img img
Practice Exams:
View All
  • Home
  • MD-101 Managing Modern Desktops – Managing and Deploying Apps and Data Part 1

MD-101 Managing Modern Desktops – Managing and Deploying Apps and Data Part 1

  1. Assigning apps using Intune

Let’s take some time now and talk about the capabilities of Intune in regards to the way it deploys apps. So one of the great features about Intune, not only can we configure all these settings on devices and make sure they’re compliant and all that fun stuff, we can also actually manage apps. So remember that Intune, with the help of Endpoint Manager here, has the ability, ability to support not just MDM mobile Device management, but also Mam, which is mobile application management. We’re going to come over here on the left, all right? And we’re going to click apps from there. You can see first there’s a blade here that says all apps. So I can click on that, and I can actually see any apps that are already in my environment.

You can see I’ve got Excel OneNote PowerPoint sway word mobile These are all online apps, okay? And then if I look down here, I’ve got it says By Platform, right? So I can actually deploy apps involving Windows, iOS, iPad. So this is iPhones, iPads, all that macOS and Android. All right? So I can actually deploy apps to any of these that I want. We’ll take a look at Windows first, all right? And then from there, I can click to add and then select the platform or select the app type. You can do what’s called a Store app. I’ll be talking about Store more later, but you can add what’s called a Store app that shows up in the Microsoft Store, the Phone 81 Store app. That’s the older store apps. You have Windows Ten apps that are directly built for Windows Ten. You have apps that run through Edge, the web browser, okay? And then below that, you can do what is called a web link.

This is going to link to an app. It’s going to be a URL. Basically, it’s going to link to an app or Uri Uniform Resource Identifier. And then you got a line of business app that’s a custom app. And this is where you can actually side load an app. So side loading involves the ability to install an app directly on a device and not have to go through any kind of an app store or any of that. Okay? So imagine your company was to create its own applications, like a line of business app. A line of business app is an app that’s built just for your company. It’s built for some specific purpose or need that your company has. It’s not an app usually we’re selling, it’s an app just built for our company, right? So that’s a line of business app. We could develop that. We could actually deploy that through this as well.

That’s called side loading. So it’d be a line of business app that we want to side load onto our devices, not go through any kind of a store or any of that. And then lastly, you’ve got this Win 32 app option. So this is cool. You can actually deploy older apps. You can actually deploy legacy apps using Intune. Okay, so that’s what that’s going to do for you. It’s going to let you attach Executable. There’s a couple of things you have to do to it, but you do have the ability todeploy those legacy apps if you want. Okay? Now let’s jump over. Let’s go back over here to where it says apps. And we’re going to go to iOS, iPad OS, and let’s click on Add there and look at our options in. Okay, you got iOS Store app. You can select. You can do a web link for that one. You can also specify some of the built in apps.

That’s kind of weird because you’re sort of like, well, wait a minute, doesn’t my phone, my Apple phone or whatever come with the built in apps like Calculator and things like that? Yeah, there’s ways for people to remove those, though. This is a way of forcing those things back on their device if you want. Then down here you got line of business apps. The same thing. You had an Apple device. You could actually develop a line of business app for it and deploy that if you wanted. Okay, so from there, we’ll come over here and we’ll look at macOS, the same kind of deal. Come here. You click Add, drop the list down. You got Microsoft 365 apps available for macOS, Edge, believe it or not, defender, ATP. That’s the advanced threat protection. All right, so there’s apps specifically for that.

We haven’t really spent much time talking about that yet, but there’s more on ATP, Defender and all that. As we go along here. We got web link again. So if I just want to link to a web link on a web server that’s going to install an app, I can do that. Okay, keep in mind, I’m sorry, apple requires you to have everything digitally signed. So there are a few requirements for that to happen. And then a line of business app, which we’ve talked about. All right. And so finally, let’s go. Now we’ll look at Android. So click on Android. All right, we’ll click Add on that. Drop this down. You got the Android store. So Android Store app, that’s a built for the store, but you’re not actually going through the Google Play Store. So then you can go through the Google Play Store manage Google Play Store app if you want. All right, down here you got a web link, a built in app.

