Microsoft is altering the way you ship managed functions to consumer desktops. It’s time to rethink the way you’re doing it.
Microsoft is within the course of of fixing how companies use the Microsoft Retailer, because it brings its Package deal Supervisor tooling into Endpoint Supervisor, deprecating the present Microsoft Retailer for Enterprise service. This implies it should now not be potential to make use of the Microsoft Retailer to purchase utility licenses, although you’ll nonetheless have the ability to obtain free and individually licensed functions.
A part of the answer comes with modifications to how Microsoft monetizes its retailer, together with large modifications in the way it suits into the Home windows ecosystem. This enables distributors to supply their very own licensing and cost frameworks outdoors of the Home windows Retailer, and even to make use of their very own obtain amenities. The place you used to have to purchase and deploy instruments like Adobe’s Artistic Cloud instantly from Adobe, now you can let customers obtain the Artistic Cloud utility from the shop and use assigned licenses to ship functions to their PCs.
SEE: Ethics coverage: Vendor relationships (TechRepublic Premium)
This fashion you may maintain a separate contractual relationship with corporations, assigning enterprise subscriptions to customers’ e-mail addresses. The shop is simply an preliminary gateway – all downloads really come from their very own servers or hosted repositories.
Some companies used the Retailer for Enterprise to deploy options just like the Home windows HEVC codecs to their customers. Whereas pay-for functions like this received’t be accessible by way of the brand new Retailer companies, customers who’re operating an up-to-date Home windows set up received’t want to put in many of those apps, as they’re now options in present Home windows releases.
Supply through winget
One fascinating side of the transition is the choice of utilizing winget with personal repositories, both operating your personal or working with hosted companies like Winget Professional. This strategy avoids Microsoft’s restrictions on internet hosting paid functions. After you have licensed installers, you may retailer them in a winget repository, utilizing scripts to deploy the functions to customers. You have to to supply your personal auditing although, making certain that you’ve got the appropriate variety of licenses for deployed functions.
These personal winget repositories don’t have to be yours. It’s simple to see software program distributors providing their very own, and offering winget scripts to be used in your networks. Right here Endpoint Supervisor turns into the tooling for subscribing to those repositories, and for delivering obtain scripts to customers primarily based on their Azure Energetic Listing memberships.
Scripting winget
Scripting winget is comparatively easy. Microsoft offers examples of each batch scripts and PowerShell, so you may present start-up actions that maintain consumer functions updated. Alternatively, distant PowerShell actions can deal with updates and installs, utilizing silent installs to attenuate consumer disruption. How winget installs functions is dependent upon the installer sort, so it’s possible you’ll have to repackage an installer to get the choices you want.
It’s vital to check winget scripts earlier than you run them. It would run installs in sequence, launching one when the earlier finishes; nevertheless, some installers launch secondary processes, having a grasp installer that runs different installers so as to add modules. This will trigger winget to launch the following installer earlier than one has completed. Use winget’s logs to know how installs run and, if obligatory, you may add timeouts between installs to keep away from any potential clashes.
The highway to fashionable administration instruments
Through the use of Endpoint Supervisor to regulate entry to private and non-private repositories, you’re shifting into utilizing fashionable administration instruments. Azure Energetic Listing turns into the supply of information about customers, offering role-based entry to repositories and to the scripts used to ship functions. Now you can make sure who has put in an utility, who’s updated and who is definitely utilizing it. This strategy simplifies maintaining your community safe and understanding if you happen to’re appropriately licensed. With over-licensing as a lot of an issue as under-licensing, there’s the prospect of serious financial savings with the transition to a extra managed software program distribution mannequin.
Intune customers can then discover revealed functions by way of the Firm Portal, permitting them to put in on their very own. Admins can deal with it as a extra user-friendly model of the Configuration Supervisor Software program Middle.
In case you’re utilizing the Microsoft Retailer for Enterprise, it’s time to begin planning your transition to this new winget-powered world. Microsoft will first launch its personal repository, which can be a mirror of the Microsoft Retailer, providing you with entry to all of the apps accessible to Home windows customers. Non-public repositories will comply with in 2023, providing you with time to contemplate if you want to repackage functions.
How modifications to the Microsoft Retailer imply modifications to Autopilot
The modifications will have an effect on how you utilize Autopilot to configure new {hardware} remotely. Because it’s at present constructed round utilizing the Microsoft Retailer for Enterprise to host deployment profiles, you’ll want to alter to one among two choices: Intune or the Microsoft 365 Admin Middle. Autopilot profiles might be registered and managed utilizing each instruments, although you could have to manually migrate them from the Microsoft Retailer. In case you’re working with an OEM to register new gadgets with Autopilot, you will have to provide them a hyperlink to the brand new location for the mandatory consent type, which can be accessible within the Microsoft 365 Admin Middle.
The brand new Endpoint Supervisor/Microsoft Retailer integration is at present in personal preview, with a wider public preview due quickly. This can be accessible inside current Endpoint Supervisor situations, marked as preview, permitting you to begin experimenting. Microsoft is making an enormous change right here that impacts the way you each deploy new gadgets and handle functions, so it’s best to begin work on migrating to the brand new service as quickly as potential to keep away from any lapses in service that would have an effect on delivering safety updates to your customers.
It’s clear from studying feedback to Microsoft’s weblog posts on the topic that the largest challenge for a lot of admins is shifting to Intune as their fundamental administration platform. In the present day’s Intune is now a mature administration platform that provides a lighter weight strategy to administration utilizing MDM tooling moderately than group insurance policies, an strategy that’s extra consumer pleasant and reduces go browsing instances. It could take a while emigrate insurance policies to a brand new platform, shifting teams of customers throughout when you’ve configured and examined related insurance policies.
Placing all of the items collectively received’t be as exhausting because it seems at first. The instruments could also be completely different, however the underlying philosophy hasn’t modified. If something, the addition of personal repositories and winget assist ought to imply a way more versatile platform for managing the software program deployed to your fleet of PCs.
