05-09-2024 10:16 AM - edited 05-09-2024 10:17 AM
This is an edited transcript of the 04.12.2024 IT Hour
Josh: We may have spoken about a potential integration with a Microsoft App Store. Today I’m here to share, if you’ve not seen it already, we have the first piece out and available to everyone. I’ll give a quick demo and let you know how it all works. And then we can do a quick review of where we were, where we’re at now and where we’re going.
So I’m in the Software Management section of the Admin Portal. What you’ll see is that we have the ability to install and manage apps through VPP, if you’ve got an Apple Business Manager account, you’re able to install and manage apps from Apple. We’ve not had that up until recently on the Microsoft side. What this is going to allow you to do is there are applications in the Microsoft store that you can now not only install on targeted devices and device groups, but you can also lock them on those devices so that they can’t be removed by end users if they’re critical for your business. Even cooler is that you can keep those applications up to date such that if a newer version is published in the Microsoft Store, it’ll automatically get deployed to those endpoints.
Now to add a new application, what I’m going to do is go to the Microsoft tab and select Microsoft Store. I get this screen here and what this is going to help me do is try and add Spotify. There’s a field here that says Package ID. What you have to do from here is you’re going to navigate to the Microsoft Store and search for Spotify. I click Spotify and it gives me all the information I’m looking for but the piece I need to include in JumpCloud is the Package ID and it’s embedded in the URL. It’s here after ‘detail/’ and ends before the ‘?’.
Note: There are some applications that don’t include what’s called a package family, and those applications we’re not able to install and manage. The assumption, and what we’ve seen so far, is that if the Package ID starts with 9, you’re good to go. If it starts with ‘x’ or something else, it’s likely an older package which does not include the family name and so we won't be able to manage it. This is all laid out in our documentation and within the platform.
That being said, once I have the Package ID I’m going to copy it, go back to the Admin Portal and paste it in the Package ID field. Now the little things. “Prevent auto-update” - typically, by default, we want to make sure that all these applications are updated on all your endpoints. If for some reason you want to pin a specific version, just select this checkbox. Otherwise if there’s a new version available we’ll automatically update all those endpoints that it’s targeted to. “Prevent user from uninstalling” - If you select this here, they’ll never be able to remove the app from their devices.
Note: You’ll have to remove this before you delete an application, if you want the end users to uninstall the app. With a Microsoft Store application, when you’re deleting or removing, you don’t actually delete it from those devices. All you’re doing is removing the JumpCloud Management of that. We’ll be working with you to create some commands or help you walking your end users through the process of removing it, if you actually want to uninstall these applications from those devices.
Next up, you’ll assign devices. It sometimes takes up to 30 minutes to issue. This is all done via MDM so that device needs to be JumpCloud MDM managed and we run a periodic MDM command so depending on timing it could take up to 30 minutes for the app to be on the device.
That’s what we have available today. Very shortly what we’ll be able to do is integrate the actual store and search into the Admin Portal so that’ll ease the process, so you can search, find, and select the applications within the admin portal and you won’t need to exit to copy and paste from the Microsoft Store. [This feature is available as of May 1, 2024. Read more here.]
Another thing the team is actively working on is the ability to keep VPP applications updated just like we can with the Microsoft Store apps. That’s something we’re really excited about. Along with the private repo where you host the apps yourselves, we’re also working on what we’re calling a third party application catalog that can help with apps that aren't covered in the Microsoft Store or in the Apple VPP store. The timing is TBD but it’s being worked on.
Q: Is there a process to follow if we’ve been using Chocolatey for Software Management and we want to move to the Microsoft Store?
A: You can add it as a Microsoft Store application, deploy it to the devices, and remove the duplicate application that came from Chocolatey. Then the MDM commands will verify that the right version is on those devices and then manage it directly through the Microsoft Store and JumpCloud.
Q: Are there any ways around the MDM requirement if I have older devices that are not compatible with Windows MDM enrollment?
A: Not at this time. But you can still use the Private Repo.
Q: Are the apps installed machine wide or only for the current logged in user?
A: They are installed machine wide. The private repo also installs at the system leven, not the user level.
Q: How does this work with BYOD devices?
A: Currently there’s no BYOD enrollment flow for windows like there is with Android. So whether or not the device is owned by the end user or the company, it really depends on how it’s been enrolled and if it’s MDM managed.