This week is sort of a follow-up on the earlier post about new Microsoft Intune Suite add-on capabilities. That time it was around the early capabilities, like Endpoint Privilege Management, the first glimpses of Advanced Analytics, and Microsoft Tunnel for MAM. This time it’s about Enterprise App Management. Enterprise App Management provides organizations with an applications catalog that contains apps that are prepared by Microsoft. Those apps are all Win32 apps that are wrapped and hosted by Microsoft. That can further simplify management and makes sure that the lifecycle of apps is getting better under control. That means more structural updates of apps, which makes sure that the environment gets more secure. This post will start with a further introduction about Enterprise App Management, followed with the steps to add apps from the Enterprise App Catalog. This post will end with the update behavior of apps from the Enterprise App Catalog.
Note: At the moment of writing the size of the Enterprise App Catalog is still limited, but will definitely grow over time.
Introducing Enterprise App Management
Enterprise App Management is mainly an IT feature, as the end-user should not notice anything about it. It helps IT administrators with streamlining app management and getting control of the app management process. Besides that, it helps IT administrators with staying current with updates, by providing the ability to easily create apps for newer versions. Together, that provides IT with more control over the app lifecycle. More control over the security of apps.
The Enterprise App Catalog contains the Win32 apps that are prepared and hosted by Microsoft. Microsoft will basically wrap the installation files (EXE, or MSI) of those apps and create everything that is required to add the app as a Win32 app into Microsoft Intune. Besides that, when adding an app from the Enterprise App Catalog to Microsoft Intune, it will be added with a whole lot of pre-filled installation details. That includes the install and uninstall commands, the installation behavior, the return codes, and more. Besides that, also detection rules and requirements will be pre-filled. All of that will make sure that the process of adding apps to Microsoft Intune gets hugely simplified. A lot less for IT to test and figure out.
All of the pre-filled information of the apps from the Enterprise App Catalog, can be adjusted by the IT administrator when adding the app to Microsoft Intune. So, when for example a specific installation property is required that can be simply added to the installation command line. Of course the recommendation is to use the pre-filled information, as that has been tested. As these apps are added as Win32 apps, the deployment will be handled by the Intune Management Extension. Just like any other Win32 app. After adding the apps to Microsoft Intune, the assignments and supersedence relationships can be created.
Adding an app from the Enterprise App Catalog
When looking at adding an app from the Enterprise App Catalog to Microsoft Intune, the process is actually pretty straight forward. The following 9 steps will walk through the process of adding Mozilla Firefox as an example app from the catalog.
- Open the Microsoft Intune admin center portal and navigate to Apps > All apps
- On the Apps | All apps page, click Add > Enterprise App Catalog app and click Select
- On the App information page, as shown below in Figure 1 and Figure 2, click on Search the Enterprise App Catalog to search for the required app in the Enterprise App Catalog, select the required app and version, and click Next
- On the expanded App information page, as shown below in Figure 3, verify at least the pre-filled information for the required fields of Name, Description and Publisher and click Next
Note: At the moment of writing the pre-filled information does not contain the icon of the app.
- On the Program page, as shown below in Figure 4, verify at least the following (pre-filled) information and click Next
- Install command (1): Verify the pre-filled installation command line and make adjustments when really needed
- Uninstall command (2): Verify the pre-filled uninstall command line and make adjustments when really needed
- Installation time required (3): Configure the time that is required for the installation of the app
- Allow available uninstall (4): Configure if the uninstall is available for users
- Device restart behavior (5): Configure the device restart behavior for the app
- Specify return codes to indicate post-installation behavior (6): Verify the minimal pre-filled return codes
Note: Unlike normal Win32 apps, for Enterprise App Catalog apps Allow available uninstall is by default set to Yes.
- On the Requirements page, as shown below in Figure 5, verify at least the following pre-filled information and click Next
- Operating system architecture (1): Verify the pre-filled operating system architecture
- Minimum operating system (2): Verify the pre-filled minimum operating system
Note: Keep in mind that Enterprise App Management only supports 64-bit versions of Windows.
- On the Detection rules page, as shown below in Figure 6, verify at least the following pre-filled information and click Next
- Rule format: Verify that the manual configuration is pre-filled for detection of the app
- Rule (1): Verify that the detection rule(s) is pre-filled for the detection of the app
- On the Scope tags page, (optionally) configure any required scope tags and click Next
- On the Review + create page, verify the provided configuration and click Create
Updating an app from the Enterprise App Catalog
After adding the Win32 app from the Enterprise App Catalog to Microsoft Intune, it can be assigned like any other Win32 app. Besides that, the early articles about Enterprise App Management show that there will be a report that shows updates for apps that are added from the Enterprise App Catalog. That will provide a clear overview when there are new versions available. That is, however, not the same as updating the app on the client device. When possible, the apps from the Enterprise App Catalog are (configured to be) self-updating. So, when an update is available for the client device, it will automatically update. Below in Figure 7, is an example of Mozilla Firefox that is a self-updating app.
When a new version is available via the Enterprise App Catalog, that new version can be added to Microsoft Intune. And supersedence relations can be used for the deployment of those new versions. Besides that, apps that are coming from the Enterprise App Catalog will always check for its current version or later, as the detection of the app on the client device (as clearly shown above in Figure 7). That makes sure that new versions from the Enterprise App Catalog work together with the self-updating on the client device.
More information
For more information about the Intune Suite add-on capabilities and Enterprise App Management, refer to the following docs.
Thank you very much, excellent post and managed to clarify my doubts. 😉
That’s good to hear.
Regards, Peter
Is there similar Catalog available in SCCM.
No, this is Intune only. And when using co-management, the same logic applies as to other Win32 apps.
Regards, Peter
Hi Peter,
What about language version. Are they available too or is it English only at the moment? Eg Abobe Reader DC NL (Dutch) would be required by most of our customer base.
Thanks, Sander
Hi Sander,
The apps are when possible available in multiple languages. In the example screenshot I specifically searched for English, but Firefox is also available in Dutch.
Regards, Peter
I don’t have the Enterprise App Catalog option, what am I missing? Do I need a E* license? I only have B. Premium.
Hi Arnold,
Enterprise App Management is part of the Intune Suite and requires separate Intune Suite licensing (or solution specific).
Regards, Peter
As a small organisation (circa 120 client devices) all managed through Intune, we recently deployed PatchMyPC which whilst not a ‘cloud’ solution is very comprehensive once setup.
My initial thoughts on the Microsoft Solution is that there is a long way for it to go before it can match PatchMyPC. I also understand’ that PatchMyPC might be offering a ‘cloud’ web based solution in the future which would be great.
Keeping applications up to date on devices is a on-going security challenge and solutions like this are key, for small IT departments easy of use is key.
Great article Peter.
Hi Mark,
Totally agree. At this moment there is a lot of catching up to do, but it’s definitely a good start. The main thing on short term is to grow the catalog.
Regards, Peter
Is there some place where I can find out which apps are included in this enterprise catalog before I decide to buy the license?
Also, do only the admins need a license or also the users that get the enterprise app installed on their device?
Hi Matthias,
I haven’t seen an official doc (yet) that lists all the apps, but I’ve seen people posting exports. Besides that, you can also use a trial license to get a feeling with the product and see what’s all included.
I would expect the users to be licensed, but I can’t find an official statement.
Regards, Peter