In this post, I will show you how to deploy applications from the Enterprise App Catalog in Microsoft Intune, using both the web portal and Microsoft Graph PowerShell.
What is the Enterprise App Catalog?
The Enterprise App Catalog is a Microsoft solution to simplify the lifecycle of managing first and third-party applications with a pre-packaged catalog of apps from the Intune platform.
The goal of the solution is to help reduce the time and effort administrators spend packaging, deploying and maintaining applications on their end devices, from large software packages to smaller utility-style apps.
Intune administrators will be able to deploy apps in a few clicks and have a clear view of any apps that need updating.
Deploy apps from the Enterprise App Catalog
2. Select Apps > Windows > Add.
3. From the App type drop-down box, select Enterprise App Catalog app.
4. Click Search the Enterprise App Catalog, select an app from the list and click Next. I have selected WinSCP.
5. The Configuration tab will show you the available app types, including language, architecture and version. While some may have multiple options, many apps will only show you the latest version, depending on the vendor. Click Select.
6. Leave the settings on the App information page as default unless you want to make it available from the Company Portal app, then click Next.
7. On the Program page, the information has been pre-filled. You can leave this as the default unless you want to remove the option for the user to uninstall the app.
8. The same goes for the Requirements page, which has already been completed by the Vendor; just click Next.
9. The Detection settings page has also been pre-filled. As for the WinSCP app, it will simply look for the current version of the .exe file.
10. On the final page, click Add app.
11. You will notice no option for Assignments during the wizard. You must go back to your app and assign it to your target users or devices.
Deploy apps from the Enterprise App Catalog with PowerShell
You can also deploy Enterprise App Catalogue apps using Microsoft Graph PowerShell. Although there are no set cmdlets for this, we can supplement this issue using Invoke-MgGraphRequest.
Below I have created a small function which used the /beta/deviceAppManagement/mobileAppCatalogPackage endpoint to find each catalog app, then the /beta/deviceAppManagement/mobileApps/convertMobileAppCatalogPackageToMobileApp endpoint to automatically prepare the information to submit and create the app in Intune.
Use the code below to deploy one or more applications to Intune from the Enterprise App Catalog at one.
Connect-MgGraph -Scope DeviceManagementApps.ReadWrite.All
Function DeployCatalogApps {
Param(
$Apps = "WinSCP"
)
Foreach ($CatalogApp in $Apps) {
#Get the latest version of the catalog app
$GetUri = "https://graph.microsoft.com/beta/deviceAppManagement/mobileAppCatalogPackages?`$filter=productDisplayName eq '$CatalogApp'"
$RetrievedApp = Invoke-MgGraphRequest -Method GET -Uri $GetUri -OutputType PSObject | Select -ExpandProperty Value
$SelectedApp = $RetrievedApp[0]
Write-Host "Attempting to deploy catalog app: $($SelectedApp.productDisplayName) v:$($SelectedApp.versionDisplayName)"
write-host "Converting to mobile app"
#Convert the app to catalog package
$ConUri = "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/convertFromMobileAppCatalogPackage(mobileAppCatalogPackageId='$($SelectedApp.id)')"
$MobApp = (Invoke-MgGraphRequest -uri $ConUri -Method GET -OutputType PSObject) | Select-Object * -ExcludeProperty "@odata.context", id, largeIcon, createdDateTime, lastModifiedDateTime, owner, notes, size, minimumSupportedOperatingSystem, minimumFreeDiskSpaceInMB, minimumMemoryInMB, minimumNumberOfProcessors, minimumCpuSpeedInMHz
$AppPayload = $MobApp | ConvertTo-Json
Write-Host "Attempting to deploy catalog app: $($SelectedApp.productDisplayName) v:$($SelectedApp.versionDisplayName)"
#Deploy the catalog app
$DeployUri = "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps"
Invoke-MgGraphRequest -Method POST -Uri $DeployUri -Body $AppPayload -ContentType "application/json"
}
}
DeployCatalogApps -Apps "WinSCP", "7-Zip"
Application updates
Each application deployed from the Enterprise App Catalogue is self-updated. This means that whenever the vendor releases an update to said application, it will both be published to the Enterprise App Catalogue and be available to update from the Intune portal quickly. Follow the below steps to update an application from the Intune portal.
2. Select Apps, then under Other, select Updates for Windows (Win32) catalog apps.
3. From this page, you will see a list of all available application updates. Select the 3-dot menu option next to the app you wish to update and click Update app.
4. This will launch the same wizard as you saw earlier, but instead, this time, the latest version of the application will be selected as well and the supersedence option will be pre-filled out.
5. Click through the wizard, leaving the options as default and create your app. You will need to assign the application to your users or devices like you did before. Ensure you select the same assignments as the previous app.
Enterprise App Catalog vs 3rd party solutions
It will be interesting to see how Microsoft’s latest innovation into enterprise app management compares with tried, tested and trusted 3rd party solutions such as Patch My PC. So far, my experience with Microsoft’s solution has been positive; apps seem to deploy quickly and confidently.
As for the price, Microsoft’s Enterprise App Catalogue add-on is $2 per device/user per month. However, Patch My PC, their leading competitor, is only $2 per device per year. Click here to check out their pricing page.
Wrapping up
Fundamentally, it is early days for Microsoft’s solution. With a lack of case studies and real-world deployment scenarios, it is hard to make a judgment call. If you want to avoid the hassle of additional vendor relationships and contracts, I suggest trialling Enterprise App Management from Microsoft. It makes app deployment a breeze, keeping everything under one roof. However, suppose you need an easy-to-manage and effective solution, regardless of whether you are a small 10-user company or a 10,000-user enterprise. In that case, I recommend sticking with the 3rd party solutions mentioned in this blog.
I think MS has just changed the Graph request and unfortunately this no longer seems to work. Have you a fix?
Hi Robert,
I have updated the script and this is now working again 🙂
Thank you so much. Can I ask how you found that change so quickly? I struggle finding how MS changes the Graph, especially for Intune. Also, have you nay insight in getting Google Play apps deployed via PowerShell? Feel free to email me directly if you wish, but am struggling to get some Graph working in Intune and need some kinda reference if you can share?
Of-course! Check out this post: https://ourcloudnetwork.com/how-to-use-invoke-mggraphrequest-with-powershell/ it shows you how to get the Graph requests from the portal! Also I have all of this detailed in my Book which is on the banner at the top 🙂
I have your book and have read it. My issue is that Google Play store apps don;t seem supported on same endpoint as other apps. For example:
$asrbpurl = “https://raw.githubusercontent.com/directorcia/bp/main/Intune/Policies/Apps/Android/companyportal-managed.json”
$query = invoke-webrequest -method GET -ContentType “application/json” -uri $asrbpurl -UseBasicParsing
$Uri = “https://graph.microsoft.com/beta/deviceAppManagement/mobileApps”
$result = Invoke-MGGraphRequest -Method POST -Uri $Uri -Body $query.content -ContentType “application/json”
fails
but if
$asrbpurl = “https://raw.githubusercontent.com/directorcia/bp/main/Intune/Policies/Apps/iOS/companyportal.json”
then it works.
Any ideas why it fails?
Hi Robert!
Google store apps cannot be deployed via Microsoft Graph due to the integration with the Google play store in the portal.
Kind regards
Daniel