deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-29 17:23:44 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-02-28 17:03:27 -05:00
parent 867edb7e78
commit dacb950c2d
3 changed files with 31 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
education/windows/tutorial-managed-installer/Overview.md
View File

@ -9,7 +9,7 @@ appliesto:
# Deploy applications to Windows 11 SE with Intune as a managed installer # Deploy applications to Windows 11 SE with Intune as a managed installer
Windows 11 SE prevents the installation of third party applications, unless the application is in an [approved list][EDU-1] or the IT admin consults with Microsoft.\ Windows 11 SE prevents the installation of third party applications, unless the application is in an approved list, or the IT admin consults with Microsoft.\
Starting with Windows 11 SE, version 22H2, you can deploy any applications to Windows 11 SE devices via Intune, without having to contact Microsoft. This is possible because Microsoft has enabled the *Intune Management Extension (IME)* as a *WDAC managed installer*. Starting with Windows 11 SE, version 22H2, you can deploy any applications to Windows 11 SE devices via Intune, without having to contact Microsoft. This is possible because Microsoft has enabled the *Intune Management Extension (IME)* as a *WDAC managed installer*.
In this tutorial, you'll learn how to set up Windows 11 SE devices with the IME as a managed installer, and how to validate the applications deployed via Intune. In this tutorial, you'll learn how to set up Windows 11 SE devices with the IME as a managed installer, and how to validate the applications deployed via Intune.
@ -21,7 +21,7 @@ On Windows 11 SE, WDAC applies an *allowlist policy* called *E-Mode*. The E-Mode
When Windows 11 SE was initially released, Microsoft allowed specific application by using [WDAC supplemental policies][WIN-1], with an [allowlist process][EDU-1] done on an app-by-app basis. When Windows 11 SE was initially released, Microsoft allowed specific application by using [WDAC supplemental policies][WIN-1], with an [allowlist process][EDU-1] done on an app-by-app basis.
Starting in Windows 11 SE, version 22H2, Microsoft enabled the IME as a managed installer. Applications deployed through Microsoft Intune will be automatically allowed on Windows 11 SE, removing the allowlist process requirement. Starting in Windows 11 SE, version 22H2, Microsoft enabled the IME as a managed installer. Applications deployed through Microsoft Intune will be automatically allowed on Windows 11 SE, removing the allowlist process requirement. For more information, see [How does a managed installer work?][WIN-2]
> [!NOTE] > [!NOTE]
> End-users of Windows 11 SE devices still cannot install and use arbitrary applications without being blocked. Only IT admins can control what apps are allowed. > End-users of Windows 11 SE devices still cannot install and use arbitrary applications without being blocked. Only IT admins can control what apps are allowed.
@ -68,7 +68,7 @@ Advance to the next article to learn which application can be deployed to Window
> [!div class="nextstepaction"] > [!div class="nextstepaction"]
> [Next: app deployment considerations >](deploy-apps.md) > [Next: app deployment considerations >](deploy-apps.md)
[EDU-1]: https://learn.microsoft.com/education/windows/windows-11-se-overview#add-your-own-applications [EDU-1]: /education/windows/windows-11-se-overview#add-your-own-applications
[EDU-2]: https://learn.microsoft.com/education/windows/windows-11-se-overview#available-applications
[EXT-1]: https://www.microsoft.com/en-us/education/intune [EXT-1]: https://www.microsoft.com/en-us/education/intune
[WIN-1]: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create [WIN-1]: /windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create
[WIN-2]: /windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer#how-does-a-managed-installer-work

54
education/windows/tutorial-managed-installer/deploy-apps.md
View File

@ -1,7 +1,7 @@
--- ---
title: Applications deployment considerations title: Applications deployment considerations
description: Learn how to deploy different types of applications to Windows 11 SE and some considerations before deploying them. description: Learn how to deploy different types of applications to Windows 11 SE and some considerations before deploying them.
ms.date: 02/27/2023 ms.date: 02/28/2023
ms.topic: tutorial ms.topic: tutorial
appliesto: appliesto:
-<a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE, version 22H2 and later</a> -<a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE, version 22H2 and later</a>
@ -14,14 +14,14 @@ appliesto:
The process to deploy applications to Windows SE devices via Microsoft Intune, is the same used for non-SE devices.\ The process to deploy applications to Windows SE devices via Microsoft Intune, is the same used for non-SE devices.\
However, on Windows SE devices, apps may successfully install, but they need validation to be certain that they are functional. However, on Windows SE devices, apps may successfully install, but they need validation to be certain that they are functional.
