Simon May

Client and cloud

April, 2013

  • The Deployment Sessions–007: How To Sideload on Windows 8 Enterprise from Windows Intune

    In this Deployment Sessions video I take a look at how to use Windows Intune to Sideload a Windows 8 app or Appx package (formerly metro app) onto a Windows 8 Enterprise device. Sideloading is the process of taking the appx package form the developer and loading the app onto the device without submitting the app to the store, so it’s the process commonly used for Line of Business (LoB) apps.

    The videos is, as always, split into sections:

    1. Create the App in Windows Intune, IT Pro view [00:33]
      1. Add the software to Windows Intune [00:51]
      2. Configure how the app appears on the company portal [01:35]
      3. Deploy the app to end users [02:30]
    2. Enrol Windows 8 Enterprise devices into Windows Intune, End user view [02:57]
      1. Browse to portal.manage.microsoft.com [03:00]
      2. Install the client software from Windows Intune [03:57]
      3. Go to the Company Portal [05:06]
      4. Install the Company Portal Modern App [05:56]
      5. Launch the Company Portal [06:18]
    3. Install the Sideloaded app [07:00]
    The Deployment Sessions–007: How To Sideload on Windows 8 Enterprise from Windows Intune

    To create the app that I used for sidelaoding I went to ZipApp  and created a simple app for free, then used the package created by Visual Studio in this video.

    A couple of other technical notes, I was using Windows 8 Enterprise, which doesn’t require a sideloading key to sideload apps, if you want to use Windows 8 Pro then subscribe to the rss feed and take a look at future videos in this series. My AD has the required GPOs for sideloading enabled too.

    If you want to see more videos like these then check out The Deployment Sessions and please Like the YouTube videos.

  • The Deployment Sessions-008: Deeplinking a Windows Store & Installing on Windows 8 Using Windows Intune

    In this deployment sessions video I take a look at the Deeplinking process using Windows Intune to install an app on Windows 8. The deeplinking process essentially lets you place apps from the Windows Store in your own company store, or Company Portal – essentially letting you curate the best Windows Store apps for your users. You don’t need the code just a link to the app in the Windows Store, so there is nothing for you to store on your servers or in your cloud and the app publisher keeps the app up to date through the Windows Store.

    The videos is, as always, split into sections:

    1. Find the app in the Windows Store – admin side [00:17]
      1. Get a ink to the app [00:44]
    2. Create the app in Windows Intune – admin side [01:14]
      1. Add the app [01:25]
      2. Deploy the app [02:31]
    3. Enroll the Windows 8 device into Windows Intune – user side [03:54]
    4. Install the app [07:55]

     

     

    The Deployment Sessions-008: Deeplinking a Windows Store & Installing on Windows 8 Using Windows Intune

    If you want to see more videos like these then check out The Deployment Sessions and please Like the YouTube videos.

  • The Deployment Sessions-009: Deeplinking a Windows Store app on Windows RT from Windows Intune

    In this deployment sessions video I take a look at the Deeplinking process using Windows Intune to install an app on Windows RT. The deeplinking process essentially lets you place apps from the Windows Store in your own company store, or Company Portal – essentially letting you curate the best Windows Store apps for your users. You don’t need the code just a link to the app in the Windows Store, so there is nothing for you to store on your servers or in your cloud and the app publisher keeps the app up to date through the Windows Store.

    The videos is, as always, split into sections:

    1. Find the app in the Windows Store – admin side [00:19]
      1. Get a ink to the app [00:54]
    2. Create the app in Windows Intune – admin side [01:09]
      1. Add the app [01:23]
      2. Deploy the app [03:30]
    3. Enroll the Windows 8 device into Windows Intune – user side [03:54]
    4. Install the app [06:01]

     

    The Deployment Sessions-009: Deeplinking a Windows Store app on Windows RT from Windows Intune

     

    If you want to see more videos like these then check out The Deployment Sessions and please Like the YouTube videos.

  • The Deployment Sessions–006: Sideloading on Windows RT with Windows Intune

    So far in this series we’ve looked at Sideloading and deeplinking apps using System Center Configuration Manager 2012 SP1 and Windows Intune linked together. In this and the next few videos we’ll take a look at using Windows Intune only, in isolation from Configuration Manager. This will be the preferred method for those companies that want to sideload a LoB application but don’t want to deploy Config Manager.

    This video is split into sections:

    1. The  admin side, setting up Windows Intune for deploying to Windows RT [0:26]
      1. Configure the Mobile Device Authority [0:49]
      2. Configure DNS for the enrollment server address [01:09]
      3. Add Sideloading Keys [01:30]
      4. Add a code-signing certificate [01:48]
    2. The admin side, setting up the app [02:25]
      1. Create and upload the appx package [02:45]
      2. Edit the appx package [04:49]
      3. Deploy the sideloaded app to our users [05:21]
    3. The end user experience, enrolling the device [06:00]
      1. Enroll the Windows RT device into Windows Intune and install the Company Portal app from the Windows Store [06:01]
    4. The end user experience, installing the sideloaded app [08:09]
      1. Install the sideloaded app from the Company Portal and run it [08:09]
    The Deployment Sessions–006: Sideloading on Windows RT with Windows Intune

    To give this a try signup for a trial Windows Intune account at windowsintune.com. You might also want to watch the other videos in this series on The Deployment Sessions mini-site and please Like the YouTube video if you do.

