MD-102 - Examine Application Management

Hey folks welcome back for module 4 of the Microsoft md-102 course this module is called examine application management it consists of only three main sections the first of which is called execute mobile application management the second is deploy and update applications the third and the last is administer endpoint applications now I know you guys probably know it by this point in time but if you don't please give the Video a like it does help me in the channel and then obviously I can go and make more of these kinds of content to help some of

you guys out so the least you can do is just give it a like and obviously if you want to know when module 5 comes out for this course anything else then well subscribe or don't either way all right let's go have some fun [Music] [Music] All right boys and girls hope you've enjoyed the intro so as you can see the first section we're going to be diving into here is execute mobile application management the first topic we're diving into in this section is mobile application management now mobile application management is usually known as mem

for short m-a-m so something you should probably be aware of regarding mam is even though the name mam or the full name mobile application management Is still used till this day it is now actually called app protection policies nobody really calls it mem anymore it's actually called app protection policies now so I don't know I don't know what Microsoft trying to pull here but yeah there you go that's the new name so once you understand what this is all used for you'll see the new name actually kind of makes more sense logically speaking at least

for me it does I don't know about you guys Anyway getting back to the topic you're probably wondering what is this cool tool called mem or whatever the new name is or should I say app protection policies struck a blanket for a moment so intern mobile application management refers to the suite of InTune management features you can use to publish push configure secure and monitor and let's not forget update mobile apps for your users one of my favorite things about the mem is that your mem mobile Application management protects an organization's data within an application

by using Microsoft intunes app protection policies will of course help protect your company data and while in turn also prevents data loss so this is essentially useful these days with folks not always working from the office anymore and even more so if you look at the fact that many users are using devices which aren't well Windows some of these devices are iOS some of them Are Android then you know who else knows what else so these devices that for example run Android and iOS these are only some of the factors that make data security a

bit of a concern these days so this is now obviously where a prediction policies come into the picture if you use mem without enrollment a work or even a school related app that contains sensitive data can be managed on almost any device including personal devices in bring your Own device scenario so that would be a BYOD scenario I personally love the fact that we are able to prevent that loss or leakage inverted devices might not necessarily be enrolled also even though they not also even though also even though they might not even belong to the

company this is yeah well this is just a really a big win in my book this is really going to be a game changer for you guys in the sense of Managing your users managing their devices and their apps and while lastly let's not forget their data security guys so how do we go about implementing this great Newfound power you ask you implement mem once again should I say mobile application management by creating app protection policies in InTune that's how you will have to go to the InTune platform folks and once you there you will

need to set up app protection policies where you actually Specify what it is you want once you did that you will need to apply it to a group in InTune these groups those people don't know they work very much the same as the groups you would find in active directory on premises hopefully you guys know what I'm talking about so if any of you guys have ever worked with active director on premises if you've worked with groups on premises those groups are very similar to the one ones you'd find on InTune so this is Something

I did discuss briefly in one of the previous three modules in this course so you need to apply this to a grouping InTune this can either be a user group it can be a device group you need to apply it to a group this is all stuff we have previously talked about in the other modules in this course another term you folks probably would have heard of by now and it's not to be confused with mem is the term MDM not m-a-m but MDM in case you don't Know or if in case you don't remember

MDM is short for mobile device management and this manages the device like the name suggests so since we currently find ourselves in a situation where employees use mobile devices for both personal and work tasks we want to make sure they can be productive but at the same time we want to prevent data loss because some of these people just yeah let's not say anything bad about it it doesn't matter if it's on purpose or Accidental but from time to time on user's side either way there's going to be things that's going to happen and we

want to prevent data loss we also want to protect company data that is accessed from devices that are not managed by us to do this we can use InTune app protection policies independent of any mobile device management solution just to remind you guys mobile device management that's MDM for short this Independence helps you protect your Company's data with or without enrolling devices in a device management Solution by implementing app level policies you can restrict access to company resources and keep data within per view of your it Department something you all need to be aware of

is app protection policies are only supported by Android and iOS when you enroll Windows devices to InTune you can use Windows information protection which offers similar functionality so Depending on whether you're using Android on iOS or whether using Windows you'll use the one or use the other now the one is not necessarily better than the other it's really going to depend on you or your clients unique needs and requirements on that particular day so if they've got unique needs that requires them to have Android and iOS sure go and use that there's another way you're