The following table details the applications types that can be deployed to Windows devices via Intune, and considerations about the installation on Windows SE: The following table details the applications types that can be deployed to Windows devices via Intune, and Windows SE installation considerations:
|**Installer/App type**|**Installer extensions**|**Available installation methods via Intune**|**Considerations for Windows 11 SE**| |**Installer/App type**|**Installer extensions**|**Available installation methods via Intune**|**Considerations for Windows 11 SE**|
|-|-|-|-| |-|-|-|-|
|Win32|`.exe`<br>`.msi`|<li>Microsoft Store integration (Windows Package Manager)</li><li>[Intune Management Extension (IME)](mem/intune/apps/apps-win32-app-management)</li>|✅ Deploy using IME.<br>There are known limitations that might prevent a specific app from being installed. For more information, see [validate applications](validate-applications#known-limitations).| |[Win32][WIN-1]|`.exe`<br>`.msi`|- Intune Management Extension (IME)<br> - Microsoft Store integration (Windows Package Manager)|✅ Deploy using IME.<br>There are known limitations that might prevent a specific app from being installed. For more information, see [validate applications](validate-apps#known-limitations).<br><br>⛔It's currently unsupported to use the Microsoft Store to deploy Win32 apps.|
| Progressive Web Apps (PWAs) |`.msix`|<li>Microsoft Store integration (Windows Package Manager)</li><li>[Force-installed web Apps](/deployedge/microsoft-edge-policies#configure-list-of-force-installed-web-apps) via [settings catalog policies](/mem/intune/configuration/settings-catalog)</li>|✅ use settings catalog policies as PWAs deployed from the Store are not supported.| |[Progressive Web Apps (PWAs)][EDGE-2] |`.msix`|- Settings catalog policies<br>- Microsoft Store integration (Windows Package Manager)|✅ Use settings catalog policies.<br><br>⛔It's currently unsupported to use the Microsoft Store to deploy PWAs.|
| Web links | n/a | [Web apps](/mem/intune/apps/web-app)|✅||[Universal Windows Platform (UWP)](/windows/uwp/get-started/universal-application-platform-guide) LOB apps - private, internal line-of-business apps|`.appx`<br>`.appxbundle`<br>`.msix`<br>|[Deploy as line-of-business apps][MEM-4]|✅| |Web links| n/a |- Deploy as web apps|✅ Web links are supported.|
|[Universal Windows Platform (UWP)](/windows/uwp/get-started/universal-application-platform-guide) public apps - apps publicly available from an independent software vendor|`.appx`<br>`.appxbundle`<br>`.msix`<br>|Integration with Microsoft Store (Windows Package Manager)|⛔ currently unsupported| |[Universal Windows Platform (UWP)](/windows/uwp/get-started/universal-application-platform-guide)|`.appx`<br>`.appxbundle`<br>`.msix`<br>|- For private, line-of-business (LOB) apps, [deploy as line-of-business apps][MEM-4]<br>- For public apps: Microsoft Store integration (Windows Package Manager)|✅ LOB apps are supported.<br><br>⛔ It's currently unsupported to use the Microsoft Store to deploy UWP apps.|
> [!IMPORTANT] > [!IMPORTANT]
> Although you'll be able to install apps on Windows 11 SE devices via Intune, some apps may not perform well on these devices due those apps' minimum spec requirements. > Although you'll be able to install apps on Windows 11 SE devices via Intune, some apps may not perform well on these devices due those apps' minimum spec requirements.
@ -30,7 +30,7 @@ The following table details the applications types that can be deployed to Windo
## Win32 apps ## Win32 apps
Win32 apps are installed from Intune via an *.intunewin* package created by the IntuneWinAppUtil command line tool.\ Win32 apps are installed from Intune via an *.intunewin* package created by the `IntuneWinAppUtil.exe` command line tool.\
Once the package is created, it can be uploaded to Intune and deployed to devices. Once the package is created, it can be uploaded to Intune and deployed to devices.
For more information, see: For more information, see:
@ -38,14 +38,16 @@ For more information, see:
- [Prepare a Win32 app to be uploaded to Microsoft Intune][MEM-2] - [Prepare a Win32 app to be uploaded to Microsoft Intune][MEM-2]
- [Add and assign Win32 apps to Microsoft Intune][MEM-3] - [Add and assign Win32 apps to Microsoft Intune][MEM-3]
There are known limitations that might prevent a specific app from being installed. For more information, see [validate applications](validate-applications#known-limitations) There are known limitations that might prevent a specific app from being installed. For more information, see the next section [validate applications](validate-applications#known-limitations).
