MICROSOFT PRIVATE STORE and INTEGRATION

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.

MSPrivStore.gif

 

Dear IT Pros, 

Today we discuss about Microsoft Store and its integration with MECM and MEM (Intune).

 

MICROSOFT STORE 

Microsoft Store for Business and Microsoft Store for Education – MSfB and MSfE are available to Windows 10 devices. The following features and advantages are available: 

  • Designed for organizations, Microsoft Store for Business (MSfB) and Microsoft Store for Education (MSfE) give IT a flexible way to find, bulk app acquire, manage, and distribute free and paid apps to Windows 10 devices.  
  • IT administrators can manage Microsoft Store apps and private line-of-business apps in one inventory, plus assign and re-use licenses as needed. 
  • Admin can choose the best distribution method for your organization: directly assign apps to individuals and teams, publish apps to private pages in Microsoft Store, or deploy apps by management tools (MDM, MECM, …). 
  • Private store - Your private store is available as a tab in Microsoft Store app and usually named for your company or organization. Only apps with online licenses can be added to the private store.  

Prerequisites 

  • To manage either Business Store or Education Store, you could use the supported browsers, include Internet Explorer 10 or later, current versions of Microsoft Edge, Chrome or Firefox.  
  • JavaScript must be supported and enabled. 
  • To deploy on target: Windows 10, version 1511 or later, on a PC or mobile device. 
  • Microsoft Azure Active Directory (AD) accounts for your employees: 
  • Admins need Azure AD accounts to sign up for Store for Business and Education, and then to sign in, get apps, distribute apps, and manage app licenses.  
  • Employees need an Azure AD account when they access Store for Business content from Windows devices. 
  • For offline-licensed apps, Azure AD accounts are not required for employees. 
  • The MSfB includes the roles: Admin (full control), Purchaser for MSfB or Basic Purchaser for MSfE (acquire, distribute app), Device Guard Signer (sign device to be allowed access) 

App licensing model 

Store for Business and Education supports two license options for apps: online and offline.  

  • Online licensing is the default licensing model and is similar to the licensing model for Microsoft Store. Online licensed apps require users and devices to connect to Microsoft Store services to acquire an app and its license.  
  • Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs (Independent SW Vendor) or devs can opt in their apps for offline licensing when they submit them to the developer center. 

Sign up for Microsoft Store 

Before signing up for Microsoft Store, make sure you're the global administrator for your organization. 

To sign up for Microsoft Store 

     > Go to  https://businessstore.microsoft.com 

              or https://educationstore.microsoft.com 

      > Click Sign up. Use your Azure AD account and sign in to Store for Business 

      > Activate Private Store (Your Company Name Store) Click on Private Store 

TanTran_1-1626149615731.png

>  Click “activate private store”: 

TanTran_2-1626149671260.png

>  Accept the service agreement 

 

To Add Configuration Manager as a management tool  

>  In the Windows Store for Business, go to Manage (menu) 

>  Settings, Distribute 

>  Add Management tool (link) 

TanTran_6-1626150014675.png

>  Search box, typing in name of the Azure AD’s registered app you create from MECM Console in the previous step: 

TanTran_7-1626150084873.png

 

 

TanTran_9-1626150084877.png

 

 >  Make sure the status is Active as shown here: 

TanTran_23-1626150332621.png

 

Assign roles to employees 

>  Go to Manage (menu), Permissions 

>  Roles (menu)

TanTran_24-1626150510073.png

 >  Assign roles

 >  Type in the email address of the User you want to assign the role 

 >  Check the permissions to be assigned: 

TanTran_25-1626150659279.png

>  Save 

 

To Add App offline license type and download the app package 

 In MECMConsole, synchronize between MECMCloud service and Microsoft Store for Business to get all the assigned apps. 

 >  Shop for my group 

TanTran_13-1626150084886.png

 

 >  Manage, Download 

 

INTEGRATE PRIVATE STORE TO SCCM 

Manage apps from the Microsoft Store for Business and Education with Configuration Manager 

Configuration Manager supports managing Microsoft Store for Business and Education apps on both Windows 10 devices with the Configuration Manager client, and also Windows 10 devices enrolled with Microsoft Intune. Configuration Manager offers the following capabilities for online and offline apps: 

 

SUMMARY OF CAPABILITIES 

Capability 

Offline apps 

Online apps 

Synchronize app data to Configuration Manager 
(synchronization occurs every 24 hours) 

Yes 

Yes 

Create Configuration Manager applications from store apps 

Yes 

Yes 

Support for free apps from the store 

Yes 

Yes 

Support for paid apps from the store 

No 

YesNote 1 

Support required deployments to user or device collections 

Yes 

Yes 

Support available deployments to user or device collections 

Yes 

Yes 

Support line-of-business apps from the store 

Yes 

Yes 

Provision a store app for all users on a device 

Yes 

Yes 

 

Note 1:  

Windows 10, version 1703 or later. 

Once Microsoft Store for Business (MSfB) is integrated with SCCM, the apps will get automatically synced from MSfB to ConfigMgr. View these apps in the MECM console, and deploy them like you deploy any other apps. 

MECM and App store will automatically sync every 10 min. 