going to go and do that you're going to use app protection policies if The client or you need to go and use Windows then no you're going to be using Windows information protection both of them have their own benefits both of them have their own drawbacks in the end of the day you will still be able to manage the devices and their apps that's probably the most important thing here how you go about it might just vary slightly depending on the device this operating system the important benefits of using App protection policies are Things like

protecting your company's data at the app level because mobile app management doesn't require device management You can predict company data on both managed and unmanaged devices that's pretty important the fact you can also do this on unmanaged devices the management is centered on the user's identity which removes the requirement for device management another benefit guys is the end user's productivity isn't affected by all of this and Policies don't apply when using an app in a personal context policies are applied only in a work context which gives us the ability to protect company data without touching

personal data how Nifty is that where other additional benefits to using an MDM with app protection policies once again that's for IOS and Android companies can use app protection policies with and without MDM at the same time need right for example imagine a situation where an Employee has a device issued by the company this can maybe be a phone for example and at the same time they have their own personal device this can be another phone or a tablet you know so yeah that's a situation the company phone is enrolled in MDM and protected by

VR protection policies while the personal device is protected by the app protection policies only if you use an MDM and if used correctly it makes sure that the device is protected you can Enforce all kinds of security this can be things like requiring a band to access the device it can be things like forcing the user to use MFA or to be geographically in a specific location the list is very long folks anywho getting back to the main topic here which was originally mam in June's mem supports two configurations folks the first is intu's mobile

device management and mobile application management combined with This configuration devices are enrolled in your company's engine environment the second configuration is mobile application management without enrollment in this configuration devices are obviously well not enrolled like the name suggests using the second configuration devices are not managed only applications are if you want to manage the devices you need to use well obviously the first configuration this second configuration is typically Used in a well bring your own device scenario perhaps if you don't know what that means that's when your users use well their own personally owned devices

for the purposes of work in those situations we don't normally enroll the devices into the company's engine environment since the devices don't actually belong to the company to begin with that being said guys we don't have as much control in those situations we're Not saying that there is no control we're simply saying there is less control so ideally you'll find most companies prefer to issue their users with a device because then it belongs to the company which means we have a little bit more leeway as to what we can say what needs to happen and

how it needs to happen but as soon as people use their own devices in other words a BYOD yeah the only real benefit there is your company is going to spend less money on Buying assets by the end of the day you know I wouldn't recommend it guys So speaking of considerations what are they well first of all folks intunes mobile application management protection policies provide comprehensive protection to mobile apps and data without requiring complete device management secondly folks an app must actually be built to work of mobile application management or should I say ma'am

if it's Not built to work with man well I think you can figure out what's going to happen if you'd like to know more about which apps you can actually go and use for those of you that's curious you can actually get an updated list of mam enabled apps from the microsource website this is for this is more for the guys that you know who are actually working on this it's not for those of you who are actually studying for the Exam so if you're studying for the exam guys don't worry about this list I

was just talking about this is more specifically for those of you that's currently working with InTune at this point in time at your office and who would like to know more about which mam apps are actually you know enabled and support for those kinds of stuff it's for those guys so you'll see some of these apps support multi-identity and they will let you or the user use Different accounts to access the same apps while app protection policies apply only when the apps are used in the work context all in all these app protection policies protect

organization data and prevent loss of sensitive and valuable data app protection policies allow you to control what capabilities an app has when working of corporate owned data this includes guys preventing the user from copying data from a protected app or to An app that is not protected by an app protection policies app configuration policies require that the apps support these policies just be aware folks it might happen from time to time that your third-party apps do not support app configuration policies if you find yourself in such a pickle of a situation you can just use

the InTune app SDK to add support for app configuration policies to your line of business apps that's at least well one Way around that problem you also have the option of creating a configuration wrapper around an existing app that brings us to our next topic preparing line of business apps for app protection policies like we just mentioned a moment ago some apps don't really support certain things if you happen to find yourself in that sticky situation you can use the InTune app wrapping tool for line of business apps that do not have built-in protection You

can use the InTune app wrapping tool when your app doesn't have building data protection features you can use it if your app is simple you can use it if your app is deployed internally with regards to Intel deployment guys it doesn't support Apple or Google stores just take note of that folks I'm going to highlight that differently for you guys anyway you can also use the app wrapping tool when you don't have access to the App source code and then lastly folks you can also use it if your app has minimal user authentication experiences another

