System Center Configuration Manager allows, among the so many things, to centrally manage applications Universal Windows App like Mail, OneNote, Edge and much more. In an advanced management perspective, it is undoubtedly essential to have a company store, with software approved by the IT department, distributed to the various users without having to do something.
During this article we will see how the integration between SCCM and the Microsoft Store for Business is configured, the portal dedicated to the management of the tenant from the Windows point of view. The MSfB it has evolved over time, becoming from before the simple portal to manage business applications, then he saw the management of the corporate wallet and finally was added the part of Autopilot.
The integration between the two worlds once again passes from Microsoft Azure, as you need to create a point of contact between our Azure Active Directory and Configuration Manager. The first step is to register a new Application within the Active Directory Azure profile.
Assign a name, a URL, which should not be speaking, and make sure that the Web app/API entry is selected, as shown in figure 1.
Figure 1 – Creating Apps
Once you have finished creating, you will have to open the Settings part to generate a new Key – figure 2; this will serve to ensure the secure connection between premises and cloud. Set a description and set the Expire period as Never Expire.
Figure 2 – Key Creation
As you can see, the value of the key will not be generated until the Save button is pressed. It is important to remember that this value will be shown only once for security reasons, so make sure you copy it into a file.
Once the key is created, it will be the turn of the configuration within the Store for Business. For those who have never activated it, can do so free of charge through the address https://businessstore.microsoft.com/. Go to the Section Settings – Distribute and add a new Management Tool, as shown in Figure 3.
Figure 3 – New Management Tool
A window will open where you enter the name of the service created within the Azure portal – figure 4.
Figure 4 – Application Search
Configure Configuration Manager
To be able to configure SCCM with the Store you must have at least the build 1706, even if is it closer to end-of-support. You also need to enabling the role Service Connection Point, which deals with the communication with the Azure part.
Within the Azure Services (Administration area) section create a new connector by selecting the Microsoft Store for Business entry, as shown in figure 5.
Figure 5 – New Connector
The choice available from the next screen is the creation or importing the app; having already made this step at the beginning, choose Import Apps. Enter the references required by the wizard:
- Azure AD Tenant Name: available inside the Azure AD tenant
- Azure AD Tenant ID: available inside the Azure AD tenant
- Application Name: the name of the application you created earlier
- Client ID: Application ID of the app you created earlier
- Secret Key: The key generated by the system at the time of application creation
- App ID URI: The URL of the application you created earlier
Validate the results and if everything goes well, figure 6, you can continue, closing the window and assuring you that the app name is brought back into the mask App Properties – figure 7.
Figure 6 – Import Apps
Figure 7 – Imported Application
Your configuration has almost come to an end, you just have to validate it and conclude the wizard – figure 8. From this point forward, you can approve applications from the Store and distribute them in Configuration Manager, like you already done today with Win32 applications.
Figure 8 – End Wizard
Windows 10 and Store
Windows 10 automatically shows public store, which can be turned off GPO side or limited to show only the business part. To do this you can follow the directions Featured in this article: Windows 10: Advanced Management
The integration of SCCM with the Microsoft Store allows you to extend the management features and Simplify the life of IT administrators, both in terms of maintenance and for everything that concerns the centralized distribution of software approved exclusively by the company.
In a next article, we’ll see how manage your apps directly with SCCM.