These are for Android built in apps, line of business. And you also have what’s known as Android Enterprises system apps. That’s an enterprise based Android application that can be deployed. All right, so those are your Android applications. All right, so those are your four different platforms that we support. Currently we have no support, unfortunately, for Linux, although there are ways to deploy some scripts that could have linux deployed, but you have to go through like, a Windows machine or something in order to do it. So a few things there you can do, but unfortunately, we don’t have a lot of support for that yet. So we have Windows, we have iOS, iPad, OS, Mac OS and Android. So in my next little lesson that I’m going to do with you guys, I’m actually going to go through the process of deploying an app.

  1. Deploying apps to a group of devices using Intune

In this lesson. What we’re going to do is we’re going to create some groups that will pertain to the different device types we have. We’re going to have devices get dynamically added to those groups based on the operating system that’s running on the device. And then we’re going to go into apps, and we’re going to see how we can deploy some apps down to one of our groups, OK? So we’re going to come over here to the groups blade down here, and we’re going to create a new group. So I’m going to click to do a new group. This is going to be a security group, okay? The first group, I’m going to name this group Windows Devices. We’re going to make this Device group, but it’s going to be a dynamic device group. From there, we’re going to add a query, all right? And the property we’re going to go with is going to be Device OS type, okay? And we’re going to say equal to Windows, all right? Just like that.

So we created our first expression. You’ll see what it looks like right here. We could add additional properties if we wanted to. I’m going to click Save, all right? And we’re going to click to create that first group, all right, so that’s our Windows Devices. That takes care of them. We’re now going to create another group security group. This is going to be called Android Devices, all right? And we’re going to click here and do assign dynamic device. And we’re going to set our query. Same thing. We’re going to set the property to Device OS type. We’re going to choose the operator is equal to, and then we’ll set the value as Android. That’s how it’s going to identify its operating system. We could go we could go further than that. We could add specific versions and all that, but we’re just going to say Android in general, okay? So we’ll create the group.

Now at that point, we’re going to click to do a new group. We’re going to do a security group. This is going to be Apple Devices, all right? And so we’ll say dynamic Device. We’re going to add the query here. We’re going to add a few things this time. So we’re going to do Device type. And we’re going to say equals two, all right? And we’re going to say Mac OS spelled just like that. That’s going to be our first expression. We’re going to add another expression. And this is going to be an or statement. So we’ll say Device type and we’ll say equals. And we’re going to put this is going to be iPad. Which oddly enough, the iPad is not really an operating system. It’s iOS. But that’s how it will identify itself, okay? And then we’re going to add one more expression.

This is going to be another or statement. We’ll say Device OS type is equal to and it’s going to be iPhone. All right, and spelled just like that. So we’ve got our Apple group. Now we’re going to click Save and we’re going to click to Create. Hopefully you see the point in that. So now as we start linking these types of devices into our environment, it’s going to automatically put those devices in those groups based on a query. We’ve talked about groups before, so hopefully that’s nothing new to you, all right? But now what we’re going to do is we’re going to go over here to apps. We’re actually just going to deploy to Windows, all right? And we’re going to go up here to click Add. We’re going to select our app type. We’re going to do the Office 365 apps for Windows Ten. So we’re going to select that.

All right, it’s going to fill in this information for you. The suite name, suite description, category. You could alter some of this. Some of it. You can alter it because Microsoft obviously owns the product and they won’t let you alter all of it. But you can alter some things. You can even have it show in the company portal as a featured app if you want. You can have update privacy URL and information URL if somebody needs help you can add notes down here. I’m going to click next. You can specify the format. You want to select all this. This is called the configuration designer format. Right here. You could, if you’re an XML genius, you can actually switch over to the XML view and you can type in XML. All right? But configuration designer is usually the option everybody goes with.

So you can select the apps that you want to make available that you want to actually have installed. Here’s the different apps that I’ve got available to install, all right, says select other Office Apps License. This is if I wanted to maybe do Project and Visio. If I have those licensed, I could actually install those as well. I can do 32 bit or 64 bit. Nowadays, most everybody’s doing 64 bit. You can specify the update channel that you want. We talked about updated update channels previously. All right, same for your operating system. You have with Office, you have update channels that gets into how frequently users are going to get their updates of Office.