I want to make for you guys which is already on the screen and I've already said it the app wrapping tool does not support apps in the Apple store or the Google Play Store watch out for that one folks they like asking that in the international certification exam all right folks with what we've just said in mind we're not quite done yet With this topic we've only spoken about the app wrapper tool so let me clear up some room here so we can talk about the InTune SDK which I mentioned earlier all right there we

go if you folks don't notice already you can use the InTune app SDK for developed apps so when exactly do we use the app SDK you ask the InTune app SDK is designed mainly for customers who have apps in the Apple App Store or the Google Play Store and who want to be able to manage the apps With something like InTune however any app can actually go and take advantage of integrating the SDK even guys line of business apps so in short you can use intunes app SDK for in-house deployed apps and it can be

complex it can support Apple and Google Google store apps you can also use the intunes app SDK when your app doesn't have built-in data protection features pretty neat right you can use it when your app is complex and it contains many experiences You can use it if your app is deployed on a public App Store such as Google Play and Apple's App Store unlike the previous app wrapper tool we spoke about you can use it when your app has other SDK Integrations and lastly you can use it when your app is frequently updated guys alrighty

folks as you can see the app SDK also have many times and many situations which you can use it so depending on you your company or your clients companies unique requirements And situation you'll either use the one or the other so pretty much that's pretty much what the situation is you're either going to be using the app wrapper tool or you're going to be using the app SDK depending on your situation now with all of that being said let's move on to implementing mobile application management policies in InTune so once again folks something you might

already know by now because I've said it a couple of times in this module Already app protection policies can be applied to apps running on devices that may or may not be managed by InTune so in other words it doesn't matter if these devices are enrolled into your company's environment or not it doesn't matter if these devices belong to the company or the user either way in the end app protection policy still can be applied here guys something worth mentioning which some of you might have figured out earlier already due to Something I listed in

tune app protection policies are assigned to users yep so yeah maybe some of you guys figure that out maybe not because in tune app protection policies are targeted to a user's identity the protection setting for a user typically applied to both enrolled and non-enrolled devices so it's not based on the device it's based on the user therefore you can Target an InTune app protection policy to either engine Enrolled or unenrolled IOS and Android devices so it's got nothing to do whether devices are enrolled or not since we're targeting the users here guys and not their

devices it doesn't matter if these devices are enrolled or not something I also mentioned earlier was InTune app protection policies can also be assigned to IOS and Android devices if someone has a device like a Windows device then you'd rather use something like Windows Information protection which does very much the same thing in some ways except well it's for Windows all right folks let's talk about managing mobile application management policies in InTune when it comes to your app policies that you've applied you can actually monitor app compliance status yeah that's right assuming you have privilege

of course you will be able to Monitor and see which apps are not compliant with your policies nothing is Private anymore these days guys the platform provides summary and detailed views of app protection and some of the information includes things like assigned users with app policies things like apps with mobile application management policies thought protected apps users experiencing issues and also check-in status you can run either a user or app reports you can really pull a report on just about anything folks well that finally brings us to the end Of the first main section so

now moving on to the second main section this module which was deploy and update applications all right let's start things off in this section by talking about deploying applications with InTune so the first thing I want to point out about this is when you deploy applications within June the whole life cycle of apps is actually very similar to that of desktop apps guys with that being said here is a picture for you Folks so you can see more or less what I mean by that so in InTune the app lifecycle begins when the app is

added it then progresses through additional phases like well you can see which are similar to developer desktop apps and the main eventually app gets removed in the end of the day so it gets added goes for the life cycle and eventually ends up being removed so by understanding these phases you'll have the details you need to get started with App Management in InTune guys so looking at the picture the first step like I said a moment ago is to add you need to identify the apps you want to manage and assign once you did that

you add them to InTune like we said other than this module you can work with many different app types the basic procedures are the same of InTune you can add apps written in-house apps from the store app store built in and apps on the web now looking at the picture again the second step is To deploy those apps after you've added the app into InTune you can then assign it to users and devices that you manage InTune makes this process obviously very easy and after the app is deployed you can monitor the success of the

