Commonly in Microsoft environments, we use Microsoft Endpoint Configuration Manager (MECM) to package and deploy applications on-premises. With modern management and cloud managed devices, how do we deploy applications to those devices? Using Microsoft Intune is how.
Microsoft Intune is typically thought of as being all about device management and mobile devices but it’s much more than that. Using Microsoft Intune we can deploy applications to Windows and macOS devices including traditional line of business executables or MSI installer packages.
In this post, we look through how you can configure Microsoft Intune to deploy applications to Windows and macOS devices, how you get started, and how users can access apps that are available to them.
How do we deploy applications with Microsoft Intune?
Using Microsoft Intune, the process for setting up a deployment for a Win32 or standard desktop application is much the same as that of setting up a deployment for an Android or an iOS mobile app. The primary difference is that we need to package the application in a manner that Microsoft Intune understands using the IntuneWinAppUtil wrapper application from GitHub at https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool.
Once packaged, you simply upload the file to Microsoft Intune and create the App in Intune to enable you to be able to deploy the applications.
What about storage for the packages?
The storage for application packages that you upload is covered at https://docs.microsoft.com/en-us/mem/intune/apps/apps-add#cloud-storage-space.
Simply put, if you are using a paid-for license for Microsoft Intune then the storage is free and there is no limit to the number of packages and the total size of the packages that you can upload.
If you are on a trial license for Microsoft Intune then you are limited to 2 GB of cloud storage, however, that limit will be lifted if you pay for the licenses.
The only limitations is on the size of the individual packages. The maximum size of each individual package can be no more than 8 GB.
When we compare this to running an on-premises Configuration Manager solution, this is a massive advantage that Intune has. When you run MECM on-premises, you have to feed and water those servers and you have to supply the storage which means the more packages you add, the more it requires. Not with Microsoft Intune though!
How are applications installed?
Deployed applications are installed in one of two ways: optional or mandatory. Mandatory apps will be automatically installed when the assigned deadline time is reached and the app will be automatically installed for the users and devices that it targets. Optional applications can be found and installed by the user via the Company Portal app.
Mandatory application deployments should be used when you always want a user or device to have an application installed such as a critical line-of-business application or a company-wide system. Optional apps can be set-up for applications which users may want to use to improve their productivity. We commonly see applications like Visual Studio Code, FileZilla, and more added here to allow users that need them, to install them.
Existing users of Microsoft Intune may already be familiar with the Company Portal app on mobile devices to allow a device to be enrolled and managed but you may not be familiar with it on Windows. The Company Portal app is available to be installed from the Microsoft Store or you can push it out to devices as part of a deployment from Intune to ensure it’s on your corporate devices.
Arcible recommends that organisations set-up the Company Portal app to be installed automatically on all their Windows devices so that users will always be able to access the optional apps via the Company Portal.
Moving to modern device management with Microsoft Intune
If you have Microsoft Endpoint Configuration Manager today you may be thinking with the ability to deploy applications along with all the other management capabilities, why do you need MECM and you’d be right.
Microsoft Intune is very capable and multi-talented. It allows you to manage on-premises devices and cloud managed devices. It allows you to manage Windows, MacOS, Android, and iOS. It allows you to apply various types of policy and configuration and then use that information to drive Conditional Access such as denying access to services on non-compliant devices.
If you are interested in moving from MECM to Microsoft Intune, using a hybrid set-up of MECM and Intune, or want to learn more about Microsoft Intune then reach out to us at Arcible and we would be happy to help you learn more through our Service Modernisation and Enterprise Mobility services.