Spotlight on Microsoft store integration with Intune
Table of Contents
Bryan Keller from Microsoft has written an insightful article explaining what modifications and functionalities we can expect and I will highlight some of them.
I'm confident that Microsoft Store for Business was intended to allow applications from any vendor to be published live, but vendors never really did. From a commercial standpoint, it makes sense that vendors maintain their applications on their own premises, but from a management perspective, this is awful.
It's important to remember this when you choose software for your business or tell your clients to do so.
- How many users must the software support?
- How do we update
- How do we manage (does it support policies)
- Have we trust in the publisher? (code signed certificate)
- Same is relevant for dependencies
Why is updating software important?
I looked up each security framework and took a quote from each one to help me understand how important it is to keep our software up to date. Too many companies put features first and are "afraid" of making changes. Every time we update our software, we might have to deal with new features. Since security updates come with feature updates, we are pretty much up against something we can't beat. Security always win over features.
What does each security framework recommend us?
Center for Internet Security (CIS)
07. Continuous Vulnerability Management. Develop a plan to continuously assess and track vulnerabilities on all enterprise assets within the enterprise’s infrastructure, in order to remediate, and minimize, the window of opportunity for attackers. Monitor public and private industry sources for new threat and vulnerability information.
National Center For Cyber Security (NFCS)
To prevent known vulnerabilities from being exploited, all of this software must be kept up to date. This means installing patches released by the software developers to close security holes found in their products. Hence the name 'patching'.
National Institute of Standards and Technology (NIST)
Flaw Remediation | Automated Flaw Remediation Status - Determine if system components have applicable security-relevant software and firmware updates installed using [Assignment: organization-defined automated mechanisms] [Assignment: organization-defined frequency].
What tools do we have today?
As a IT-Pro we use the tools we have in front of us to get the job done, speaking of:
Patch my pc
Patch My PC's main goal is to help you keep third-party programs up to date. It can be directly integrated with Endpoint Manager. You'll pay per seat and get access to a list of applications that they keep up to date for you, so you don't have to do it yourself and can be sure you're in control.
Chocolatey is an installer and package manager for Windows software that works from the command line. They have a repository like Patch my PC, but the big difference is that the community runs it while allowing you to host your own private repository.
We also want to be sure not to unnecessarily disturb our users while they are working when we update our applications. We have packaging tools for this, and the only one I am aware of that is noteworthy is:
The PowerShell App Deployment Toolkit has a set of functions that can be used to do common application deployment tasks and notify the user while an application is being deployed. It makes it easier to deal with the scripting issues that come up when deploying applications in an enterprise, gives a consistent deployment experience, and increases the number of successful installations.
What is Microsoft Store for Business(old)?
Microsoft Store for Business and Microsoft Store for Education are made for businesses and schools. They give IT managers and administrators a flexible way to find, buy, manage, and distribute free and paid apps to Windows 10 devices in large numbers. IT administrators can manage Microsoft Store apps and private line-of-business apps in the same inventory and assign and re-use licenses as needed. You can choose the best method for your organization by assigning apps directly to people and teams, putting apps on private pages in the Microsoft Store, or connecting with management solutions.
Microsoft Store for Business and Education will not work on Windows 11.
Following is the key features:
- Private store (But does not support Win32)
- Centralized management
- Line-of-business apps
- Up-to-date apps
What is Microsoft Store for Windows(new)?
Please remember that anything can change on release
On July 28, 2022, we heard some great news.
- paid apps will not be reintroduced in the new solution as of this time.
- The new solution does not integrate with ConfigMgr only Intune
Microsoft Store on Windows will continue to offer UWP, PWA and MSIX containers. But must importantly Win32. In the end, this will add more software from other companies to the Microsoft Store on Windows.
A rich API layer based on Microsoft's Windows Package Manager will access the program catalog. Endpoint Manager provides app search, discovery, purchase, and deployment that Microsoft Store for Business lacked. With Windows Package Manager, we can give app deployment and update controls directly in Endpoint Manager. This will bring enterprises new enterprise-level capabilities.
Private Repository (planned)
As many private Windows Package Manager repositories as needed. Microsoft is working on a "bring your own repository" feature for organizations.
I am looking forward for Private Repository with winget!