deployment from InTune within the endpoint manager admin Center additionally guys in some app stores such as apple and Window app stores you can purchase app licenses in bulk for your company which is really going to Make life a little bit easier for you guys what I like about this concept is InTune can synchronize data with these stores so that you can deploy and track license usage for these types of apps right from the InTune Administration console so if you're the kind of person that has to deal a lot of license businesses and a lot of

licenses just in general you're going to want to keep track of that and it does make it very easy for you to go and do that now step Three guys in the picture is configure as part of the app lifecycle new versions of apps are regularly going to be released InTune provides tools to easily update apps that you've deployed to a newer version should it be needed of course Additionally you can configure extra functionality for some of these apps now looking at step four in a picture protect in tune gives you many ways to protect

data Inu apps some of those I've Actually already mentioned and someone kind of explained already you know to be honest those main methods are things like conditional access and app protection policies definitely mention our protection policies you guys earlier the very last step in the picture is retire I think this step kind of well explains itself doesn't it eventually apps that you've deployed will likely become outdated it's probably going to happen at some point in time and they Will need to be removed the engine platform actually makes it very easy for you to go and

retire these apps from service anyway folks let me remove this picture and make some room so we can talk about adding apps in InTune I know we did mention that in the picture but let's talk a bit more about it all right so you can add the following app types in in June folks there are quite a few actually the first type you Can add is store apps now me just saying store apps can mean more than one thing since well you get different kinds of app stores so which stores am I talking about you

ask well folks I'm talking about all the well-known app stores that will be things like the Windows store the Android store so that's probably the Play Store I think Android calls it the Play Store the iOS store I believe they call that the App Store if I'm not mistaking please correct me in the Comment section down below if I'm wrong so I believe Android calls their store the play store iOS which is Apple they call it the App Store winners calls this the winner store and then obviously you get other stores as well for other

people which is not even mentioned this course and if you go look at Hawaii they've got app gallery and they've got Fedora for those of you that's curious not that it matters but yeah so other kinds of app types you also get To add in InTune or Office 365 Suite apps web links built in apps line of business apps and also of course good old-fashioned Windows apps in other words Windows 32 apps 32-bit apps whatever they call those as you can see there are a lot of app types you can add so they really have

given us Choice which is pretty cool anyway moving on to our next topic here folks manage or deploy win32 apps with InTune that's normal normal good Old-fashioned Windows apps guys just in case you don't know so for those of you that don't know these win32 apps Microsoft is referring to are your traditional Windows apps that run on your device they're also often called well desktop apps actually now getting back to the topic at hand here if you find yourself needing to manage and deploy Windows 32 apps there are some things you should be aware of

some criteria that'll basically need to be Met first in order to deploy win32 apps Windows 32 apps however you want to go and pronounce that there is some criteria that must be made first pre-requisite in other words I hope I didn't butcher that name firstly devices must be joined to azure's active directory and auto enrolled secondly guys there is a size limit per app you want to go and add Windows applications can't be larger than 8 gigabits per app unfortunately there are also some good Features worth noting here mind you this would be features like

both 32-bit and 64-bit apps are actually supported pretty cool right so that's definitely winning my books I don't know about you guys dependencies of other apps and install requirements can be defined as well alrighty now that we've talked a bit about the old Winfrey 2 apps let's talk about deploying applications with Microsoft's configuration manager As you can see we're kind of going through various ways of deploying your various different types of apps at the moment so um with Microsoft's configuration manager just to remind you folks in case you forgot from the previous modules you need

to have the agent or client deployed on devices in question to be able to manage devices and deploy things to them using configuration manager with that being said instead of using Group Policy you can Leverage The built-in functionality of configuration manager to manage application deployment guys this will provide you guys with way more flexibility in control for managing applications now coming at this from a configuration manager perspective application or the app is a widely used term in Computing in configuration manager though it means something different and specific you can think of an application like a

box this Box contains one or more sets of installation files for a software package this is known as deployment type the box also contains instructions on how to deploy the software now when you deploy applications to devices requirements decide which deployment type configuration manager installs on the device you can do many more things with an application to cater to multiple scenarios I'm going to list some key elements for you folks that make up the Application the first element is deployment type the deployment type is the set of contents in the Box an application needs at

least one deployment type as it determines how to install the app the second element is requirements requirements ensure the targeting point is installed with the most appropriate application so the target is running let's say windows 64 but the requirements will ensure the targets Gets the appropriate application another element is global conditions these Global conditions can be used alongside requirements to pre-define or should I say specify custom requirements for example an environment key identifier for a test or production domain guys we have the element simulated deployment a similar deployment evaluates the requirements detection method and dependencies

