Tuesday, July 13, 2021

MICROSOFT PRIVATE STORE and INTEGRATION

TanTran_0-1626149392882.gif

MICROSOFT STORE 

Microsoft Store for Business and Microsoft Store for Education – MSfB and MSfE are available to Windows 10 devices. The following features and advantages are available: 

  • Designed for organizations, Microsoft Store for Business (MSfB) and Microsoft Store for Education (MSfE) give IT a flexible way to find, bulk app acquire, manage, and distribute free and paid apps to Windows 10 devices.  
  • IT administrators can manage Microsoft Store apps and private line-of-business apps in one inventory, plus assign and re-use licenses as needed. 
  • Admin can choose the best distribution method for your organization: directly assign apps to individuals and teams, publish apps to private pages in Microsoft Store, or deploy apps by management tools (MDM, MECM, …). 
  • Private store - Your private store is available as a tab in Microsoft Store app and usually named for your company or organization. Only apps with online licenses can be added to the private store.  

Prerequisites 

  • To manage either Business Store or Education Store, you could use the supported browsers, include Internet Explorer 10 or later, current versions of Microsoft Edge, Chrome or Firefox.  
  • JavaScript must be supported and enabled. 
  • To deploy on target: Windows 10, version 1511 or later, on a PC or mobile device. 
  • Microsoft Azure Active Directory (AD) accounts for your employees: 
  • Admins need Azure AD accounts to sign up for Store for Business and Education, and then to sign in, get apps, distribute apps, and manage app licenses.  
  • Employees need an Azure AD account when they access Store for Business content from Windows devices. 
  • For offline-licensed apps, Azure AD accounts are not required for employees. 
  • The MSfB includes the roles: Admin (full control), Purchaser for MSfB or Basic Purchaser for MSfE (acquire, distribute app), Device Guard Signer (sign device to be allowed access) 

App licensing model 

Store for Business and Education supports two license options for apps: online and offline.  

  • Online licensing is the default licensing model and is similar to the licensing model for Microsoft Store. Online licensed apps require users and devices to connect to Microsoft Store services to acquire an app and its license.  
  • Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs (Independent SW Vendor) or devs can opt in their apps for offline licensing when they submit them to the developer center. 

Sign up for Microsoft Store 

Before signing up for Microsoft Store, make sure you're the global administrator for your organization. 

To sign up for Microsoft Store 

     > Go to  https://businessstore.microsoft.com 

              or https://educationstore.microsoft.com 

      > Click Sign up. Use your Azure AD account and sign in to Store for Business 

      > Activate Private Store (Your Company Name Store) Click on Private Store 

TanTran_1-1626149615731.png

>  Click “activate private store”: 

TanTran_2-1626149671260.png

>  Accept the service agreement 

 

To Add Configuration Manager as a management tool  

>  In the Windows Store for Business, go to Manage (menu) 

>  Settings, Distribute 

>  Add Management tool (link) 

TanTran_6-1626150014675.png

>  Search box, typing in name of the Azure AD’s registered app you create from MECM Console in the previous step: 

TanTran_7-1626150084873.png

 

 

TanTran_9-1626150084877.png

 

 >  Make sure the status is Active as shown here: 

TanTran_23-1626150332621.png

 

Assign roles to employees 

>  Go to Manage (menu), Permissions 

>  Roles (menu)

TanTran_24-1626150510073.png

 >  Assign roles

 >  Type in the email address of the User you want to assign the role 

 >  Check the permissions to be assigned: 

TanTran_25-1626150659279.png

>  Save 

 

To Add App offline license type and download the app package 

 In MECMConsole, synchronize between MECMCloud service and Microsoft Store for Business to get all the assigned apps. 

 >  Shop for my group 

TanTran_13-1626150084886.png

 

 >  Manage, Download 

 

INTEGRATE PRIVATE STORE TO SCCM 

Manage apps from the Microsoft Store for Business and Education with Configuration Manager 

Configuration Manager supports managing Microsoft Store for Business and Education apps on both Windows 10 devices with the Configuration Manager client, and also Windows 10 devices enrolled with Microsoft Intune. Configuration Manager offers the following capabilities for online and offline apps: 

 

SUMMARY OF CAPABILITIES 

Capability 

Offline apps 

Online apps 

Synchronize app data to Configuration Manager 
(synchronization occurs every 24 hours) 

Yes 

Yes 

Create Configuration Manager applications from store apps 

Yes 

Yes 

Support for free apps from the store 

Yes 

Yes 

Support for paid apps from the store 

No 

YesNote 1 

Support required deployments to user or device collections 

Yes 

Yes 

Support available deployments to user or device collections 

Yes 

Yes 

Support line-of-business apps from the store 

Yes 

Yes 

Provision a store app for all users on a device 

Yes 

Yes 

 

Note 1:  

Windows 10, version 1703 or later. 

Once Microsoft Store for Business (MSfB) is integrated with SCCM, the apps will get automatically synced from MSfB to ConfigMgr. View these apps in the MECM console, and deploy them like you deploy any other apps. 

MECM and App store will automatically sync every 10 min. 

Procedure: 

  • Create MS Store App in MECM Console\Azure Service Administration workspace\Azure Services, right click 

>  Configure Azure Services 

TanTran_26-1626150869845.png

>  Sign in with your Azure Global Admin Credential 

>  Create Azure App for MSStore 

 

TanTran_27-1626150980173.png

>  Choose the language for App: 

 

TanTran_28-1626151068846.png

 >  Add the online/offline Apps in the store and create the same in MECM as an application 

 >  Synchronize MS Store Apps to MECM,  

 >  Check the last sync status: succeeded 

TanTran_17-1626150084901.png

 

Troubleshooting 

No permission for App shared folder 

>  Check log WsfbSyncWorker.log in Configuration Manager\Logs folder: 

TanTran_29-1626151275582.png

>  Add share and security NTFS permission for the App shared folder 

 

Unauthorized access to business store 

TanTran_30-1626151438759.png>  Check admin permissions on the store, In Manage\Settings 

 

TanTran_31-1626151587460.png

 

>  In Microsoft Store for Business, go to Settings\Distribute\Management Tools 

 

Make sure the status of ConfigMgrMSStore is Active as shown here: 

TanTran_32-1626151663891.png

 

>  Make sure the is no blocked access by Windows Firewall or Network Proxy Firewall to Microsoft Store URL on port 443, https as per Microsoft document. 

>  Wait for 10 minutes for the next synced cycle to be kicked in and check the Console, refresh WSfBSyncWorker.log if the error is clear now: 

TanTran_33-1626151781549.png

>  Checking WSfBSyncWorker.log if there is no current error: 

 

More Troubleshooting here 

 

 Reference: 

 

 

 

 

 

 

 

Posted at https://sl.advdat.com/3ebTMtS
Labels: ,