Learn more about our company, our mission, our corporate history, and our business partners. Our innovative products have been used by companies around the world for over twenty years. The earliest versions of our product line date back even farther. Summarized we control the install of Windows 10 Win32 applications through the following facts:Our four tiered system allows you to make a payment: Online through an IVR via our LIVE operators or at the agencies counter Corporate Address 5144 E. Lastly the fact if a user is the primary user of the device will also influence the ability to install applications.The regular polling interval of the IME is every 60 minutes. I have chosen to “ Show all toast notifications” and availability and install “ As soon as possible“:The Intune Management Extension (IME) is the small helper agent on Windows 10 responsible to install our apps (See my deep dive on IME here: Part 1, Part 2, Part3). I will not walk through every combination but I will show the most important ones to get the general understanding. Devices were logged into by Intune- and Teams-licensed users.In this Cranfield Quick Byte video we demonstrate the setup process for the Microsoft Intune company portal mobile management app.Information Services (IT)If we have a look at the application assignment screen we will see the options from above except the primary user behavior as this is an implicit behavior which I will explain later in the article:Let’s start with a required user assignment of our demo application 7-zip. Devices were confirmed as logged out and then power-cycled. We couldn't get any further compliance restrictions to work - we got sign-in hangs otherwise.
![]() This can be achieved by installing it via the built in Windows 10 Microsoft Store, just search for Company Portal and install it:If you have setup the Microsoft Store for Business (MSfB) integration with Intune you can also assign the Company Portal to your users directly via Intune as a required install. What about “available for enrolled devices”, how are they made visible to the end user?First we need the Company Portal on the device. If you have chosen to hide the toast notifications they are simply not shown.This is pretty straight forward and basic application distribution. Meaning you can use user or device based assignments and even set to required or available for enrolled devices. Company Portal Appx Offline Version OfGreat, this is a true user to app relationship and the device does not matter in that situation. We are assigning all the apps to a user as required or available and even in case the person gets a new device, all the required apps getting installed again and others are available for install. After you followed the linked guide and imported the offline version you will see the “Company Portal (Offline)” version as well:These options should give you enough flexibility to install your necessary apps for the users and provide them an additional catalog of available apps for install on their personal needs.For typical user devices, devices which belong to one person, this is basically all we need. This is the recommended way of distributing the Company Portal.If you did not integrate Microsoft Store for Business with Intune or you have troubles because of connectivity to the Microsoft Store, you might have blocked network access to the Microsoft Store or Conditional Access requires a compliant device to authenticate to the Microsoft Store but the device is not flagged as compliant in time during OOBE phase, you can use the Offline version of the Company Portal. This person can install all his software on his device. The primary user of a device controls the ability to install available apps! This is quite important to know as it will have some consequences.Let’s have a look at the typical user device, belonging to one person (Autopilot user-driven deployment). What about the primary user of the device and app assignments?If we have a closer look at the devices in Intune we will see two properties, Enrolled by and Primary User:It might look like that these properties don’t have any impact but this is not true. This is not the case with user assignments and this normally greatly simplifies internal processes around application assignments. Ultimate fishing simulator amazonAnother option would be to use device group assignments for applications in Intune. For Azure AD joined devices a Windows Autopilot Reset will remove the primary user and the next user who signs in after the reset will be set as the primary user.UPDATE (Week of March 9, 2020): Change Primary User for Windows devices has been releasedAs soon as we support multi-user devices we need to enroll them as shared device, or remove the primary user (with the upcoming feature) to get the available apps functionality in company portal. Within Intune on the device object there will be some UI controls to change or remove the primary user in future.Right now, it is possible to change or remove the primary user of a device by utilizing a complete reset. This way a device can easily re-purposed and given to a different user. Microsoft Intune will provide a way to change the current primary user to a different one for Hybrid and Azure AD joined devices (not co-managed devices!). A shared device has no primary user:And will show the apps again in the company portal: Is there a way to change the primary user of a device?Currently there is no way to do this, but it is in development ( Intune features in development – 19th of February 2020). ![]() I can imagine all kind of situations where some additional attributes would be a live saver. For example attributes representing basic things like the region like EU, US or more specific Germany, Spain, France etc. (see Dynamic membership rules for groups in Azure Active Directory).This makes it difficult to automatically group all devices based on custom attributes. ![]() Before triggering the application install. That way we could evaluate registry keys etc. This could be implemented by using the App requirement rules (see my fellow Peter van der Woude’s blog for some details “ Working with (custom) requirements for Win32 apps“) or logic within an install wrapper (PowerShell wrapper script for example). For example an application install wrapper can check if the device is ready to install based on some properties.
0 Comments
Leave a Reply. |
AuthorJulie ArchivesCategories |