for an application and Reports out what the expected result would be without actually installing the application now this is a really handy element wouldn't you say anyway you also get deployment applications a deployment action specifies whether you want to install or uninstall the application not all deployment type support uninstall action go you get purpose the deployment purpose specifies where the deployment app is required or available if the Deployment is required the client will install based on the schedule the deployment is available it will be available in software Center and then you get revisions when you

make changes to an application a revision is created to enable the application change configuration to be tracked guys then we have detection method this is something nice we use to well discovery of a device already has an application installed if detection method indicates The applications indeed installed well when configuration manageable simply not attempt to install it again as simple as that next on the list is dependency dependency is defined one or more deployment types from another application that the client must install before it installs this deployment type this is very often helpful in more complex

application installations guys the second last element on the list is Superseded I hope I didn't butcher that name if I did let me know in the comment section down below you can use configuration manager to upgrade or replace existing applications by using a supersedance relationship when you supersede an application you basically specify a new deployment type to replace the deployment type of the superseded application and Vane folks the last element on the list here is application groups Starting in version 1906 you can use application groups to deploy a group of applications to a user or

device collection now for those of you don't remember a collection is the same as a group except a collection is for well the configuration manager side of things and on InTune we call it the group in an active directory we call the group for some funny reason Microsoft thought it'd be funny to go and call it the collection on well configuration manager Previously before that you would normally have to go and use something like a task sequence to perform such an action in a complex dependency setup alrighty now that we've talked a bit about deploying

applications with configuration manager let's talk a bit about deploying applications with Group Policy I mean I've been mentioning on-premises server and all that so much we might as well talk about group policies now I'm kidding it really is a Part of the course guys so with regards to group policy deployment methods folks there are some pretty big advantages with it but at the same time you'll find there are also some pretty big disadvantages with it whether you end up using this group policy method in the end of the day will probably depend on the size

of your organization and the unique requirements of your organization or your clients organization so in case you folks don't know already Windows Server 2016 and later includes a feature called software installation and maintenance that active directory domain Services Group Policy and windows installer servers used to install maintain and remove software from your organization's computers neat right all right so what are some of these great benefits to using group policy for deployment you might be wondering well let me list some of those main ones for you guys Group Policy as we already know Is part of

adds in other words active directory domain Services as most of you already know active directive domain Services is a role you add on a server which costs you well nothing it's for free you just need to go and configure it so basically it's for the most part almost completely free this whole setup guys since this is part of your active trick 3 there is no need for a client agent if you look at other deployment tools like In tune or configuration manager yeah guys there you're gonna need something so if you look at something like

InTune you would normally have to go in rollover device first into the companies into your environment if you look at configuration manager you normally need to go and drop a little file a setup file an agent whatever you're gonna go and call it to be able to manage that device now that is not the case when it comes to group policies group policies No you don't need to go and do that now obviously it's got a couple of drawbacks which we'll probably mention in a moment but uh one of the benefits here which is a

massive benefit to my book is the fact that you don't have to go and struggle and go for the inconvenience of enrolling this device or installing something on the device first nope you can just go and use it on that note it's easier to use and also relatively fast with deployment this all sounds great Right so what are the disadvantages then you might be wondering now if this tool is so great there must be a couple of disadvantages well folks unfortunately when using Group Policy it has minimal features so yes you don't have to go

to enroll device or drop little agent file but group policy has minimal features little to none in fact if you compare it to other deployment tools that are available Also if you decide to use Group Policy it has no reporting of success or failure what is meant by this is if you were to go and deploy using this method you'll have absolutely no idea if you're deployment was successful or if it failed miserably you'll have absolutely no idea do you just cross your fingers and kind of hope for the best now it doesn't happen often

that it goes and fails but you know there's going to be times where it would fail and you would Need to know about that and the only time you're going to know about that is when it is too late all in all guys I'd say this is actually not a bad deployment method I've used it quite a few times in my life and I really haven't had any issues with it so all in all not a bad benefit it is not suited for all companies in my opinion this is more suited for I don't know

