]

Solution

  • Workspace ONE

Type

  • Document

Level

  • Intermediate

Category

  • Operational Tutorial

Product

  • Workspace ONE UEM

Phase

  • Manage

Use-Case

  • Business Continuity

Integrating Microsoft Store for Business: VMware Workspace ONE Operational Tutorial

Workspace ONE UEM 1810 and later

Overview

Introduction

VMware provides this operational tutorial to help you with your VMware Workspace ONE® environment. This tutorial shows you how to use VMware Workspace ONE® UEM to manage Windows 10 applications through a series of exercises including managing online and offline applications from Microsoft Store for Business.

Audience

This operational tutorial is intended for IT professionals and Workspace ONE administrators of existing production environments. Both current and new administrators can benefit from using this tutorial. 

Familiarity with networking and storage in a virtual environment is assumed, including Active Directory, identity management, and directory services. Knowledge of additional technologies such as VMware Workspace ONE® Access (formerly VMware Identity Manager) and VMware Workspace ONE® UEM  and Microsoft Store for Business is also helpful.

Understanding Microsoft Store for Business

The Microsoft Store for Business enables you to acquire, manage, and distribute applications in bulk. If you use Workspace ONE UEM to manage your Windows 10 devices, you can integrate the two systems.

After integration, you can acquire applications from the Microsoft Store for Business and distribute the applications and manage their updated versions with Workspace ONE UEM. 

This tutorial explains how to deploy acquired apps using Workspace ONE UEM. For information about Microsoft Store for Business processes, see Microsoft Store for Business and Education on Microsoft Docs.

Microsoft Store for Business Application Licensing Model

Microsoft Store for Business and Education supports two license options for apps: Online and Offline

Online Licensing

Online licensing is the default licensing model and is similar to the licensing model for Microsoft Store. Online licensed apps require users and devices to connect to Microsoft Store services to acquire an app and its license.

Note: Online licensing requires the user to be logged in with an Azure Active Directory Account. Smart Groups can be created to include only those users/devices.

To integrate with Azure Active Directory, see the following operational tutorial: Integrating Azure AD with Workspace ONE UEM.

Offline Licensing

Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network.

Note: Offline licensing can be used to distribute Microsoft Store for Business applications to devices that are domain-joined or work-group managed. An Azure Active Directory Account is not required for Offline distribution. Smart Groups can be created to include these users/devices.

Comparison of the Online and Offline Models of the Microsoft Store for Business

Online and offline models of the Microsoft Store for Business offer different capabilities. Select the model depending on how you want to manage your deployment. Capabilities include which system manages licenses, where app packages are stored, and which system authenticates to resources. 

See Comparison of the Online and Offline Models of the Microsoft Store for Business for more information.

Prerequisites

Before you begin, ensure you have the following components installed and configured:  

  • Workspace ONE UEM 1810 and later integrated with Azure Active Directory.
  • Microsoft Store for Business.
  • A Microsoft Store for Business admin account with correct permissions.

See the VMware Docs article Requirements for Microsoft Store for Business Integration.

Important

  • Ensure you have logged a support ticket with the Workspace ONE support team to enable this feature inside the Workspace ONE UEM admin console. By default, Microsoft Store for Business integration is turned off.

 Note:

  • You do not need an Azure Active Directory (AD) Premium account to integrate with the Microsoft Store for Business. This integration is a separate process from the automatic MDM enrollment. 
  • Integration only works when you configure it in the same organization group where you configured Azure AD Services.

License Model Requirements

You must also meet the following license model requirements:

Online License Model Requirements Azure AD Device users must use Azure AD to authenticate to content.
Offline License Model Requirements
File Storage Enabled for on-premises Workspace ONE UEM stores Microsoft Store for Business applications on a secure file storage system.

On-premise environments must enable this feature in the Workspace ONE UEM console by adding the Azure tenant identifier and tenant name on the Directory Services page. This requirement is part of the process to configure Azure AD Services.

These exercises are sequential and build upon one another, so make sure to complete each exercise before moving on to the next.

Integrating The Microsoft Store for Business

Introduction

In this section, you learn how to integrate Workspace ONE UEM with Microsoft Store for Business and enable Offline Distribution. You must have Workspace ONE UEM integrated with Azure AD.

Configuring Microsoft Store for Business Integration for Offline Distribution

In this exercise, you learn how to set up Microsoft Store for Business Offline Distribution. This means that MDM enrollment setup within Azure AD is not required. First, confirm Azure Directory Settings in Workspace ONE and then enable distribution for Offline apps in Microsoft Store for Business.

Locate Azure Active Directory Settings

Log into Microsoft Business Store Portal

Log in to Azure Active Directory:

  1. Navigate to Properties.
  2. Note the Directory Name.
  3. Note the Directory ID.

In the next step, you verify that these values have been entered into Workspace ONE. 

Ensure the Mobility (MDM and MAM) Application is Added in Azure

Add the AirWatch by VMware application. The AirWatch by VMware application does not need to be configured if you are just using Offline Distribution. This ensures that the AirWatch by VMware application can be selected when we add Workspace ONE (the AirWatch by VMware app) as a management tool inside of the Microsoft Store for Business in later steps.

The Microsoft Store for Business Online licensing model will require full Azure Integration. This means that the AirWatch by VMware application must be fully configured with the MDM terms of use URL and MDM discovery URL. This enables further functionality such as Automatic MDM-join for Azure AD-joined devices.

 

 Ensure the Mobility (MDM and MAM) application is added in Azure
  1. In the Azure Active Directory admin console, navigate to Mobility (MDM and MAM).
  2. Ensure that the AirWatch by VMware application has been added.
    • Note: The application parameters do not require any configuration.
 Ensure the Mobility (MDM and MAM) application is added in Azure
  1. When you click the application, if you are not subscribed to an Azure AD Premium service, you will see this error. You can ignore the message because we are only configuring the app as a management tool inside the Microsoft Store for Business for this tutorial. The Automatic MDM enrollment option must be configured if you want to use the Online Licensing model within the Microsoft Store for Business.

Confirm Azure Directory Settings in Workspace ONE

Log into Microsoft Business Store Portal

Log in to the Workspace ONE UEM admin console and navigate to Settings:

  1. Select Enterprise Integration.
  2. Select Directory Settings.
  3. Confirm the Directory ID and Tenant Name are populated with values from the Azure directory.

Activate Workspace ONE UEM to Distribute Offline Applications

Activating Workspace ONE UEM to Distribute Offline Applications

Log in to the Microsoft Store for Business:

  1. Select Manage.
  2. Select Settings.
  3. Select Distribute.
  4. Ensure that AirWatch by VMware Management tool is activated.

The screenshot in this example shows that the tool is activated, as the only option is to deactivate this service. If the AirWatch by VMware application is not displayed, you can click Add management tool and search for it. Note that you must add the AirWatch by VMware app in Azure Active Directory for this option to display in the Microsoft Store for Business

Enable Offline Distribution in Microsoft Store for Business

To distribute Offline applications, you must enable the option in Microsoft Store for Business.

Log in to the Microsoft Store for Business:

  1. Select Manage.
  2. Select Settings.
  3. Select Shop.
  4. Ensure that Show Offline Apps under Shopping Experience is On.

Distributing Microsoft Store for Business Applications to Devices

Introduction

In this section, you learn how to import applications from Microsoft Store for Business and assign the applications for distribution using Workspace ONE UEM. Before you can import your apps into Workspace ONE UEM, you must add those apps to your inventory.

Selecting Applications for Distribution

In this exercise, you locate apps in Microsoft Store for Business and then add those apps to your inventory.

Find Applications in Microsoft Store for Business

Log in to the Microsoft Store for Business:

  1. Search for desired application. This example uses the Workspace ONE application.
  2. Select the application.

Add Application

  1. Click Get the app.
  2. After the item has been added to your inventory, click Close.

After you have selected the applications, the next step is to import all the applications into Workspace ONE UEM for distribution.

Deploying Microsoft Store for Business Applications

In this exercise, you import applications from Microsoft Store for Business and assign the applications for distribution using Workspace ONE UEM.

