From dacb950c2defc82fcbd7bd07395617ee76d64128 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 28 Feb 2023 17:03:27 -0500
Subject: [PATCH] updates
---
.../tutorial-managed-installer/Overview.md | 10 ++--
.../tutorial-managed-installer/deploy-apps.md | 54 +++++++++----------
...idate-applications.md => validate-apps.md} | 0
3 files changed, 31 insertions(+), 33 deletions(-)
rename education/windows/tutorial-managed-installer/{Validate-applications.md => validate-apps.md} (100%)
diff --git a/education/windows/tutorial-managed-installer/Overview.md b/education/windows/tutorial-managed-installer/Overview.md
index 5497560372..4b0067da72 100644
--- a/education/windows/tutorial-managed-installer/Overview.md
+++ b/education/windows/tutorial-managed-installer/Overview.md
@@ -9,7 +9,7 @@ appliesto:
# Deploy applications to Windows 11 SE with Intune as a managed installer
-Windows 11 SE prevents the installation of third party applications, unless the application is in an [approved list][EDU-1] or the IT admin consults with Microsoft.\
+Windows 11 SE prevents the installation of third party applications, unless the application is in an approved list, or the IT admin consults with Microsoft.\
Starting with Windows 11 SE, version 22H2, you can deploy any applications to Windows 11 SE devices via Intune, without having to contact Microsoft. This is possible because Microsoft has enabled the *Intune Management Extension (IME)* as a *WDAC managed installer*.
In this tutorial, you'll learn how to set up Windows 11 SE devices with the IME as a managed installer, and how to validate the applications deployed via Intune.
@@ -21,7 +21,7 @@ On Windows 11 SE, WDAC applies an *allowlist policy* called *E-Mode*. The E-Mode
When Windows 11 SE was initially released, Microsoft allowed specific application by using [WDAC supplemental policies][WIN-1], with an [allowlist process][EDU-1] done on an app-by-app basis.
-Starting in Windows 11 SE, version 22H2, Microsoft enabled the IME as a managed installer. Applications deployed through Microsoft Intune will be automatically allowed on Windows 11 SE, removing the allowlist process requirement.
+Starting in Windows 11 SE, version 22H2, Microsoft enabled the IME as a managed installer. Applications deployed through Microsoft Intune will be automatically allowed on Windows 11 SE, removing the allowlist process requirement. For more information, see [How does a managed installer work?][WIN-2]
> [!NOTE]
> End-users of Windows 11 SE devices still cannot install and use arbitrary applications without being blocked. Only IT admins can control what apps are allowed.
@@ -68,7 +68,7 @@ Advance to the next article to learn which application can be deployed to Window
> [!div class="nextstepaction"]
> [Next: app deployment considerations >](deploy-apps.md)
-[EDU-1]: https://learn.microsoft.com/education/windows/windows-11-se-overview#add-your-own-applications
-[EDU-2]: https://learn.microsoft.com/education/windows/windows-11-se-overview#available-applications
+[EDU-1]: /education/windows/windows-11-se-overview#add-your-own-applications
[EXT-1]: https://www.microsoft.com/en-us/education/intune
-[WIN-1]: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create
\ No newline at end of file
+[WIN-1]: /windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create
+[WIN-2]: /windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer#how-does-a-managed-installer-work
\ No newline at end of file
diff --git a/education/windows/tutorial-managed-installer/deploy-apps.md b/education/windows/tutorial-managed-installer/deploy-apps.md
index 182961f8fa..e31fe21348 100644
--- a/education/windows/tutorial-managed-installer/deploy-apps.md
+++ b/education/windows/tutorial-managed-installer/deploy-apps.md
@@ -1,7 +1,7 @@
---
title: Applications deployment considerations
description: Learn how to deploy different types of applications to Windows 11 SE and some considerations before deploying them.
-ms.date: 02/27/2023
+ms.date: 02/28/2023
ms.topic: tutorial
appliesto:
- ✅ Windows 11 SE, version 22H2 and later
@@ -14,14 +14,14 @@ appliesto:
The process to deploy applications to Windows SE devices via Microsoft Intune, is the same used for non-SE devices.\
However, on Windows SE devices, apps may successfully install, but they need validation to be certain that they are functional.
-The following table details the applications types that can be deployed to Windows devices via Intune, and considerations about the installation on Windows SE:
+The following table details the applications types that can be deployed to Windows devices via Intune, and Windows SE installation considerations:
|**Installer/App type**|**Installer extensions**|**Available installation methods via Intune**|**Considerations for Windows 11 SE**|
|-|-|-|-|
-|Win32|`.exe`
`.msi`|Microsoft Store integration (Windows Package Manager)[Intune Management Extension (IME)](mem/intune/apps/apps-win32-app-management)|✅ Deploy using IME.
There are known limitations that might prevent a specific app from being installed. For more information, see [validate applications](validate-applications#known-limitations).|
-| Progressive Web Apps (PWAs) |`.msix`|Microsoft Store integration (Windows Package Manager)[Force-installed web Apps](/deployedge/microsoft-edge-policies#configure-list-of-force-installed-web-apps) via [settings catalog policies](/mem/intune/configuration/settings-catalog)|✅ use settings catalog policies as PWAs deployed from the Store are not supported.|
-| Web links | n/a | [Web apps](/mem/intune/apps/web-app)|✅||[Universal Windows Platform (UWP)](/windows/uwp/get-started/universal-application-platform-guide) LOB apps - private, internal line-of-business apps|`.appx`
`.appxbundle`
`.msix`
|[Deploy as line-of-business apps][MEM-4]|✅|
-|[Universal Windows Platform (UWP)](/windows/uwp/get-started/universal-application-platform-guide) public apps - apps publicly available from an independent software vendor|`.appx`
`.appxbundle`
`.msix`
|Integration with Microsoft Store (Windows Package Manager)|⛔ currently unsupported|
+|[Win32][WIN-1]|`.exe`
`.msi`|- Intune Management Extension (IME)
- Microsoft Store integration (Windows Package Manager)|✅ Deploy using IME.