smaller companies probably now as for Windows install service which Was mentioned earlier this fully automates the software installation and configuration process oh oh and it modifies or repairs an existing application huh how about that anyway let's move on over to the topic of assigning and publishing software let's mention some of the differences between assigning an application and Publishing an application since a lot of folks tend to get confused by these two first of all you can assign applications Only to computers and not publish them also software that has been assigned to computer will be available

to all users who log into that specific computer something I also want to mention is installation of an assigned program is not complete until the user actually launches it the first time oh and folks a user can install a published program through the programs applet in control panel just in case you didn't know now moving on to a bit of a different topic Which I personally find very interesting and yet not a lot of companies use it at least not as many as you would expect that would be Microsoft store for business so the first

thing you folks need to know about this topic is you kind of get two kinds of Microsoft Store the first one is the normal Microsoft store which is for General audience this one Microsoft says you can find from Windows 10 onwards but yeah I actually disagree with that statement of this if You go check on Windows 8.1 you would find it actually is there I don't know there's a lot of things you guys can't believe you know so if you go to Microsoft's website if you go through their official slides and their books and stuff

there's a lot of nonsense they say in there which is completely not true which you're going to find you're going to be able to disagree with you'd find for example Microsoft says hyper-v came out on Windows 10. it did not you Can actually find it when it's 8.1 you just need to go and turn it on as a feature they say for example the Microsoft store only came out on Windows 10 as well nope not the case if you go check Windows 8.1 it's right there in the taskbar guys now folks don't confuse Windows 8.1

with Windows 8 those two are not the same minus eight came out first and then Windows 8.1 came out assuming you are indeed running Windows 8.1 Windows 10 or Windows 11. you also Usually have to run the correct edition of Windows to have access to this function from what I've noticed and I did mention this just a couple of moments ago now looking at the normal Windows store which is for the General Public Access what do we find on there well honestly pretty much the same deal as what you would find in the Google Play

Store guys or the Apple App Store you can find apps games music movies TV shows and also Books on there there is probably a bunch of other things on there too which I don't even know about so yeah pretty much what you would expect to find on the Google's Play Store the Apple App Store that's what you can expect to find in the Windows store now as for the other version of Microsoft store we get which is the actual topic here believe it or not that is Microsoft store for business it's got a little extra

there at the back for business this is more For well companies obviously what you'll find on there is more business related modern apps and line of business apps that's not the only thing you'll find on their row and also not the only thing you can use the Microsoft store for business for we'll get to all of that in just a moment I think um let me first make some room here so I can list some of the things we can do in the Microsoft store for business more clearly for you guys All right now that

we have some room let's list some of the benefits of using the business version of Microsoft store first benefit I'm going to list for you guys is that it's scalable free and familiar you have to remember that none of this is running on your servers so scaling up is very quick and easy since it's well in the cloud guys it's not on your property you have your own dedicated private store section the platform You have your own dedicated private store section on the platform too that's actually one of my personal favorite benefits about this whole

thing mind you unfortunately you get that benefit you need to meet some of the requirements first which is not mentioned on this list yet we'll get to that later in this module you get bulk app acquisition for company employees you get the benefit of app distribution and integration with management tools you get support for Company line of business apps a handy benefit is the one of app license tracking and management something we did briefly mentioned earlier in this module usually keeping track of licenses in companies is a mission of note guys so if there's anything

that can make that easier it's always going to be a win in my book oh and one last benefit I want to mention here is automatic updating of deployed apps I mean it's the cloud after all so it only makes sense for it To do that for us right now let's talk about the prerequisites for Microsoft store for business yes folks there are unfortunately prerequisites that will have to be met before you can go and play with this new toy of yours the first and probably the most obvious prerequisite is that you need to have

internet connectivity I know I know it's obvious but hey it's mentioned by Microsoft so don't shoot the messenger I'm just a trainer delivering this Course to you guys so I have to say within the course let it not be said I did not cover it I did mention it you need internet connectivity so it might be obvious to you but there are people that honestly are doing this for the first time that might not know that so as I mentioned briefly earlier the Microsoft store for business is a cloud service guys it's all running and

happening somewhere else on Microsoft servers so that in mind for you to Access it all and make use of it you need to have internet access the second prerequisite is web browser for administration please note though this is however not required for accessing the Microsoft store for business apps the third prerequisite is that Windows update service must be running I'm sure most of you being an ID already know why this service needs to be running for this but in case you don't know already the service is for downloading and Installing the updates to these programs