All right, you can have it remove older versions if you wanted. You could have it installed the latest version of Office, or you could have a specific version of Office installed. You can have shared computer activation, which means if you have multiple people using the computer computer, they can each activate Office. All right, you can go ahead and accept the license terms if you want, or you can make the user do that when they sign on, which is what I’m going to do. I’m going to choose no, so they’re going to have to do it. You can select the languages if you want. I’m going to hit next. All right. From here it’s going to let me go through the process of assigning groups. Okay? So I can go here. I could say add a group. All right, specify the group that I want to add. Maybe I’m going to add the Windows devices. Group all right? So we’re going to select that.

All right? And you can say, so these are groups that I’ve got available here. I’ve got available for enrolled devices. So I can click that. This would be just devices that are enrolled in your environment. And you got to remember, here’s the thing. When it comes to Ma’am MDM and there’s Ma, you can actually still manage certain settings with Ma whether the device is enrolled or not. And we’re going to talk more about that when we get into the policy section here. But here’s the thing. Even if somebody does not enroll their phone or tablet or desktop computer and MDM, if they download Office and they use their Azure ad account, which is linked into Intune here, well, we can still control settings at least on that app. We may not be able to control settings on the entire operating system, but we can still control settings on the app. So that’s what that’s going to do for you.

All right. In this case, we’re just saying available for enrolled devices. So if we wanted, we could just select a group that just involves enrolled devices and not just anybody. So this is just basically saying everybody, whether they’re enrolled or not. This is saying just for enrolled. And then down here, this would be uninstalled. If I wanted to have this uninstalled off people’s devices, I could all right, so I’m going to click Next on that. I can review everything and if I’m happy with it, I can click to create. All right, so guys, that is how you actually deploy to Office. At that point, your devices, if they’re part of that group, they’re going to get that application. So if I go over here to Devices right now, I can actually go to all devices. And this device right here, this NYCL one, is going to eventually check in. Probably less than 15 minutes. He’ll check in and at that point he would get this application installed. You.

  1. Deploying apps by using Microsoft Store for Business

I’d like to go over another way that you can actually deploy apps in your environment using the Microsoft 365 Cloud Services. Okay, so this is called the Microsoft Store for business. And you’ll notice that the URL for that is businessstore Microsoft. com. Now what we are looking at is what I like to call the behind the scenes version of the store. This is the place where we admins can go and look at the different apps that are available that we can purchase for our users. Okay? But first off, what is the Store for business? The Store for Business is free, first off. Well, when I say free, it comes with your Microsoft 365 subscription, so it’s not going to cost you any extra money or any of that. The other thing I want to point out, this is not something where I’m going to sell apps. This is a place where we can purchase apps that we need for our users and make those apps available.

Okay? This is, again, this is getting into the modern thought process. And when you think about modern desktop admins, one of the buzz terms Microsoft likes to use now is self service. Self service means that we go on here, we purchase the apps that we want for them, make them available, and the users can go to the store and get the apps. So how do they go to the store? Well, actually, they can just open up their Microsoft Store app right here on their Windows Ten machine. They can scroll down and they can look. These are all personal apps that you’re seeing. So they’re going to see personal apps here. But once you set your store up and they are linked to your Azure ad environment, they’ll get a little menu option right here that has the name of your company. They can click on that and they’re only going to see the apps that you’ve made available to those users.

Okay? Again, what you’re seeing here, this is just the regular Microsoft Store. This is personal. You just have to have a Microsoft account for this. But once you’re linked to Azure ad and you’ve configured your store, you’ll actually have a menu option up here the user can use to get access to their apps. Okay? So the users are going to access their apps through the Microsoft Store app itself. That’s how they’re going to get in their store for business and they can install the apps. The other cool thing is normally users don’t have the ability to install apps on their computer, but they will have the ability to install these apps because these apps will get installed through the Windows Update service. And the Update service has admin rights, has the ability to install the app.

So when they click to install it, the Windows Update service is actually what’s going to install it. Okay, so let’s look at configuring this application. All right, so we’re going to come here now. And the first thing we’re going to do, we’re going to click Manage. And this is sort of the behind the scenes here of the store right here. I can click Settings and I’ve got some configuration options I can specify to allow users to shop if I actually want them to shop and ask to buy and purchase applications. They can submit request. I can have these different roles called purchaser roles. Actually, you can control permissions to who can do that right here if you click on the permissions blade, I can go and I can say a sign and I can assign roles and give people the ability to purchase apps.

