Windows machines play a pivotal role in corporate productivity, with many organizations relying on them as a key part of their workforce. Installing and updating applications can be a challenging task for IT admins, as it often involves manual distribution and installation. MDM simplifies this process by enabling you to distribute the app to multiple devices through groups and install them silently without user intervention. MDM supports the following modes of app management:
Note: Windows Store app management is no longer available due to of Microsoft's discontinuation of the service.
You can distribute and install software on Laptops, Desktops and Surface Pro tablets by adding the MSI package to MDM. You need to add the MSI package to MDM server and provide the relevant details. The added MSI package initiates software installation on the machines, after distribution. This is supported only for Windows 10 or above.
Follow the steps given below, to add an MSI package to the App Repository:
PowerShell -ExecutionPolicy Bypass -NoLogo -noninteractive <path_to_the_downloaded_powershell_script > -Path <path_to_the_MSI_file > -Properties "ProductCode,ProductVersion,ProductName"
Once the above command is run, you'll get a JSON file containing all the requisite details, which is then to be specified in MDM. You can also use third-party software Orca MSI editor to achieve the same.In case you need to distribute apps only to Windows 10 or above devices, you can use third party CA-signed certificates or self-signed certificates to sign the app. In case you're using CA-signed certificates to sign the app, ensure you upload the CA root certificate on the MDM server. Self-signed certificates are auto-generated when building a Windows enterprise, using Visual Studio. You can navigate to the output location to obtain the certificate and upload it on MDM server. Ensure the CSC uploaded is the .cer file for the certificate used to sign the MSIX app.
To sign the enterprise app with either CA-signed certificate or self-signed certificate, follow the instructions given below:
Provide the following command on the command line, if you are signing appx file:
BuildMDILAPPX.ps1 -appxfilename <ME MDM app appx file> -pfxfilename <path_to_PFX_Certificate_File> -password <private_key_provided_for_PFX_certificate>
If you're adding .appx or .appxbundle files to the App Repository, you need to provide a package family name, which can be obtained as explained below:
MSIX is a Windows app package that provides modern packaging experience to all Windows apps. With the MSIX packaging tool, admins can create an MSIX package from an .exe or .msi app. With MDM, admins can silently install MSIX apps on devices running Windows 10 version 1803 or above. Follow the steps given in this document to create MSIX apps.
After the Code Signing Certificate (CSC) is uploaded, you can distribute enterprise apps as explained below:
App Configurations lets you customize the apps to suit the needs of the organization. You can also secure devices by restricting apps from accessing data and/or resources of the managed devices. The app developer provides a set of key and their value, that specifies the configurations, which have to be entered on the MDM server. These configurations are pushed automatically with the apps.The app developer must support app configurations for the app, to implement it using MDM.
Pushing app configurations based on user-specific/device-specific parameters such as E-mail, UDID etc., to different users can be a cumbersome task as the app configuration needs to be modified every time before it is pushed. However, MDM supports dynamic variables which ensures once the app configurations with user-specific/device-specific parameters are setup using dynamic varaiables, they needn't be configured again as the dynamic variables fetches all the required data from device/enrollment details.
Here is the table of parameters for which MDM supports dynamic variables:
PARAMETER | DYNAMIC VARIABLE |
---|---|
Device UDID | %udid% |
Device Name | %devicename% |
User Name | %username% |
%email% | |
Domain name | %domainname% |
Serial Number | %serialnumber% |
IMEI | %imei% |
Exchange ID | %easid% |
UPN | %upn% |
APN Username | %apn_username% |
APN Password | %apn_password% |
Thank you for your feedback!
Sorry about that!