From 2969a312ffab8bd124c5b6e375c1ce78c98c6c8f Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 2 Mar 2023 14:53:51 -0500 Subject: [PATCH] modified: education/windows/tutorial-managed-installer/considerations.md modified: education/windows/tutorial-managed-installer/deploy-apps.md modified: education/windows/tutorial-managed-installer/toc.yml modified: education/windows/tutorial-managed-installer/validate-apps.md --- .../tutorial-managed-installer/checklists.md | 43 ------------------- .../considerations.md | 4 +- .../tutorial-managed-installer/deploy-apps.md | 9 ++++ .../tutorial-managed-installer/toc.yml | 8 ++-- .../validate-apps.md | 31 ++++++++++++- 5 files changed, 45 insertions(+), 50 deletions(-) delete mode 100644 education/windows/tutorial-managed-installer/checklists.md diff --git a/education/windows/tutorial-managed-installer/checklists.md b/education/windows/tutorial-managed-installer/checklists.md deleted file mode 100644 index 13a74a10c8..0000000000 --- a/education/windows/tutorial-managed-installer/checklists.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Checklists for managed installer -description: Differnet checklists for managed installer -ms.date: 03/02/2023 -ms.topic: checklist -appliesto: - - ✅ Windows 11 SE, version 22H2 and later ---- - -# Checklists for managed installer - -This article contains a list of checklists related to the tasks in the Managed installer tutorial. -These checklists help to ensure that your Windows 11 SE devices are set up with a managed installer and that app deployment completed correctly. - -## Deploy an application via Intune - -> [!div class="checklist"] -> - intunewin package created (for Win32 apps) -> - Package uploaded via Intune (for Win32 apps) -> - Assign the package to the correct groups - -## Validate application deployment - -> [!div class="checklist"] -> - No Intune installation errors -> - No errors when opening the app from the device -> - *CI Policy* in the Event Viewer logs don't show app's executables being blocked - -## Create additional policies for incompatible apps -### WDAC supplemental policy - -> [!div class="checklist"] -> - Signed .cip .p7b file with Device Guard -> - Targets Base policy: `82443e1e-8a39-4b4a-96a8-f40ddc00b9f3` -> - Policy created in Intune and assigned to the correct groups -> - Policy applied in Event Viewer - -### AppLocker - -> [!div class="checklist"] -> - Only applied to an updater or installer -> - Merge option used -> - Policy created in Intune and assigned to the correct groups diff --git a/education/windows/tutorial-managed-installer/considerations.md b/education/windows/tutorial-managed-installer/considerations.md index 89489b9893..0c48a672cd 100644 --- a/education/windows/tutorial-managed-installer/considerations.md +++ b/education/windows/tutorial-managed-installer/considerations.md @@ -20,7 +20,9 @@ Autopilot and the Enrollment Status Page are compatible with Windows 11 SE. Howe An example of this is if you deployed an app via the Store for Education, but have not written a supplemental policy to allow that app's PackageFamilyName. In summary, if you choose to block device use on the installation of apps, you must ensure that apps are also not blocked from installation. -![](./images/autopilot.png) +:::image type="content" source="./images/autopilot.png" alt-text="Autopilot showing an error in OOBE on Windows 11 SE." border="false"::: + + ### ESP mitigations diff --git a/education/windows/tutorial-managed-installer/deploy-apps.md b/education/windows/tutorial-managed-installer/deploy-apps.md index 0f042cdb47..9d31c1d06d 100644 --- a/education/windows/tutorial-managed-installer/deploy-apps.md +++ b/education/windows/tutorial-managed-installer/deploy-apps.md @@ -61,6 +61,15 @@ PWAs available in the Microsoft Store aren't currently supported for Windows 11 Web link can be deployed via Intune using [web apps][MEM-4], and will be available in the Start menu of the targeted devices. +## Section review + +Before moving on to the next section, ensure that you've completed the following tasks: + +> [!div class="checklist"] +> - `.intunewin` package created (for Win32 apps) +> - App uploaded via Intune (for Win32 apps) +> - App assigned to the correct groups + ## Next steps Advance to the next article to learn how to validate the applications deployed to Windows 11 SE devices. diff --git a/education/windows/tutorial-managed-installer/toc.yml b/education/windows/tutorial-managed-installer/toc.yml index 5838d49fba..1e334a7203 100644 --- a/education/windows/tutorial-managed-installer/toc.yml +++ b/education/windows/tutorial-managed-installer/toc.yml @@ -7,9 +7,7 @@ items: href: validate-apps.md - name: 3. Create additional policies href: create-policies.md - - name: Considerations for your tenant - href: considerations.md - name: Troubleshoot and get help - href: troubleshoot-managed-installer.md - - name: Checklists - href: checklists.md \ No newline at end of file + href: troubleshoot.md + - name: Considerations for your tenant + href: considerations.md \ No newline at end of file diff --git a/education/windows/tutorial-managed-installer/validate-apps.md b/education/windows/tutorial-managed-installer/validate-apps.md index 5e8d056e91..b26264d691 100644 --- a/education/windows/tutorial-managed-installer/validate-apps.md +++ b/education/windows/tutorial-managed-installer/validate-apps.md @@ -123,7 +123,36 @@ You may see a dialog indicating *This app won't run on your PC*. Check the indic More detail can be obtained when looking for events where executables were blocked in the Event Viewer. For more information, see [Troubleshooting - Event Viewer](./Troubleshooting#event-viewer). ---- +## Section review + +Before moving on to the next section, ensure that you've completed the following tasks: + +> [!div class="checklist"] +> - No Intune installation errors +> - No errors when opening the app from the device +> - *CI Policy* in the Event Viewer logs don't show app's executables being blocked + +If there are any errors, create a WDAC supplemental policy + +> [!div class="checklist"] +> - Signed .cip .p7b file with Device Guard +> - Targets Base policy: `82443e1e-8a39-4b4a-96a8-f40ddc00b9f3` +> - Policy created in Intune and assigned to the correct groups +> - Policy applied in Event Viewer + +If there are any errors, create an AppLocker policy + +> [!div class="checklist"] +> - Only applied to an updater or installer +> - Merge option used +> - Policy created in Intune and assigned to the correct groups + +## Next steps + +Advance to the next article to learn how to troubleshoot common errors when deploying apps with managed installer. + +> [!div class="nextstepaction"] +> [Next: troubleshoot >](troubleshoot.md) [M365-1]: https://learn.microsoft.com/microsoft-365/education/deploy/microsoft-store-for-education