This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.
Dear IT Pros,
Today we discuss about Microsoft Store and its integration with MECM and MEM (Intune).
MICROSOFT STORE
Microsoft Store for Business and Microsoft Store for Education – MSfB and MSfE are available to Windows 10 devices. The following features and advantages are available:
- Designed for organizations, Microsoft Store for Business (MSfB) and Microsoft Store for Education (MSfE) give IT a flexible way to find, bulk app acquire, manage, and distribute free and paid apps to Windows 10 devices.
- IT administrators can manage Microsoft Store apps and private line-of-business apps in one inventory, plus assign and re-use licenses as needed.
- Admin can choose the best distribution method for your organization: directly assign apps to individuals and teams, publish apps to private pages in Microsoft Store, or deploy apps by management tools (MDM, MECM, …).
- Private store - Your private store is available as a tab in Microsoft Store app and usually named for your company or organization. Only apps with online licenses can be added to the private store.
Prerequisites
- To manage either Business Store or Education Store, you could use the supported browsers, include Internet Explorer 10 or later, current versions of Microsoft Edge, Chrome or Firefox.
- JavaScript must be supported and enabled.
- To deploy on target: Windows 10, version 1511 or later, on a PC or mobile device.
- Microsoft Azure Active Directory (AD) accounts for your employees:
- Admins need Azure AD accounts to sign up for Store for Business and Education, and then to sign in, get apps, distribute apps, and manage app licenses.
- Employees need an Azure AD account when they access Store for Business content from Windows devices.
- For offline-licensed apps, Azure AD accounts are not required for employees.
- The MSfB includes the roles: Admin (full control), Purchaser for MSfB or Basic Purchaser for MSfE (acquire, distribute app), Device Guard Signer (sign device to be allowed access)
App licensing model
Store for Business and Education supports two license options for apps: online and offline.
- Online licensing is the default licensing model and is similar to the licensing model for Microsoft Store. Online licensed apps require users and devices to connect to Microsoft Store services to acquire an app and its license.
- Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs (Independent SW Vendor) or devs can opt in their apps for offline licensing when they submit them to the developer center.
Sign up for Microsoft Store
Before signing up for Microsoft Store, make sure you're the global administrator for your organization.
To sign up for Microsoft Store
> Go to https://businessstore.microsoft.com
or https://educationstore.microsoft.com
> Click Sign up. Use your Azure AD account and sign in to Store for Business,
> Activate Private Store (Your Company Name Store) Click on Private Store
> Click “activate private store”:
> Accept the service agreement
To Add Configuration Manager as a management tool
> In the Windows Store for Business, go to Manage (menu)
> Settings, Distribute
> Add Management tool (link)
> Search box, typing in name of the Azure AD’s registered app you create from MECM Console in the previous step:
> Make sure the status is Active as shown here:
Assign roles to employees.
> Go to Manage (menu), Permissions
> Roles (menu)
> Assign roles
> Type in the email address of the User you want to assign the role
> Check the permissions to be assigned:
> Save
To Add App offline license type and download the app package
In MECMConsole, synchronize between MECMCloud service and Microsoft Store for Business to get all the assigned apps.
> Shop for my group
> Manage, Download
INTEGRATE PRIVATE STORE TO SCCM
Manage apps from the Microsoft Store for Business and Education with Configuration Manager
Configuration Manager supports managing Microsoft Store for Business and Education apps on both Windows 10 devices with the Configuration Manager client, and also Windows 10 devices enrolled with Microsoft Intune. Configuration Manager offers the following capabilities for online and offline apps:
SUMMARY OF CAPABILITIES |
||
Capability |
Offline apps |
Online apps |
Synchronize app data to Configuration Manager |
Yes |
Yes |
Create Configuration Manager applications from store apps |
Yes |
Yes |
Support for free apps from the store |
Yes |
Yes |
Support for paid apps from the store |
No |
YesNote 1 |
Support required deployments to user or device collections |
Yes |
Yes |
Support available deployments to user or device collections |
Yes |
Yes |
Support line-of-business apps from the store |
Yes |
Yes |
Provision a store app for all users on a device |
Yes |
Yes |
Note 1:
Windows 10, version 1703 or later.
Once Microsoft Store for Business (MSfB) is integrated with SCCM, the apps will get automatically synced from MSfB to ConfigMgr. View these apps in the MECM console, and deploy them like you deploy any other apps.
MECM and App store will automatically sync every 10 min.
Procedure:
- Create MS Store App in MECM Console\Azure Service Administration workspace\Azure Services, right click
> Configure Azure Services
> Sign in with your Azure Global Admin Credential
> Create Azure App for MSStore
> Choose the language for App:
> Add the online/offline Apps in the store and create the same in MECM as an application
> Synchronize MS Store Apps to MECM,
> Check the last sync status: succeeded
Troubleshooting
No permission for App shared folder
> Check log WsfbSyncWorker.log in Configuration Manager\Logs folder:
> Add share and security NTFS permission for the App shared folder
Unauthorized access to business store
> Check admin permissions on the store, In Manage\Settings
> In Microsoft Store for Business, go to Settings\Distribute\Management Tools
Make sure the status of ConfigMgrMSStore is Active as shown here:
> Make sure the is no blocked access by Windows Firewall or Network Proxy Firewall to Microsoft Store URL on port 443, https as per Microsoft document.
