apps that have a presence in the Microsoft Store on Windows can be serviced exactly the same way. In some cases, in-box apps can be uninstalled using Endpoint Manager app uninstall assignments. What do I need to do to have apps I installed from the Microsoft Store for Business remain up-to-date and manageable? Do I need to reinstall them? Will they stop working? Apps that are already installed on devices will continue to work for employees. To be able to service them as an IT pro, you will need to create a new assignment of those apps using the new Store integration with Endpoint Manager. This will not force any reinstall of the app, just reconnect the app from the employee's device to your Endpoint Manager app list. What is the process to migrate existing Microsoft Store for Business applications over to the new solution? There is no client migration or device changes required for previously installed apps. On the admin side, you will need to recreate and reassign applications to user and/or device groups and recreate role-based access control assignments that were previously created for individual Store for Business applications. What should I be doing right now to be ready for the transition? Identify those business-critical apps that you have deployed through the Microsoft Store for Business, understand how they are being used in your environment, and plan to recreate the app in the Endpoint Manager console and reassign. Existing assignments continue to work; new deployments will proceed according to your group assignments. Can I service part of my app instead of reinstalling the entire app if I'm using the new Microsoft Store app integration with Endpoint Manager solution? Redeploying an app will not explicitly result in a complete reinstall if the app is already available on the client device. However, this is entirely dependent on the application installer and how the vendor created it to behave. It is independent from how the Store works as the delivery mechanism. Do I need to repackage all my line-of-business apps for the new Microsoft Store app integration with Endpoint Manager solution? Repackaging is not a requirement. LOB apps previously deployed via Endpoint Manager are not affected. Application management and controls Can I force or gate a user to stay on a specific version of an app until I approve a newer version for my enterprise? The Store will only keep a few of the most current versions of an app available. We are evaluating, with the new Microsoft Store integration, a way that you will be able to, per app, decide whether auto-update is appropriate or whether you as an IT admin want to control the flow of updates using Endpoint Manager. If you need to keep an older version of an app around (N-2 or N-3, etc.) you will need to maintain your own copy of that application and deploy it manually. Can IT admins enforce mandatory or deadline dates? This capability is not yet available, but something we are looking into. How do I manage app entitlements using the Microsoft Store app integration with Endpoint Manager? There is no concept of entitlements or licenses. You also cannot use the Store to purchase apps on behalf of your employees. By assigning an app to a user group or device group, you are granting installation rights to all members of that group either as a required (also known as a push-install) or as an app available for the employee to install themselves through the Company Portal. Do you expect apps that have their own "auto updaters' (e.g. Microsoft Edge, Teams, and OneDrive) to change their servicing strategy? What powers the Store and private repositories and app manageability is the Windows Package Manager technology which affords the ability to update applications. Although applications with auto-updates still exist, you can use the Store to control the flow of updates with more certainty. We want apps to be automatically serviced, how will that work? What about for organizations not using Intune? Automatic servicing of apps deployed from the Store using Endpoint Manager will be an option that IT Admins can select on a per-app basis. The Store in the absence of management tools, like Endpoint Manager, will behave as it does today. Is there a plan for compliance reporting to show when applications are not current, i.e., out of date and subject to security fixes? These types of features are possible and under consideration. What management capabilities are there for IT admins to curate which apps an employee can install, but not allow full access to download all apps? IT admins can block access to the full Microsoft Store and, using Endpoint Manager, only allow the installation of apps either through required assignments or available assignments, in which the employee can search and install apps using the Company Portal. Will apps take advantage of peer content sharing, e.g., Delivery Optimization, or do they pull direct each time? Full Delivery Optimization support is available for Store applications deployed to Windows devices. What monitoring and reporting options will be available? As with most apps deployed via Endpoint Manager, you will have full monitoring and assignment reports available to you as well as complete device app inventory reporting for apps assigned using Windows Package Manager integration. What is the process to revoke or uninstall an application in the event of a zero-day vulnerability or once we are no longer licensing an application? Endpoint Manager has the full ability to update an app to resolve bugs or vulnerabilities. It also can be used to remove or uninstall apps of your choosing. How do I handle application dependencies? For example, one of our apps requires .NET to be installed before the app itself can be installed? Dependencies are a feature that is likely to be shipped after general availability but is something we plan to support in the future. Benefits of integration with Endpoint Manager What are the advantages of the Store for Business replacement solution in Endpoint Manager? There are many advantages, one of which is improved search and app discovery experience. It is much easier to find and assign apps to user groups, and the expanded app catalog content includes Win32 apps. There is also access to a broader set of apps from the Microsoft Store on Windows, including those submitted by the community and those made available through private software vendors or company-owned app repositories. Through Windows Package Manager, you have a richer set of APIs and integration points as well as developer tools. Options for app acquisition without Endpoint Manager What are our options if we don't have Intune or use a non-Microsoft management solution? Windows Package Manager has a rich set of tools and APIs available for you to discover and deploy applications to Windows devices. See the following for more details: Manage Windows Package Manager with Group Policy. What is the process for custom and line-of-business apps? Line-of-business apps can continue to be deployed through any of the various methods already available in Endpoint Manager through the Intune service or through Configuration Manager. For Store-based apps, using a private repository would include the benefits of publishing, lifecycle management, servicing/updating, and uninstalling/removing.Get-WindowsAutoPilotInfo - A quicker way...
Hi All Just a Tip from me to make it easier (if you got other ways, let me know, would be interested) Starting to deploy via Autopilot but first grabbing the information - so I am using a USB Drive with the following : Plug in the USB Drive.. Right Click the file ..GetAutoPilot.cmd and (run as Administrator) (it seems everytime I plug in the USB I get 😧 Drive but with the updated command below its automatic ) Prepare Files 1) GetAutoPilot.cmd 2) Download a copy of Get-WindowsAutoPilotInfo.ps1 Contents of GetAutoPilot.cmd PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command %~d0\Get-WindowsAutoPilotInfo.ps1 -ComputerName $env:computername -OutputFile %~d0\computers.csv -append Get-WindowsAutoPilotInfo.ps1 - downloaded from powershellgallery https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo/1.6 What it does... It quickly dumps the CSV file onto the USB Drive and now I have all the CSV Files that I need in one file ready to upload to intune. Then unplug and move onto the next device ... Easy ! Simon AllisonStop auto install Microsoft Store apps
Hi, Does anybody know a manner to stop downloading/ installing all the apps from the Microsoft Store as soon as an user logs in to the store (Xbox, Skype, CodeWriter etc)? I`m doing some testing with Azure AD join and Intune MDM, but when a device is joined and MDM managed, the user is automatically logged on to the store, which results in installing more than 30 apps, from which most apps never be used. Would be nice to prevent those apps from installing. Thanks PeterUpgrade proccess and language packs
Hi guys, During servicing from a CB Built to another one you have to reinstall all the installed MUI language packs. It would be nice to have a TS step which is detecting all the currently installed LPs and servicing the new ones for the new CB build. Any plans for that in the pipeline?
