Tutorial / Cram Notes
Microsoft Endpoint Manager comprises tools such as Microsoft Intune and Configuration Manager that allow IT administrators to manage devices and applications across an enterprise. Publishing public and private applications is a critical aspect of ensuring that end-users have access to the software they require to perform their job functions, while also maintaining security and control over the software distributed within an organization.
Public Applications
Public applications are generally available apps in the app stores like Google Play for Android and Apple App Store for iOS devices. To publish these applications using Microsoft Endpoint Manager:
- Sign in to the Microsoft Endpoint Manager admin center.
- Navigate to Apps and choose either iOS/iPadOS or Android, depending on the operating system you’re targeting.
- Select to add an app, and then choose the app type as ‘Store app’.
- Search for the app in the public store, select it, configure its properties, assignments, and applicable settings.
- Once configured, publish the app. It will then be available to assigned users or devices.
Example: Publishing Microsoft Teams to all company iOS devices.
- Navigate to: Apps > iOS/iPadOS > Add > iOS Store App.
- Searches for “Microsoft Teams”.
- Configure deployment settings (required, available, uninstall, etc.).
- Assign to a user or device group.
- Publish the application.
Private Applications
Private applications are custom-developed or third-party applications not available in the public app stores. These typically are used for internal purposes within an organization. To publish these with Microsoft Endpoint Manager:
- Package your app. For example, for Windows applications, you’ll need to create an app package (.msi, .appx, or .appxbundle).
- Sign in to the Microsoft Endpoint Manager admin center.
- Navigate to Apps and select the platform you’re distributing your app for.
- Select to add an app, and then choose the app type as ‘Line-of-business app’.
- Upload your app package and fill in the required details such as name, description, publisher, and any relevant information.
- Define the deployment scope, app configurations, and assign it to user or device groups.
- Publish the app to make it available for installation on selected targets.
Example: Deploying a custom CRM platform to all Windows 10 devices used by the sales team.
- Ensure CRM app is packaged appropriately (.msi).
- Navigate to: Apps > Windows > Add > Line-of-business app.
- Upload the CRM app package and fill in details.
- Set deployment settings and assign to the sales department group.
- Publish the application.
Comparison Table: Public vs Private Applications
| Feature | Public Applications | Private Applications |
|---|---|---|
| Source | Public app stores (e.g., Apple App Store, Google Play) | Typically custom-developed or proprietary |
| Purpose | General user applications (e.g., productivity, communication) | Specialized apps tailored to the business |
| Publication Process | Search for an existing app, and assign it | Package the app, upload it, and then assign |
| Access Control | Can be restricted to certain groups or made broadly available | Typically restricted to specific user or device groups |
| Update Process | Updates are usually handled by the app store | Updates must be repackaged and republished via Endpoint Manager |
| Configuration Options | Limited to the options provided by the app itself | Extensive, depending on the complexity of the app |
| Requirement for Packaging | Not required | Required (e.g., .msi, .appx, for Windows) |
Implementing application deployment through Microsoft Endpoint Manager provides a streamlined process for ensuring that both public and private applications are efficiently distributed. It also offers comprehensive management, including the ability to monitor app usage, manage licenses, update applications, and ensure compliance with company policies. By leveraging these capabilities, organizations can maintain a secure and productive environment aligned with their operational objectives.
In the context of preparing for the MS-101 Microsoft 365 Mobility and Security exam, understanding how to effectively use Microsoft Endpoint Manager to publish applications is key. Candidates should be familiar with the steps and considerations for deploying both public and private applications, as outlined above, and how they contribute to an overall device management strategy within the Microsoft 365 ecosystem.
Practice Test with Explanation
True or False: Microsoft Endpoint Manager is the same as Intune.
- Answer: False
Explanation: Although Intune is a part of Microsoft Endpoint Manager, the latter is a broader integrated solution for managing all of your devices.
Select the correct statement about Microsoft Endpoint Manager.
- A) It can only manage Android and iOS devices.
- B) It is solely a cloud-based management solution.
- C) It incorporates services like Intune, Configuration Manager, Desktop Analytics, and more.
Answer: C
Explanation: Microsoft Endpoint Manager includes various services such as Intune, Configuration Manager, and Desktop Analytics to provide comprehensive management across devices.
True or False: To publish private applications using Microsoft Endpoint Manager, the applications must first be packaged as MSI or APPX files.
- Answer: True
Explanation: Private applications often need to be packaged as MSI or APPX files to be distributed through Microsoft Endpoint Manager.
Which of the following services is used to publish applications using Microsoft Endpoint Manager?
- A) Microsoft Exchange
- B) Microsoft Intune
- C) Microsoft Teams
Answer: B
Explanation: Microsoft Intune, a part of Microsoft Endpoint Manager, is used to publish and manage applications across devices.
True or False: Microsoft Endpoint Manager requires a VPN to deploy applications to remote devices.
- Answer: False
Explanation: Applications can be deployed to remote devices using Microsoft Endpoint Manager without the need for a VPN.
Select all correct options for types of apps you can deploy using Microsoft Endpoint Manager.
