Installing Offline Microsoft Store Apps with Intune for Intune Government Customers
Hey everyone, Chris Vetter Sr. Cloud Solution Architect at Microsoft. As organizations strive to enhance their digital workplace, the need for seamless app deployment and management becomes more critical. For government entities using an Intune Government Subscription, installing Offline Microsoft Store Apps can present unique challenges and opportunities. This blog post aims to provide a step-by-step guide to help you navigate this process efficiently. Why Choose Offline Microsoft Store Apps? Offline Microsoft Store Apps offer several benefits, especially for government entities that require stringent security and compliance measures: Enhanced Security: Offline apps are not dependent on an internet connection, significantly reducing the risk of external threats. Controlled Deployment: Admins have full control over the app versions being deployed, ensuring that all devices are running the same, tested software. Compliance: Many government organizations have policies that restrict internet access, making offline apps a viable solution. Prerequisites Before you begin, make sure you have the following prerequisites: An active Microsoft Intune subscription Administrative access to Microsoft Intune Access to the download offline apps with Windows Package Manager (Winget) Step-by-Step Guide Acquiring Offline Apps The Microsoft Store for Business/Education was officially retired on August 15 th , 2024, and can no longer be accessed for downloading the offline app packages and their dependencies. The current method to obtain the files is with Windows Package Manager (Winget tool). I am not covering this process in this blog as there are other helpful articles on this which I will link at the bottom of this blog. Downloading the App Package and License Download the app package (in .APPX or .MSIX format) and the corresponding license file. Make sure to store these files in a secure location, as they are required during the Intune deployment process. As of this writing Intune does not have any built-in method to deploy the license so your targeted endpoints will need to be able to reach out to the Microsoft license server to retrieve the license. For this article, I will be using “Company Portal” as the LOB App. Below is a sample of my Winget to download the files and what the downloaded files should look like after a successful download. "Winget download --name "Company Portal" --architecture x64 --accept-package-agreements --accept-source-agreements --authentication-account <Account with Proper Role Assigned>" As for this writing I know version 11.2.900.0 is the latest version for Windows 11 so that is the one I will be selecting. Uploading the App to Intune Now, log in to the Microsoft Intune admin portal. Navigate to Apps > Windows > Add. Select the option to add a Line-of-business app, as this is the category for offline Microsoft Store apps. Configuring the App Information Select the “.AppXBundle” from the downloaded content. You will see a list of dependencies that will need to be uploaded as well. These will be in the dependencies folder in the downloaded content. I specified x64 when I downloaded the content so those are the only dependencies I will have to upload. Fill in the necessary details such as the app name, publisher, and version. You can also add a description and logo to make the app easily identifiable for end users (*HINT: If you use the –show parameter with Winget it will provide most of the info just like from the store application). Assigning the App to Devices Next, assign the proper scope tag (scope tags are necessary for applying RBAC efficiently). Navigate to Assignments and choose the user or device groups that should receive the app. You can configure the deployment to install the app automatically. Monitoring the Deployment After assigning the app, monitor the deployment status in the Microsoft Endpoint Manager admin center. Navigate to Apps > Monitor to check the installation progress and troubleshoot any issues that may arise. Best Practices To ensure smooth deployment, here are some best practices: Test Before Deployment: Always test the app on a few devices before rolling it out organization wide. Regular Updates: Keep track of app updates and new versions to ensure your devices are running the most secure and efficient version. Documentation: Maintain detailed documentation of the deployment process and any issues encountered for future reference. Monitor for new version releases as you will have to repeat this process to update the application Conclusion Installing Offline Microsoft Store Apps with Intune for Intune Government customers can streamline app management and enhance security. By following the steps outlined in this guide, you can ensure a smooth and efficient deployment process. Stay proactive in monitoring and updating your apps to maintain a secure and productive digital environment. Thank you for reading, and happy deploying! Disclaimer The sample scripts are not supported by any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages. All screenshots and folder paths are from a non-production lab environment and can/will vary per environment. All processes and directions are of my own opinion and not of Microsoft and are from my years of experience with the Intune product in multiple customer environments. References Distribute LOB apps to enterprises - Windows apps | Microsoft Learn Downloading Microsoft Store apps using Windows Package Manager - Microsoft Community Hub Windows Package Manager | Microsoft LearnThe Strategic Advantage of AI for the Defense Industrial Base
In an era where technological advancements are rapidly reshaping industries, the Defense Industrial Base (DIB) stands at the threshold of a transformative opportunity through the adoption of Artificial Intelligence (AI). The integration of AI into defense operations promises unprecedented efficiency, operational superiority, and strategic advantages. The Department of Defense believes so much in AI technology that they budgeted $1.8B in FY24 to support AI efforts which could include identifying potential threats or targets on the battlefield.Azure OpenAI FedRAMP High + M365 Copilot Targeting Sept 2025 for GCC High/DOD
We’re excited to share two major updates for our public sector and defense customers: Azure OpenAI Service is now FedRAMP High authorized for Azure Government. This approval allows government agencies to securely leverage advanced AI capabilities, including GPT-4o, within their Azure Government environment. For the first time, we’re targeting a General Availability (GA) of September 2025 for Microsoft 365 Copilot in GCC High and DOD environments (pending government authorization). Copilot will deliver powerful AI tools tailored for decision-making, automation, and enhanced collaboration, all while meeting the strict compliance and security needs of our defense and government customers. For more information on these updates and how they can impact your workflows, check out the full blog post Let’s discuss how you’re planning to use these AI advancements in your environments!Microsoft Copilot for Security and NIST 800-171: Access Control
The second blog in this series will dive into the very first requirement family -Access Control (3.1) - and how organizations may deploy Microsoft Copilot for Security (Security Copilot) to meet the requirements entailed.This requirement family is arguably one of the most paramount because of the remarkable growth in identity-based attacks and the need for identity architects and teams to work more closely with the Security Operations Center (SOC). Microsoft Entra data noted in the Microsoft Digital Defense Report shows the number of “attempted attacks increased more than tenfold compared to the same period in 2022, from around 3 billion per month to over 30 billion. This translates to an average of 4,000 password attacks per second targeting Microsoft cloud identities [2023]”.