> [!NOTE]
Win32 apps can be deployed through the Microsoft Store. > While Win32 apps can be deployed through the Microsoft Store integration with Intune, it's currently an unsupported deployment method for Windows 11 SE.
## PWA apps ## PWA apps
PWA apps can be deployed via Intune using the [Microsoft Store integration (Windows Package Manager)][M365-1] or via [Microsoft Edge policies][EDGE-1]. PWA apps can be deployed using the [Force-installed web Apps](/deployedge/microsoft-edge-policies#configure-list-of-force-installed-web-apps) option via [settings catalog policies](/mem/intune/configuration/settings-catalog).
[Microsoft Store integration (Windows Package Manager)][M365-1] or via [Microsoft Edge policies][EDGE-1].
Currently, Windows 11 SE supports the deployment via Microsoft Edge policies only. Currently, Windows 11 SE supports the deployment via Microsoft Edge policies only.
## UWP apps ## UWP apps
@ -58,25 +60,21 @@ You have an msix, appx, etc. file for installing the app (LOB app). Follow the i
UWP apps deployed through Intune via Apps > Microsoft Store (new) are currently unsupported for Windows 11 SE. UWP apps deployed through Intune via Apps > Microsoft Store (new) are currently unsupported for Windows 11 SE.
[EDGE-1]: https://learn.microsoft.com/deployedge/microsoft-edge-policies ## Web apps
[M365-1]: https://learn.microsoft.com/microsoft-365/education/deploy/microsoft-store-for-education ## Next steps
[MEM-1]: https://learn.microsoft.com/mem/intune/apps/apps-windows-10-app-deploy Advance to the next article to learn how to validate the applications deployed to Windows 11 SE devices.
[MEM-2]: https://learn.microsoft.com/mem/intune/apps/apps-win32-prepare
[MEM-3]: https://learn.microsoft.com/mem/intune/apps/apps-win32-add
[MEM-4]: https://learn.microsoft.com/mem/intune/apps/lob-apps-windows
> [!div class="nextstepaction"]
> [Next: validate apps >](validate-apps.md)
[EDGE-1]: /deployedge/microsoft-edge-policies
[EDGE-2]: /microsoft-edge/progressive-web-apps-chromium
<!-- [MEM-1]: /mem/intune/apps/apps-windows-10-app-deploy
| **Application type** | **Installer extensions** | **Example** | **Installable via Intune** | [MEM-2]: /mem/intune/apps/apps-win32-prepare
|---|---|---|---| [MEM-3]: /mem/intune/apps/apps-win32-add
| Win32 | <li>.exe</li><li>.msi</li>|<li>Kite Student Portal</li><li>JAWS</li><li>Zoom</li>| Installable* | [MEM-4]: /mem/intune/apps/lob-apps-windows
| UWP Line of business apps | <li>.msix</li><li>.msixbundle</li><li>.appx</li><li>.appxbundle</li> | These are usually custom developed apps |<li>Not installable via IME initially</li><li>Requires writing additional WDAC supplemental policy</li> |
| Progressive Web Apps (PWAs) |<li>.msix</li>|<li>Outlook</li><li>Wikipedia</li>| <li>PWAs in an MSIX is not installable via IME</li><li>PWAs can be deployed through [Microsoft Edge policies in Intune][EDGE-1]</li>| [WIN-1]: /windows/win32
| Store For Education | N/A | <li>QuickAssist</li><li>Kortext</li> | <li>Not installable via IME initially</li><li>Requires writing additional WDAC supplemental policy</li> |
| Microsoft Store app (legacy) option in Intune | N/A | Kortext | Apps provisioned via this option in Intune are not compatible with Windows 11 SE. If you need to install Store apps, use the Store for Education instead. |
| Microsoft Store app (new) option in Intune | N/A | <li>Adobe Reader DC</li><li>(Win32) Kortext (UWP)</li> | UWP Store apps provisioned via this option in Intune are not compatible with Windows 11 SE. If you need to install UWP Store apps, use the Store for Education instead. Win32 Store apps provisioned via this option in Intune are installable*. |
| Web links | N/A | https://outlook.com | Installable; link to web page shows up in the Start Menu |
-->

0
education/windows/tutorial-managed-installer/Validate-applications.md → education/windows/tutorial-managed-installer/validate-apps.md
View File