- A) Web apps
- B) Office 365 apps
- C) Win32 apps
- D) Linux apps
Answer: A, B, C
Explanation: Microsoft Endpoint Manager supports the deployment of web apps, Office 365 apps, and Win32 apps, but not Linux apps.
True or False: You can set app protection policies for both managed and unmanaged devices in Microsoft Endpoint Manager.
- Answer: True
Explanation: Microsoft Endpoint Manager allows you to set app protection policies for data security on both managed and unmanaged devices.
Which platform is not supported for app deployments through Microsoft Endpoint Manager?
- A) Windows 10
- B) macOS
- C) Android
- D) Symbian
Answer: D
Explanation: While Microsoft Endpoint Manager supports Windows 10, macOS, and Android, it does not support the now-defunct Symbian platform.
True or False: Microsoft Endpoint Manager supports the deployment of VPN profiles alongside applications.
- Answer: True
Explanation: Microsoft Endpoint Manager can deploy VPN profiles alongside applications to provide secure access to internal resources.
When using Microsoft Endpoint Manager, what is a requirement for deploying in-house developed applications to iOS devices?
- A) Jailbroken devices
- B) A valid Apple Developer Account
- C) iCloud storage
- D) An active Xbox Live subscription
Answer: B
Explanation: For deploying in-house developed applications to iOS devices, you must have a valid Apple Developer Account to sign the apps.
True or False: When publishing applications via Microsoft Endpoint Manager, you can target specific devices or groups.
- Answer: True
Explanation: Microsoft Endpoint Manager allows you to target specific devices or groups when deploying applications, enabling more granular control over app distribution.
Multiple select: Which of the following can be managed via application policies in Microsoft Endpoint Manager?
- A) App permissions
- B) App version updates
- C) User access
- D) Network configuration
Answer: A, B, C
Explanation: Microsoft Endpoint Manager allows you to manage app permissions, ensure version updates, and control user access through application policies; network configuration is managed via other profiles or policies.
Interview Questions
What is Microsoft Endpoint Manager?
Microsoft Endpoint Manager is a platform that provides a variety of tools for managing and deploying applications to employees.
How can public applications be published using Microsoft Endpoint Manager?
Public applications can be published using Microsoft Endpoint Manager by signing in to the Microsoft Store for Business, selecting the application, and choosing the deployment method and groups of employees and devices that should have access to the application.
What is a private store in the context of application publishing?
A private store is a dedicated store for an organization that allows administrators to control access to specific applications.
How can private applications be published using Microsoft Endpoint Manager?
Private applications can be published using Microsoft Endpoint Manager by creating a private store for the organization, adding the application to the private store, and selecting the groups of employees and devices that should have access to the application.
What benefits does Microsoft Endpoint Manager provide for application publishing?
Microsoft Endpoint Manager provides benefits such as streamlined application deployment, enhanced security, greater control over application distribution, and improved compliance.
What is Microsoft Store for Business?
Microsoft Store for Business is a platform that allows organizations to purchase and distribute applications to their employees.
How can applications be purchased and acquired for private distribution using Microsoft Store for Business?
Applications can be purchased and acquired for private distribution using Microsoft Store for Business by selecting the application, choosing the appropriate licensing and pricing, and adding it to the private store.
Can organizations control who has access to specific applications using Microsoft Store for Business?
Yes, organizations can control who has access to specific applications using Microsoft Store for Business by selecting the groups of employees and devices that should have access to the application.
Can public applications be purchased and distributed to employees through Microsoft Store for Business?
Yes, public applications can be purchased and distributed to employees through Microsoft Store for Business.
How can administrators manage and monitor application distribution and access using Microsoft Store for Business?
Administrators can manage and monitor application distribution and access using Microsoft Store for Business by viewing reports and analytics on application usage and adoption.
Can applications be automatically updated using Microsoft Store for Business?
Yes, applications can be automatically updated using Microsoft Store for Business, ensuring that employees have access to the latest versions of the applications.
Can private applications be published to devices that are not owned by the organization?
No, private applications can only be published to devices that are owned by the organization.
How can administrators ensure that applications are properly licensed and compliant with regulatory requirements and company policies?
Administrators can ensure that applications are properly licensed and compliant with regulatory requirements and company policies by verifying that the application is properly licensed, compatible with the devices and operating systems being used, and in compliance with regulatory requirements and company policies.
Can applications be removed from employee devices using Microsoft Endpoint Manager?
Yes, applications can be removed from employee devices using Microsoft Endpoint Manager to ensure compliance and security.
Can application deployment using Microsoft Endpoint Manager be integrated with other management tools?
Yes, application deployment using Microsoft Endpoint Manager can be integrated with other management tools, such as Microsoft Intune, to provide greater functionality and control over application deployment and management.
Great post on publishing public and private applications using Microsoft Endpoint Manager! Exactly what I needed for my MS-101 exam prep.
Thanks for the blog post, very helpful!
I have a question: when you publish a private application, does it automatically get updated on all devices?
I love how detailed this guide is about publishing public applications!
Can anyone explain the difference between required and available app deployment options in MEM?
This is exactly what I needed. Thanks a bunch!
I tried following the steps but encountered issues while publishing a private app. Any suggestions?
How can we ensure app data security when publishing public applications?