Fotolia

Tip

Navigate Intune app deployment for mobile devices

With the right Intune app deployment methods, IT can manage its Android and iOS users' apps, but the practices are different depending on the OS and the type of mobile apps.

Microsoft Intune allows several different methods for IT to deploy applications to mobile devices.

The methods are different for Google Android and Apple iOS devices, so mobile device admins must learn the best Intune app deployment practices for their managed devices.

Android deployment

For Android devices, IT's best approach to Intune app deployment is through the Managed Google Play store. Google will remove legacy Android management in the upcoming versions of Android, so IT admins should upload these applications to the Google Play store to ensure that they can manage them in newer versions of Android.

IT professionals can search for apps in the Managed Google Play store from the Microsoft Azure Intune portal (Figure 1). After the information syncs from the Managed Google Play store to Microsoft Intune, IT can deploy the app or apps to its users. To use the Managed Google Play store, however, Intune admins must set up a connection between Microsoft Intune and the Managed Google Play store.

For custom line of business (LOB) apps that exist as APK files, IT will need to use the Managed Google Play store as well. The upload costs $25, and once the custom LOB app is on the Managed Google Play store, IT can distribute it like any other Android app.

Managed Google Play search bar
Figure 1. The managed Google Play store's app search function

IOS

IT doesn't have to worry about a lack of legacy management with iOS, so it can deploy LOB apps itself.

For managed iOS devices, IT has a few options for Intune app deployment. The deployment process for most applications will involve the Apple App Store or Apple Volume Purchase Program (VPP), but there are special deployment scenarios for built-in iOS apps and custom LOB apps (Figure 2).

Microsoft Intune integrates natively with the Apple App Store, so the user can directly search in their on-device App Store. When IT deploys an App Store app to a managed mobile device, all the users need is an Apple ID to log into the App Store and install it on their own.

Intune application examples
Figure 2. Examples of built-in apps and VPP apps in Intune

The Apple VPP allows an organization to purchase app access for all of its employees. With this purchase, IT can sync the apps to Microsoft Intune. To use this method of Intune app deployment, organizations need to sign up for the VPP in advance, request a Data Universal Numbering System number, create an Apple ID that is tied to the organization and enroll that Apple ID to the VPP (Figure 3).

VPP's token creation form
Figure 3. VPP token creation for enterprise-wide purchased mobile apps

When Intune admins deploy an app via VPP, the iOS devices set to receive the app do not need an active Apple ID in the App Store to be able to install it. This is a significant advantage for organizations.

Built-in iOS apps support the App Protection Policies of Intune. IT can select these apps from a preset list and add them to its Intune tool for deployment. IT doesn't have to worry about a lack of legacy management with iOS, so it can deploy LOB apps itself or outsource the task to whoever developed the app if it wasn't built in-house.

Intune app deployment options

Once the mobile apps are in Microsoft Intune, IT can deploy them or simply make them available in a few different ways. These Intune app deployment options are Required, Available and Available with or without Enrollment.

If IT marks the app as Required, Intune will trigger an automatic installation on select managed devices.

If IT marks the app as Available, users with a managed mobile device can install it from the Intune Company Portal, but they are not required to.

The Available with or without Enrollment makes the apps available for devices that are not managed via enterprise mobility management or unified endpoint management, but are managed via App Protection Policies from Microsoft Intune. Those users need to go to the web version of the Intune Company Portal (Figure 4).

Intune web portal
Figure 4. Intune's web portal for an organization's published apps

Dig Deeper on Mobile application strategy

Networking
Unified Communications
Security
Close