I mean it is Microsoft after all so it only makes sense you're going to be getting new updates for these Microsoft apps via the Windows updates the fourth prerequisite is you and the users will need an Azure active directory account this is required to sign into the Microsoft store for business guys if you don't have an Azure active directory account to sign in with how will the store know who you are or from which Company you are or all of that kind of stuff it's not gonna know so that's where your Azure active directory account

comes into play to tell the store who you are from which company you are where you from all that kind of just so this becomes a bit of a problem in many ways because if you want to access your company's private section of the Microsoft store you won't be able to unless of course you've got your own account each company can have their own Dedicated private section on the store where they can actually go and upload or publish their own in-house apps only employees in your company can then access this profit section but they need

to First prove they are who they claim to be and where they claim to be from how do you think that's going to happen guys the Azure active directory accounts folks the fifth prerequisite and the last one on my list here is Windows devices Your users who want to access the Windows store for business need to be running the Windows operating system that's unfortunately non-negotiable it's not accessible from other operating systems other than Windows you also need to check if you're running the correct Edition mind you alrighty let's talk about implementing Microsoft store for business

firstly folks this is actually available For free to organizations provided that your organization meets the prerequisites like having an Azure active director account otherwise no it's not going to work you must also sign up for Microsoft store for business I suppose you call this a prerequisite of sorts now now that I think about it what I mentioned earlier briefly already is that you can manage Microsoft store for business in a web browser you can access Microsoft Store for business by using a micro Store app or web browser and then lastly folks store permissions are delegated

by assigning roles no surprise there right much like most other things of Microsoft you know come to think of it well folks we have finally reached the end of the second main section of this module we can now finally move into the third and the last main section which was administering endpoint applications now in this last section let's start you Guys off with manage apps with injure so that being said it's a nice little picture for you guys to show more or less what I want to show you guys so first things first is the

app supported the apps might sometimes be supported they might not be as we've been covering pretty pretty deeply in this module you guys probably would have noticed some apps are supported sometimes they're not sometimes you can only deploy them this way only that way you know there's a lot Of things you have to go and consider then you need to go and create yourself a user or a device group this is now assuming you're talking about InTune so in tune remember it uses groups if you talk about endpoint configuration manager it uses collections essentially the

same thing but yeah Microsoft photo will be funny to go and use a complicated name so you're gonna go and create a user or a device group this is to eventually be used to go and choose Whom or what you want to assign these things to once you've done that you're going to go and add the app to InTune whatever this app might be when you're done a vet you assign the app to a group one of those user groups you created one of those device groups then once you've assigned to a group you're going

to configure any policies if there are any usually there are a couple and then lastly guys you of course want to go and monitor the results to see how well it's Going and of course if there's any issues that you might need to go and address now moving on to managing apps on non-enrolled devices you you remember earlier in this module we spoke about the fact that you do not necessarily have to have devices enrolled into ancient environment to be able to manage them especially if we talk about Android no matter what Google's operating system

and iOS Apple's operating system so a Managed app is one that in tune controls and control over distribution and management so that's what we mean by a managed app if an app is a managed app it's because InTune has control over it so in other words you've got control over it now an unmanaged app is one that InTune does not control pretty obvious right I know it is but hey it's part of the course and this is installed directly from public stores like the Play Store of Google or the App Store From Apple you can

assign apps to unenrolled IOS and Android devices no surprise there I mean obviously going to go and choose a group in your engine environment this group is going to include devices it's a device group and in that device group you can have either just iOS or just Android or a mix of the two in case you're wondering users use either the company Portal app or if they go to the InTune company portal website at the address that I've just specified For you guys if you're wondering where or how you get your hands on this Portal

app guys it's a free app you can find it in the Play Store you can find it in the App Store and I happen to know it on good authority you can also find it in a couple of the other stores which is not even mentioned in this course you can manage apps on unenrolled devices using App protection policy something we covered quite deeply previously in this specific module we Spoke a lot about app protection policies you'd remember that we previously said the name used to be mem and now well it's called app protection policies

their name is somewhat changed there hasn't it all right moving on to one of our last topics it's not quite the last one yet but we're nearly there guys deploy Microsoft 365 apps with InTune so when it comes to deploying 55 apps directly from InTune there's a couple of things to keep in mind here Windows and Mac operating system is supported that's good news for you guys that's using Mac and windows you can use the Office 365 Suite app type you can go and do that there's no need to go and download installation files although