> Wait for 10 minutes for the next synced cycle to be kicked in and check the Console, refresh WSfBSyncWorker.log if the error is clear now:
> Checking WSfBSyncWorker.log if there is no current error:
More Troubleshooting here
Associate your Microsoft Store for Business account with Intune
Before you enable synchronization in the Intune console, you must configure your store account to use Intune as a management tool:
- Ensure that you sign into the Microsoft Store for Business using the same tenant account you use to sign into Intune.
- In the Business Store, choose the Manage tab, select Settings, and choose the Distribute tab.
- If you don't specifically have Microsoft Intune available as a mobile device management tool, choose Add management tool to add Microsoft Intune. If you don't have Microsoft Intune activated as your mobile device management tool, click Activate next to Microsoft Intune. Note that you should activate Microsoft Intune rather than Microsoft Intune Enrollment.
Configure synchronization
- Sign in to the Microsoft Endpoint Manager admin center.
- Select Tenant administration > Connectors and tokens > Microsoft Store for Business.
- Click Enable.
- If you haven't already done so, click the link to sign up for the Microsoft Store for Business and associate your account as detailed previously.
- From the Language drop-down list, choose the language in which apps from the Microsoft Store for Business are displayed in the portal. Regardless of the language in which they are displayed, they are installed in the end user's language when available.
- Click Sync to get the apps you've purchased from the Microsoft Store into Intune.
Synchronize apps
If you've already associated your Microsoft Store for Business account with your Intune admin credentials, you can manually sync your Microsoft Store for Business apps with Intune using the following steps.
- Select Tenant administration > Connectors and tokens > Microsoft Store for Business.
- Click Sync to get the apps you've purchased from the Microsoft Store into Intune.
Note
Apps with encrypted app packages are currently not supported and will not be synchronized to Intune.
Assign apps
You assign apps from the store in the same way you assign any other Intune app. For more information, see How to assign apps to groups with Microsoft Intune.
Offline apps can be targeted to user groups, device groups, or groups with users and devices. Offline apps can be installed for a specific user on a device or for all users on a device.
When you assign a Microsoft Store for Business app, a license is used by each user who installs the app. If you use all of the available licenses for an assigned app, you cannot assign any more copies. Take one of the following actions:
- Uninstall the app from some devices.
- Reduce the scope of the current assignment, targeting only the users you have sufficient licenses for.
- Buy more copies of the app from the Microsoft Store for Business.
Remove apps
To remove an app that is synced from the Microsoft Store for Business, you need to log into the Microsoft Store for Business and refund the app. The process is the same whether the app is free or not. For a free app, the store will refund $0. The example below shows a refund for a free app.
Windows 11 and Microsoft Store
Introducing a new Microsoft Store
According to Windows 11 blog, The new Microsoft Store is coming soon to both Windows 11 and Windows 10. It will help you discover and install the best apps, games, movies and even special offers – like unique movie discounts for Xbox Game Pass members. All the content in the Microsoft Store is tested for security, family safety and device compatibility.
Program Team has redesigned the Microsoft Store from the ground up, making space for more content, keeping the user experience simple and responsive. Here’s a sneak preview at some of the features coming over the next few months:
- Get introduced to the best apps and games with curated stories and collections
- Run your favorite Android mobile games and apps on Windows
- a partnership with Amazon to bring their catalog of Android apps and games to Windows.
- Windows customers will be able to discover Android apps in the Microsoft Store, and acquire them through the Amazon Appstore.
- A “pop-up” store that helps install apps from the web
With the new pop-up store, we are making it easy to install apps from the browser; when you click a Microsoft Store download badge on a web page, the Microsoft Store will pop up to manage the install – without pulling you away from what you were doing.
A more open Microsoft Store for developers
- Support for more types of apps
Starting today, Windows developers can publish any kind of app, regardless of app framework and packaging technology – such as Win32, .NET, UWP, Xamarin, Electron, React Native, Java and even Progressive Web Apps. Developers can sign-up here to publish desktop apps, or build and package PWAs using MS latest open-source tool PWABuilder 3.
- Flexibility and choice of commerce platform
Many developers love the Microsoft Commerce platform because of its simplicity, global distribution, platform integration and its competitive revenue share terms at 85/15 for apps and 88/12 for games.
Starting July 28, app developers will also have an option to bring their own or a third party commerce platform in their apps, and if they do so they don’t need to pay Microsoft any fee. They can keep 100% of their revenue.
I hope the information in this techblog is useful for your Private Store Integration's deployment
Thanks for reading this article, until next time.
Reference:
- Prerequisites for Microsoft Store
- MS Store Settings
- Find and Acquire App in MS Store
- MS Store Troubleshooting.
- Windows 11 Store