Microsoft has now released all the parts they promised back in March of 2023. On the first of February, a lot of cool things saw the light of day without the preview label. We initially saw Endpoint Privilege Management and Remote Help as part of the Intune Suite, with Advanced Analytics, Cloud PKI, Enterprise App Management and Microsoft Tunnel for MAM.
In this post, we will focus on the Enterprise App Management feature which will help IT admins to keep their applications up to date by using a managed catalog of applications (much like SCAPMANN, PatchMyPC and such).
Before we begin. If you have never heard of the Intune Suite, it is a bundle of premium add-ons for Intune making it even more powerful by unlocking new functionality.
What is Enterprise App Management?
Enterprise App Management is a catalog of third-party applications, applications not developed by Microsoft, which is provided in a simple store-like manner in Intune. The catalog today consist of a little over 90 applications which are maintained by the Microsoft service, a list that will hopefully grow over time adding even more applications. The Enterprise App Management service takes care of both packaging the initial application but also managing any updates released fot the application, streamlining the work for the application team!
The concept behind this, is to ease the workload for application administrators not having to package all applications. The easiest way to position this is to think of it as a time saving tool, our packaging team won’t have to care about packaging the simpler applications which might be updated quite frequently. They can instead focus on the more unique and complex applications for the organisation.
Enterprise App Mangement comes in the Intune Suite bundle or can be purchased separately as a stand alone service. What is important to keep in mind here is to make sure you buy enough licenses to cover all your users since it’s licensed based on users in your environment.
How to get started?
Once you have made sure that you have the licenses for either the Intune Suite or Enterprise App Management (you can activate a 90 day trial in the licensing portal to test it out), you can use the new option in the App type for Windows in Microsoft Intune.
At the bottom you will see a new option, Enterprise App Catalog app, which is the Enterprise App Management service!
Once you have selected this as the app type, you will get a reminder that you need to obtain the correct licensing for the service.
When you add an application from the Enterprise App Catalog, it will be added as a Win32 app, but called Windows catalog app. To select your app, simply click “Search the Enterprise App Catalog“.
You will now see the full list of apps in a fly-out menu to the right where you can select the app you need.
In this example, we will select 7zip as the application we want to deploy. When we have chosen our app, we click “Next” at the bottom of the screen.
In the next step we can select which version of the app we need, for 7Zip there is only one version. Click “Select” at the bottom of the screen when you have chosen your version.
When we have chosen our application, the application information will be pre-populated. If you do not need to do any modifications to the app information, just click “Next” at the bottom of the screen.
You can now notice that the install- and uninstall command for the application has automatically been added, and also the return codes.
Next page is as always for Win32 apps the requirements where we can add any additional requirements we have identified. As you can see, the mandatory fields will be pre-populated and we can just move to the next step.
What I really like is that the service also add detections rules for the app. So just hit “Next” to move to the last step!
What is a bit different from adding your own applications is that you never add the assignments as part of this initial step. So last step is “Review and Create”. Once the application has been created, you will be able to add assignments to your app. Now click “Add app” to finish the process.
The app will now be created, which takes just a few seconds, not even enough time to go and refill that coffee cup you just finished!
Once the app has been added, you can add assignments just as any other app by going to Properties on the app and add your target groups.
Updating an application
Enterprise App Management is created to keep your applications updated. The service will utilize self-updating features of the applications where ever possible to minimize the effort from an admin side. If self-updating is enabled for the app, it will automatically be updated on the client.
If self-updating is not available for the app, a new version of the app will added with the needed superseedence relations for it to be replaced, mening that you will have both the new and the old version visible in Microsoft Intune.
Do you want to read more? Check out this Microsoft articles:
