Endpoint Microsoft 365 Security

How to Manage Apps and Software Updates with Intune

jpsanz
troubleshooting

Introduction

Managing apps and software updates is a crucial task for any IT administrator. You want to ensure that your users have access to the latest features, security patches, and bug fixes, while also avoiding compatibility issues, downtime, and data loss. But how can you do that efficiently and effectively across a diverse and dynamic device fleet?

That is where Intune comes in. Intune is a cloud-based service that lets you manage mobile devices, PCs, and apps from a single console. You can deploy, configure, update, and monitor apps and software on your devices, whether they are corporate-owned or personal, Windows or iOS, online or offline. You can also protect your data and enforce compliance policies with Intune’s built-in security features.

In this blog post, we will show you how to use Intune to manage apps and software updates on your devices. We will cover the following topics:

  • How to add and assign apps to your devices
  • How to configure app settings and policies
  • How to monitor app status and usage
  • How to manage software updates for Windows 10 devices
  • How to troubleshoot common app and update issues

How to add and assign apps to your devices

Intune supports a variety of app types, including web apps, mobile apps, Office 365 apps, Microsoft Store for Business apps, and line-of-business (LOB) apps. You can add apps to Intune from various sources, such as the Intune app catalogue, the Microsoft Store, or your own app package files.

To add an app to Intune, follow these steps:

  1. Sign in to the Microsoft Endpoint Manager admin Center.
  2. Select Apps > All apps > Add.
  3. Select the app type you want to add and click Select.
  4. Provide the app information, such as name, description, publisher, and category.
  5. Upload the app file or provide the app URL, depending on the app type.
  6. Configure the app settings, such as icons, detection rules, dependencies, and requirements.
  7. Click Next to review the app information and click Add to finish.

After you add an app to Intune, you can assign it to your devices or users. You can assign an app as required, available, or uninstall. A required app is automatically installed on the device or user group you select. An available app is shown in the Company Portal app or website, where users can choose to install it. An uninstall app is removed from the device or user group you select.

To assign an app to your devices or users, follow these steps:

  1. Sign in to the Microsoft Endpoint Manager admin Center.
  2. Select Apps > All apps and select the app you want to assign.
  3. Select Assignments > Add group.
  4. Select the assignment type you want to use: Required, Available, or Uninstall.
  5. Select the device or user groups you want to assign the app to.
  6. Click Select to save the assignment.

How to configure app settings and policies

Intune allows you to configure app settings and policies to customize and secure your app deployment. You can use app configuration policies to provide app-specific settings, such as server URLs, port numbers, or branding. You can use app protection policies to protect your app data, such as requiring a PIN, encrypting data, or blocking copy and paste.

To create an app configuration policy, follow these steps:

  1. Sign in to the Microsoft Endpoint Manager admin Center.
  2. Select Apps > App configuration policies > Add.
  3. Provide a name and description for the policy.
  4. Select the platform you want to target iOS/iPadOS, Android, or Windows 10.
  5. Select the app you want to configure from the list of apps you have added to Intune.
  6. Configure the app settings, such as key-value pairs, XML data, or JSON data, depending on the app type.
  7. Select Next to review the policy and click Create to finish.

To create an app protection policy, follow these steps:

  1. Sign in to the Microsoft Endpoint Manager admin Center.
  2. Select Apps > App protection policies > Create policy.
  3. Select the platform you want to target iOS/iPadOS, Android, or Windows 10.
  4. Provide a name and description for the policy.
  5. Select the apps you want to protect from the list of apps you have added to Intune.
  6. Configure the data protection settings, such as requiring a PIN, encrypting data, or blocking copy and paste.
  7. Configure the access requirements settings, such as requiring a device compliance status, a minimum OS version, or a biometric authentication.
  8. Configure the conditional launch settings, such as blocking app launch, wiping app data, or notifying users, based on certain conditions.
  9. Select Next to review the policy and click Create to finish.