  • How To: Deploy modern apps for Windows 8 and Windows RT with Configuration Manager

    sideloadingAt first glance you could be forgiven for thinking that deploying a Windows 8 to a bunch of enterprise devices is hard, complex or time consuming. The reality is that Windows 8 apps are actually quite easy to deploy once you understand the basic requirements and methods for deployment. The nomenclature that we use here has changed a little since the source of our apps has changed with the Windows Store. Deeplinking is the process of deploying an advertisement through a company portal that an app is available (or recommended you could say) for installation by your company, the application package remains in the store. Sideloading is the process of taking the application package provided to you by your in house Line of Business (LoB) developers or a 3rd party software vendor (ISV). Let’s take a look at both more carefully.

    Requirements for modern UI apps

    Before we look too deeply (pun intended) at Deeplinking and Sideloading lets look at the requirements for successful installation of a Windows 8 app.

    • First you need the appx package files – for store apps these are provided through the Windows Store.
    • Second your device needs to trust the signer of the code signing certificate that was used to sign the package, this helps prevents the package from being interfered with, in the case of an app obtained from the Windows Store the Windows Store signs the app and this is trusted by default on all Windows 8 / Windows RT devices.
    • Finally any dependancies need to be available, apps created using WinJS, i.e. those created with HTML5 more commonly have the WinJS dependency included with them.
    • To install from the Windows Store you need to have a Microsoft account registered with the Windows Store app (note you don’t have to have it linked to your domain account, which is different).

    With that understood lets take a look at how we install an app on a device. Typically a user finds the app in the Windows Store and taps Install or Buy, both of which start the app installation although Buy obviously also completes a purchase transaction with the Windows Store. The key thing though is that installing and buying an app are essentially the same process – essentially the user is consenting to the install, and more importantly they are consenting to the association of the app with their personal Microsoft account.

    Deeplinking

    Now lets consider the Deeplinking process. Deeplinking can be performed using either System Center Configuration Manager 2012 SP1 or Windows Intune for Windows 8 devices. For Windows RT devices System Center Configuration Manager 2012 SP1 can be linked up with Windows Intune to support deeplinking. The two products can also be linked to support Windows 8 clients if you want to centralise management too. I’ve created a series of videos, The Deployment Sessions, that explain how to make the links required and how do the deployments.

    Once you’ve decided upon your deployment targets and your deployment method it’s time to build your deployment. The first thing you’ll need to do is to designate a device as your reference device, just as you would for any other type of applications packaging. In this case though you won’t need to run a monitor app to capture what the app is doing. Simply go to the Windows Store and install the app. Now go to a Configuration Manager console and create an application in the Software Library making sure to select Windows app package (in the Windows Store). You’ll then be asked to specify the location which you do by connecting to your reference computer by name (you’ll need to have run winrm quickconfig on the reference machine first). The wizard will return a list of all the apps installed on the device, then simply select the app you need, complete the Wizard and deploy just like you would any other (msi or App-V) application. Whilst completing the deployment wizard you’ll be able to say if the app should be available or required, normally a required app will be installed for the user and an available app will just appear in the Configuration Manager Application Catalog. However with deeplinked apps this isn’t the case.

    When deeplinking in Config Manager 2012 SP1 a required installation will still need user interaction, the store will open for them to the right app but they will have to click / tap Install. This is because the app is being added to their personal Microsoft account so they need to consent. Required then becomes a constant reminder to the user to install the app, and arguably this looses it’s value. Most users are today comfortable with the idea of a store, the device in their pocket almost certainly has one, so self service should be a key consideration in your deployment plan.

    Deeplinking with Windows Intune differs from the above in that you don’t need to install the app onto the reference device, you simply need to get the URL for the app from the Windows Store. There are a couple of ways to achieve this, but I commonly email the app to myself using the Share charm. You will also notice that available is the only option within Windows Intune for a deeplinked app.

    The only other thing to mention on deeplinking is that it’s available on platforms other than Windows. Deeplinking works for Windows 8, Windows RT, Windows Phone 8 and also for Android from Google Play and for iOS devices from the Apple App Store.

    Sideloading

    Lets take a look at the Sideloading process. Sideloading is the business of taking an Appx Package which is generated from Visual Studio at build time and installing that package onto a target device. The appx package is signed at the time of building the app by the developer, usually with a certificate issued by your enterprise CA but a certificate issued by any trusted CA can be used. This type of deployment is most commonly used for Line of Business (LoB) apps. As with Deeplinking both Windows Intune and System Center Configuration Manager 2012 Sp1 can be used but also PowerShell can be used.

    The first step to Sideloading is to obtain the appx package and to place it on a share that you can access from Configuration Manager or from Windows Intune. The second step is to add the app into the Configuration Manager console and create an application in the Software Library making sure to select Windows app package (appx file). You’ll then be asked to specify the location of the appx file and specify details about the app. You’ll then need to deploy the app to a collection of users that you want to have access to it. If you want you can also add the app to any Task Sequences you use to deploy your operating systems.

    If you’ve chosen to do your deployment to a Windows RT device using Windows Intune and you’re using an enterprise CA to sign the Appx package you’ll need to provide that certificate to your Windows RT devices since they cannot join your domain. Windows Intune takes care of this for you and if you’ve got your Windows Intune account linked to Configuration Manager you can add the certificate you’ll use to sign your apps through the Windows RT tab of your Windows Intune subscription in the Hierarchy Configuration node of the Administration Workspace. Once provided this certificate will be automatically added to your Windows RT device. You’ll also need to provide a Sideloading Product Key which is available from the Volume Licensing Portal in the same place and again Windows Intune will allocate a key and enable sideloading on any enrolled Windows RT devices.

    I’ve created an ongoing series of videos on my blog entitled The Deployment Sessions that will walk you through most of the permutations of deployment of Windows 8 apps, using Configuration Manager 2012 Sp1 and Windows Intune.