I've seen some folks we'll still go do that and it does support both 32-bit and 64-bit I don't really know why they keep supporting for YouTube but because we've reached a point in time now where absolutely everybody and everything or Nearly everybody and everything is using 64-bit so I don't know if we'll ever get to a point where we can get rid of 32 but there's always going to be like one weasel that still wants to go and use it so yeah by the way guys if you're still watching the video at this point in

time uh well done you've probably reached like the one hour mark by now um if you guys don't mind remember to give the video a like I do appreciate it And uh this week I've got another fun treat for you guys so sometimes I give you guys a secret word sometimes it's the secret sentence so this time around uh let's keep it a little bit interesting let's make it more interesting you can use any phrase or any sentence from the how I make your mother TV series if anyone has ever watched that TV series maybe

use a fun phrase or a fun sentence a funny sentence uh keep it PG guys no swearing Words in the comment section the YouTube police is going to be on my case and they're going to be on your case if you do that so let's not do that to keep it PG but something funny something fun a random phrase from the harmony by the TV series you're out to go and put that in the comment section and for all you know maybe someone's watched the same episode then they will continue on your sentence you can

actually continue the conversation there just for fun gags Anyway so that's for those that wants to do it alternatively you can just post your questions down in the comment section down below um you guys are probably well aware at this point in time that in the video description you'll find the usual time stamps to make your life a little bit easier when it comes to finding certain topics in this module what you will also find in the video description literally like way at the bottom of the video Description is a Discord server so for those

of you that would like to join an I.T community of like-minded people people that are studying courses like this course and people that have done this course and that have knowledge the course feel free to check out that Community to completely free server on Discord I myself am also in that server so if you've got any questions you can post them there either myself or someone will answer your question and maybe Someone else has got a question that you know the answer to either way it's a fun Community come join us guys all right moving

on to the last topic of this module wow I can't believe I'm finally saying that additional Microsoft 3D 5 apps deployment tools so what I'm about to list for you guys is four of them is different ways or extra ways of methods for you to go about deploying these Microsoft 365 apps the first one is system center configuration manager Which can be used to prepare and deploy to devices that's actually a very powerful tool I wouldn't say it's my favorite in a sense of functionality and flexibility it is really really cool and very powerful probably

the most powerful out of the lot that I'm going to mention for you guys but it is somewhat unuser friendly so unless you've got someone to guide you or you've got some level of experience it can be a little bit overwhelming in the beginning Then we've got the office deployment tool which is fairly popular amongst people even if you don't know what it is you can figure it out very quickly this is used to download and prepare installation files speaks for itself doesn't it we've got the office customization tool so this for those of you

don't know it's a web base tool used to configure Office 365 Pro Plus installations you can go and choose how where what when what needs to be Included that kind of jazz and then the last one which might very well be the most common uh most well-known one and probably the most widely used one here Office 365 portal now that might be a bit vague so what I mean by that is the ability for users to go to the 3d5 portal this will be specifically the user portal guys and being able to install office directly

or install the apps directly onto the devices now what I don't mention here Microsoft and I'll Just mention for you guys an extra it is subject to your privilege and even more so subject to your license not all licenses includes all apps it also depends on what your administrators allowed you access to so even though something might be included in your license that doesn't mean you've got it it could be a matter of your administrator has decided you know what you don't need this or you should not have access to this and they could a

Dead discretion go and deny you access if need be alright folks I hope you've enjoyed this fourth module of the Microsoft nd102 I really hope you guys have learned something especially for those of you that studying for the certification exam I really do my best to trying to prepare you guys for the exam if you've enjoyed this if you feel like you've learned something do me a favor give the video a like maybe subscribe that's up to you guys before You disappear on me the usual thank you to the patreon sponsors the PayPal sponsors and

quite frankly everybody else so this includes those if you're clicking on the thanks button it includes those of you that's just been doing coffee donations yep you can find all of that in the description so here's a screen of all the patreon sponsors uh guys thank you very much I really appreciate it a screen of the PayPal sponsors And then obviously just once again thanks to those of you clicking on the thanks button and buying me coffee and milkshakes and just a reminder guys there is a Discord server which you can find in the video

description down below should you be interested alrighty folks I will talk to you guys again in module 5 of the Microsoft md-102 [Music] [Music]