Procedure: 

  • Create MS Store App in MECM Console\Azure Service Administration workspace\Azure Services, right click 

>  Configure Azure Services 

TanTran_26-1626150869845.png

>  Sign in with your Azure Global Admin Credential 

>  Create Azure App for MSStore 

 

TanTran_27-1626150980173.png

>  Choose the language for App: 

 

TanTran_28-1626151068846.png

 >  Add the online/offline Apps in the store and create the same in MECM as an application 

 >  Synchronize MS Store Apps to MECM,  

 >  Check the last sync status: succeeded 

TanTran_17-1626150084901.png

 

Troubleshooting 

No permission for App shared folder 

>  Check log WsfbSyncWorker.log in Configuration Manager\Logs folder: 

TanTran_29-1626151275582.png

>  Add share and security NTFS permission for the App shared folder 

 

Unauthorized access to business store 

TanTran_30-1626151438759.png>  Check admin permissions on the store, In Manage\Settings 

 

TanTran_31-1626151587460.png

 

>  In Microsoft Store for Business, go to Settings\Distribute\Management Tools 

 

Make sure the status of ConfigMgrMSStore is Active as shown here: 

TanTran_32-1626151663891.png

 

>  Make sure the is no blocked access by Windows Firewall or Network Proxy Firewall to Microsoft Store URL on port 443, https as per Microsoft document. 

>  Wait for 10 minutes for the next synced cycle to be kicked in and check the Console, refresh WSfBSyncWorker.log if the error is clear now: 

TanTran_33-1626151781549.png

>  Checking WSfBSyncWorker.log if there is no current error: 

 

More Troubleshooting here 

Associate your Microsoft Store for Business account with Intune

Before you enable synchronization in the Intune console, you must configure your store account to use Intune as a management tool:

  1. Ensure that you sign into the Microsoft Store for Business using the same tenant account you use to sign into Intune.
  2. In the Business Store, choose the Manage tab, select Settings, and choose the Distribute tab.
  3. If you don't specifically have Microsoft Intune available as a mobile device management tool, choose Add management tool to add Microsoft Intune. If you don't have Microsoft Intune activated as your mobile device management tool, click Activate next to Microsoft Intune. Note that you should activate Microsoft Intune rather than Microsoft Intune Enrollment.TanTran_23-1626150332621.png
 

Configure synchronization

  1. Sign in to the Microsoft Endpoint Manager admin center.
  2. Select Tenant administration > Connectors and tokens > Microsoft Store for Business.
  3. Click Enable.
  4. If you haven't already done so, click the link to sign up for the Microsoft Store for Business and associate your account as detailed previously.
  5. From the Language drop-down list, choose the language in which apps from the Microsoft Store for Business are displayed in the portal. Regardless of the language in which they are displayed, they are installed in the end user's language when available.
  6. Click Sync to get the apps you've purchased from the Microsoft Store into Intune.

Synchronize apps

If you've already associated your Microsoft Store for Business account with your Intune admin credentials, you can manually sync your Microsoft Store for Business apps with Intune using the following steps.

  1. Select Tenant administration > Connectors and tokens > Microsoft Store for Business.
  2. Click Sync to get the apps you've purchased from the Microsoft Store into Intune.

 Note

Apps with encrypted app packages are currently not supported and will not be synchronized to Intune.

Assign apps

You assign apps from the store in the same way you assign any other Intune app. For more information, see How to assign apps to groups with Microsoft Intune.

Offline apps can be targeted to user groups, device groups, or groups with users and devices. Offline apps can be installed for a specific user on a device or for all users on a device.

When you assign a Microsoft Store for Business app, a license is used by each user who installs the app. If you use all of the available licenses for an assigned app, you cannot assign any more copies. Take one of the following actions:

  • Uninstall the app from some devices.
  • Reduce the scope of the current assignment, targeting only the users you have sufficient licenses for.
  • Buy more copies of the app from the Microsoft Store for Business.

Remove apps

To remove an app that is synced from the Microsoft Store for Business, you need to log into the Microsoft Store for Business and refund the app. The process is the same whether the app is free or not. For a free app, the store will refund $0. The example below shows a refund for a free app.

 

TanTran_1-1626154709549.png

 

 

Windows 11 and Microsoft Store 

Introducing a new Microsoft Store

According to Windows 11 blog, The new Microsoft Store is coming soon to both Windows 11 and Windows 10. It will help you discover and install the best apps, games, movies and even special offers – like unique movie discounts for Xbox Game Pass members. All the content in the Microsoft Store is tested for security, family safety and device compatibility.

Program Team has redesigned the Microsoft Store from the ground up, making space for more content, keeping the user experience simple and responsive. Here’s a sneak preview at some of the features coming over the next few months:

  • Get introduced to the best apps and games with curated stories and collections
  • Run your favorite Android mobile games and apps on Windows

-  a partnership with Amazon to bring their catalog of Android apps and games to Windows.

-  Windows customers will be able to discover Android apps in the Microsoft Store, and acquire them through the Amazon      Appstore.

 

Android-revised2x-1024.gif

  • A “pop-up” store that helps install apps from the web

With the new pop-up store, we are making it easy to install apps from the browser; when you click a Microsoft Store download badge on a web page, the Microsoft Store will pop up to manage the install – without pulling you away from what you were doing.

 

A more open Microsoft Store for developers

 

PWABuilder-1024-1.gif

  • Support for more types of apps

Starting today, Windows developers can publish any kind of app, regardless of app framework and packaging technology – such as Win32, .NET, UWP, Xamarin, Electron, React Native, Java and even Progressive Web Apps. Developers can sign-up here to publish desktop apps, or build and package PWAs using MS latest open-source tool PWABuilder 3.

  • Flexibility and choice of commerce platform

Many developers love the Microsoft Commerce platform because of its simplicity, global distribution, platform integration and its competitive revenue share terms at 85/15 for apps and 88/12 for games.

Starting July 28, app developers will also have an option to bring their own or a third party commerce platform in their apps, and if they do so they don’t need to pay Microsoft any fee. They can keep 100% of their revenue.

 

I hope the information in this techblog is useful for your Private Store Integration's deployment

Thanks for reading this article, until next time.

 

 Reference: 

 

 

 

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.