Now me personally, this is sort of the way I like to do things as a consultant. A lot of times I don’t want to be handling the company credit card or any of that. So what I’ll do is I will talk to a finance person, the finance person, I’ll tell them exactly what apps they need to go get. They can go get the apps and I can give them, I can assign them the rights to be a purchaser if I want, give them the role to do that. All right? So that’s what that’s going to do for you. You can even have partners where you partner up with other companies and you can share licenses. You can specify your order history or see your order history here. Anything that’s been purchased, you can see billing and payments in the last three months or you can filter six months or in a specific range. You can see products and services up here.

These are all the apps that you’ve purchased down through the list here. And you can do quotes. This is kind of cool too. Like you could go to a company and say, hey, we’re going to buy 500 licenses of your app. Maybe they’re selling the app for 1499 and you’ll say to them, hey, if you could do 999, we’re going to purchase 500 copies. So they can quote you that you can accept the quote and then purchase it for that cost. So that’s another great little feature that you get. Something else I want to point out is this Devices Blade here. And I wanted to point out that with this Devices blade I have the ability to go through and actually see my devices that are tied to my Azure ad right now. All right? Right now it’s got a virtual machine serial number.

This is through autopilot. So that’s another thing to point out that you’ll see there’s an auto pilot autopilot deployment option here. So you might remember when going over Autopilot, we were able to import hardware IDs and all that. You can actually import hardware IDs for Autopilot through the store for business, oddly enough. So not only can you do it through Intune with the help of endpoint manager and all that, but you can actually do it through Autopilot, I can add the devices that can be managed through the store if I wanted to as well. Right here, I can say add devices. All right? And it’ll let me import CSV files and all that. So this is just the configuration, sort of the behind the scenes stuff. Let me show you where you go and actually purchase apps.

So I’ll go here, all right? I’m going to find an app that I want, maybe I would like to get Kali Linux. All right? So there’s Kali Linux. I’m going to purchase this app, all right? I’m going to hit close. It says, okay, it’s been added to my inventory. Now if I click on this right here, this company names, little company names, says Contoso. Here one of Microsoft’s little company names they like to use. But I can go through here and I can create collections if I want. The collections can then be assigned to people that I want to assign them to. So I’m going to go here and click Add Collection, and I’m going to create a collection called we’ll call it It, all right? And I’m going to add what I want to support here so I can add these different apps that I want, all right? I can click Done, and I can make those apps available to the It people, all right? So you can essentially go through and purchase an app and then it will show up in collections that Kali Linux will eventually show up here as well.

So it does take a moment before an app a lot of times will show up. See, there it is. It’s shown up now, so you can see how quickly it did take it a minute, but eventually it did show up and I could make it available. So here’s my it. If I want, I can edit the collection and if I want to add Kali Linux to that, I can. So then at that point, I can assign the collection to groups of users, all right? So hopefully that gives you guys an understanding of the store for business. It’s pretty easy to use. It’s another way to help deploy apps out there. And it’s a self service feature. And of course we admins love that because it means we don’t have to manually deploy things and deal with all the madness that’s involved there. We can just say, hey, go to the store for business and you can get the apps that you need.

Related posts:

  1. 6 Golden Rules to Follow: Ace Your Certification Exam with Ease!
  2. Chief In-Demand Tech Skills 2018
  3. Main Certification Paths Every System Administrator Should Pursue
  4. Make Your First Step in IT with Microsoft Certifications
  5. SY0-501 Section 1.4 – Given a scenario, implement common protocols and services.
  6. Top 10 Paying IT Careers
  7. Top 5 Agile Certifications You Should Pursue in 2020
  8. Top Security Certifications
  9. What New Features Should You Expect in Java 13?
  10. Which Project Management Certification Suits You

Popular posts

Top Vendors On The IT Certification Market

Case Study Hillary’s HillRaisers raising cash for Obama inauguration

Top 5 Agile Certifications You Should Pursue in 2020

SY0-501 Section 1.1- Implement security configuration parameters on network devices and other technologies.

Your Best Career Path With EC-Council Certification

Job Opportunities For MCSE Certification

First Day at a New IT Job: Do’s and Don’ts to Master Your New Role

Reasons To Get Microsoft MCSA Certification

SY0-501 Section 3.2- Summarize various types of attacks.

SY0-501 Section 6.2- Given a scenario, use appropriate cryptographic methods.

Recent Posts

img