There are known limitations that might prevent a specific app from being installed. For more information, see [validate applications](validate-apps#known-limitations).
⛔It's currently unsupported to use the Microsoft Store to deploy Win32 apps.|
+|[Progressive Web Apps (PWAs)][EDGE-2] |`.msix`|- Settings catalog policies
- Microsoft Store integration (Windows Package Manager)|✅ Use settings catalog policies.
⛔It's currently unsupported to use the Microsoft Store to deploy PWAs.|
+|Web links| n/a |- Deploy as web apps|✅ Web links are supported.|
+|[Universal Windows Platform (UWP)](/windows/uwp/get-started/universal-application-platform-guide)|`.appx`
`.appxbundle`
`.msix`
|- For private, line-of-business (LOB) apps, [deploy as line-of-business apps][MEM-4]
- For public apps: Microsoft Store integration (Windows Package Manager)|✅ LOB apps are supported.
⛔ It's currently unsupported to use the Microsoft Store to deploy UWP apps.|
> [!IMPORTANT]
> Although you'll be able to install apps on Windows 11 SE devices via Intune, some apps may not perform well on these devices due those apps' minimum spec requirements.
@@ -30,7 +30,7 @@ The following table details the applications types that can be deployed to Windo
## Win32 apps
-Win32 apps are installed from Intune via an *.intunewin* package created by the IntuneWinAppUtil command line tool.\
+Win32 apps are installed from Intune via an *.intunewin* package created by the `IntuneWinAppUtil.exe` command line tool.\
Once the package is created, it can be uploaded to Intune and deployed to devices.
For more information, see:
@@ -38,14 +38,16 @@ For more information, see:
- [Prepare a Win32 app to be uploaded to Microsoft Intune][MEM-2]
- [Add and assign Win32 apps to Microsoft Intune][MEM-3]
-There are known limitations that might prevent a specific app from being installed. For more information, see [validate applications](validate-applications#known-limitations)
+There are known limitations that might prevent a specific app from being installed. For more information, see the next section [validate applications](validate-applications#known-limitations).
-
-Win32 apps can be deployed through the Microsoft Store.
+> [!NOTE]
+> While Win32 apps can be deployed through the Microsoft Store integration with Intune, it's currently an unsupported deployment method for Windows 11 SE.
## PWA apps
-PWA apps can be deployed via Intune using the [Microsoft Store integration (Windows Package Manager)][M365-1] or via [Microsoft Edge policies][EDGE-1].
+PWA apps can be deployed using the [Force-installed web Apps](/deployedge/microsoft-edge-policies#configure-list-of-force-installed-web-apps) option via [settings catalog policies](/mem/intune/configuration/settings-catalog).
+
+[Microsoft Store integration (Windows Package Manager)][M365-1] or via [Microsoft Edge policies][EDGE-1].
Currently, Windows 11 SE supports the deployment via Microsoft Edge policies only.
## UWP apps
@@ -58,25 +60,21 @@ You have an msix, appx, etc. file for installing the app (LOB app). Follow the i
UWP apps deployed through Intune via Apps > Microsoft Store (new) are currently unsupported for Windows 11 SE.
-[EDGE-1]: https://learn.microsoft.com/deployedge/microsoft-edge-policies
+## Web apps
-[M365-1]: https://learn.microsoft.com/microsoft-365/education/deploy/microsoft-store-for-education
+## Next steps
-[MEM-1]: https://learn.microsoft.com/mem/intune/apps/apps-windows-10-app-deploy
-[MEM-2]: https://learn.microsoft.com/mem/intune/apps/apps-win32-prepare
-[MEM-3]: https://learn.microsoft.com/mem/intune/apps/apps-win32-add
-[MEM-4]: https://learn.microsoft.com/mem/intune/apps/lob-apps-windows
+Advance to the next article to learn how to validate the applications deployed to Windows 11 SE devices.
+> [!div class="nextstepaction"]
+> [Next: validate apps >](validate-apps.md)
+[EDGE-1]: /deployedge/microsoft-edge-policies
+[EDGE-2]: /microsoft-edge/progressive-web-apps-chromium
-
\ No newline at end of file
+[MEM-1]: /mem/intune/apps/apps-windows-10-app-deploy
+[MEM-2]: /mem/intune/apps/apps-win32-prepare
+[MEM-3]: /mem/intune/apps/apps-win32-add
+[MEM-4]: /mem/intune/apps/lob-apps-windows
+
+[WIN-1]: /windows/win32
\ No newline at end of file
diff --git a/education/windows/tutorial-managed-installer/Validate-applications.md b/education/windows/tutorial-managed-installer/validate-apps.md
similarity index 100%
rename from education/windows/tutorial-managed-installer/Validate-applications.md
rename to education/windows/tutorial-managed-installer/validate-apps.md