How to monitor app status and usage

Intune provides you with various reports and dashboards to monitor the status and usage of your apps and software updates. You can view the app inventory, the app installation status, the app protection status, the app configuration status, and the app usage trends. You can also export the reports to Excel or Power BI for further analysis.

To view the app reports and dashboards, follow these steps:

  1. Sign in to the Microsoft Endpoint Manager admin Center.
  2. Select Apps > Monitor.
  3. Select the report or dashboard you want to view from the left pane.
  4. Use the filters, columns, and charts to customize your view.
  5. Select Export to export the data to Excel or Power BI.

How to manage software updates for Windows 10 devices

Intune integrates with Windows Update for Business to manage software updates for Windows 10 devices. You can use Intune to create update rings, which are groups of settings that define how and when updates are installed on your devices. You can also use Intune to monitor the update compliance and troubleshoot the update issues.

To create an update ring, follow these steps:

  1. Sign in to the Microsoft Endpoint Manager admin Center.
  2. Select Devices > Windows > Windows 10 update rings > Create.
  3. Provide a name and description for the update ring.
  4. Configure the update settings, such as the servicing channel, the feature update deferral period, the quality update deferral period, the automatic update behaviour, and the active hours.
  5. Select Next to review the update ring and click Create to finish.

To assign an update ring to your devices or users, follow these steps:

  1. Sign in to the Microsoft Endpoint Manager admin Center.
  2. Select Devices > Windows > Windows 10 update rings and select the update ring you want to assign.
  3. Select Assignments > Include or Exclude.
  4. Select the device or user groups you want to include or exclude from the update ring.
  5. Click Select to save the assignment.

To view the update compliance and troubleshoot the update issues, follow these steps:

  1. Sign in to the Microsoft Endpoint Manager admin Center.
  2. Select Devices > Monitor > Update compliance.
  3. Select the device or user group you want to view the update compliance for.
  4. Use the filters, columns, and charts to customize your view.
  5. Select an update or a device to view the details and the troubleshooting information.

How to troubleshoot common app and update issues

Intune provides you with various tools and resources to troubleshoot common app and update issues. You can use the Troubleshoot blade in the Microsoft Endpoint Manager admin Center to view the device status, the app status, the update status, the policies status, and the alerts. You can also use the Company Portal app or website to view the device and app information, report an issue, or contact your IT support.

To use the Troubleshoot blade, follow these steps:

  1. Sign in to the Microsoft Endpoint Manager admin Center.
  2. Select Troubleshoot.
  3. Select a user or a device to view the troubleshoot information.
  4. Select the tabs to view the device status, the app status, the update status, the policies status, and the alerts.
  5. Select an item to view the details and the remediation steps.

To use the Company Portal app or website, follow these steps:

  1. Open the Company Portal app on your device or go to https://portal.manage.microsoft.com on your browser.
  2. Sign in with your work or school account.
  3. Select the device or the app you want to troubleshoot.
  4. Select the actions or the information you want to perform or view, such as sync, check status, view details, report an issue, or contact IT.

Conclusion

Intune is a powerful and flexible tool that can help you manage apps and software updates on your devices. You can use Intune to deploy, configure, update, and monitor apps and software on your devices, whether they are corporate-owned or personal, Windows or iOS, online or offline. You can also use Intune to protect your data and enforce compliance policies with Intune’s built-in security features.

More info here:

See device configuration policies with Microsoft Intune | Microsoft Learn

Device features and settings in Microsoft Intune | Microsoft Learn

Intune Non-compliance Previous post How to Secure Your Devices and Data with Intune Policies and Compliance
Intune Deploy Devices and Features Next post How to Use Intune to Deploy Windows Devices and Features

One thought on “How to Manage Apps and Software Updates with Intune

  1. Pingback: How to Customize Intune to Fit Your Organization’s Needs and Preferences

Comments are closed.

Related Post