You can follow these instructions for any Microsoft Store for Business application.

Add New Public Application

Importing Microsoft Store for Business Apps into Workspace ONE UEM

Log in to the Workspace ONE UEM console:

  1. Select Apps and Books.
  2. Select Native under Applications.
  3. Select Public.
  4. Select Add Application.

Define Application

Importing Microsoft Store for Business Apps into Workspace ONE UEM
Importing Microsoft Store for Business Apps into Workspace ONE UEM
  1. Select Windows Desktop as the Platform.
  2. Select Import from BSP. This automatically imports any applications from the Microsoft Store for Business.
  3. Click Next.
  4. Click Finish.

Important: If you do not see the Import from BSP option, you do not have the option enabled in your Workspace ONE UEM environment. See Microsoft Store for Business Prerequisites.

It might take some time to import all the applications depending on how many were selected. After the import is complete, return to the applications dashboard in the Workspace ONE console.

Distribute Applications

In the Workspace ONE UEM console, you should now see all the applications imported.

As these apps can be built for cross platform, Windows 10, Windows phone, Holo-Lens, and so on, you might see multiple platform entries.

You can select the filters option to show only Windows Desktop items.

Importing Microsoft Store for Business Apps into Workspace ONE UEM
  1. Next, Select the Application you want to distribute.
  2. Click Assign.

Add Assignment

Assign & Publish

Click Add Assignment to Distribute applications to smart groups.

Provide Assignment Details

  1. Create or Select the Smart Group for Online Licenses.
    • Applications that use the Online Licensing method can be distributed from Workspace ONE UEM.
    • There is no need to assign these applications to users in the Microsoft Store for Business.
    • As these machines require the Windows device to be Azure AD joined, we recommend you create a Assignment group that targets devices that are Azure AD joined.
  2. Create or Select the Smart Group for Offline Licenses.
    • Applications that use the Offline Licensing method can be distributed from Workspace ONE UEM.
    • There is no need to assign these applications to users in the Microsoft Store for Business.
    • Applications that use the Offline Licensing can be assigned to devices that are on-prem domain joined, work-group managed or Azure AD joined.
  3. Select On-Demand or Auto for the App Delivery Method.
  4. Select Create.

Summary

Conclusion

In this tutorial, you have configured the integration of the Microsoft Store for Business, and imported and assigned the applications for distribution using Workspace ONE UEM.

The VMware Workspace ONE application life cycle flow, also known as software distribution, exists for all internal applications and Microsoft Store for Business applications. 

Use software distribution to deliver Microsoft Store for Business applications, track installation statuses, keep application versions current, and delete old applications.

About the Authors

This tutorial was written by:

  • Darren Weatherly, Senior Technical Marketing Architect, Technical Marketing, VMware
  • Hannah Jernigan, Technical Writer, End-User-Computing Technical Marketing, VMware

With contributions from: 

  • Camille Debay, EUC Staff Customer Success Architect, Customer Success, VMware
  • Arsen Bandurian, Systems Engineer, End-User Computing, VMware
  • Andrew Price, EUX Sales Specialist, End-User Computing, VMware

Additional Resources

For more information about Workspace ONE, explore the VMware Workspace ONE Activity Path. The activity path provides step-by-step guidance to help you level-up in your Workspace ONE knowledge. You will find everything from beginner to advanced curated assets in the form of articles, videos, and labs.

Additionally, you can check out the VMware Workspace ONE and VMware Horizon Reference Architecture which provides a framework and guidance for architecting an integrated digital workspace using VMware Workspace ONE and VMware Horizon. 

 

Feedback

Your feedback is valuable. 

To comment on this tutorial, contact VMware End-User-Computing Technical Marketing at euc_tech_content_feedback@vmware.com.

Changelog

 Date 2020-09-24

  • Updated screenshots for the admin console.
  • Added more information about assigning applications and Integrations with Azure Active Directory.

Filter Tags

  • Workspace ONE
  • Intermediate
  • Operational Tutorial
  • Document
  • Workspace ONE UEM
  • Manage
  • Business Continuity