November 20, 2014 at 6:20 am in company portal, hybrid, intune, Intune Standalone, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 SP1, SSP, System Center, Windows Intune, windows inune, Windows Phone 8.1, WP 8.1, WP8.1 by Kenny Buntinx [MVP]
As you already probably knew , new Windows Intune capabilities are added as we speak for Windows Intune standalone thru the so called “November Release” as discussed here : http://blogs.technet.com/b/microsoftintune/archive/2014/11/17/new-microsoft-intune-capabilities-coming-this-week.aspx
The Microsoft Intune Company Portal for Windows Phone app helps you search, browse and install apps made available to you by your company, through the Microsoft Intune standalone of Hybrid (Configmgr and Windows Intune). Apps can be installed without requiring a connection to your corporate network. You can also enroll your personal computers and devices in the service and locate contact information for your IT team.
One additional change that was not clearly communicated is a change to how the Intune Company Portal or Self Service Portal (SSP) app for Windows Phone 8.1 is offered and installed.
Before , If you wanted to manage and deploy applications on your Windows phone 8 and 8.1 , the Company Portal app was offered as a deployable download at Microsoft’s Download Center, sign it with a Symantec code signing Certificate and deploy it to the management system infrastructure to enable device enrollment for Windows Phone 8 and 8.1 devices. The download was infused with a Symantec certificate to ensure trustworthiness of the app and to help secure enrollments.
Microsoft has now updated the Windows Intune Company Portal app for Windows Phone 8.1. The Symantec certificate is no longer embedded and no longer required because the app is now only available through the Microsoft Store.
However , there are some things to take into account when doing hybrid or standalone implementations.
Starting this week for Windows Intune standalone only , Microsoft removed the requirement that a company have an AET (Application Enrollment Token) and signed Company Portal app before we let them enroll, but devices must be enrolled for management before they can install sideloaded apps from our MDM, and they must also have the AET.
In short this means that you do not longer need the Symantec certificate to enroll and manage WP8.1 devices ( not WP 8.0! ) , but you will still need the Symantec certificate to sideload any application that doesn’t come thru the app store .
Anything else still requires both cert and signed SSP.xap from download center –> so are Hybrid implementations still today.
My advise for now:
1. Admins who want to stay on the old school ssp.xap for now ( For hybrid deployment this is mandatory !!! )
- Don’t tell users about store app
- Add store app to blocked list, for extra insurance, so they can’t run it
- Just keep doing what you’re doing
Hybrid users could still install the SSP from store if you do not blacklist the application. However , if the do install the SSP from the store , they can’t enroll unless a cert and signed ssp have been uploaded, but they can use the portal in the “unenrolled” scenario.
2. Admins who want to move to appx from app store ( Intune standalone only !! )
- Create an app that uninstalls ssp.xap
- Tell users to start by installing store app and using link in app to enroll just like android or IOS
The only new thing you get with the App Store SSP version is the ability to show users “Terms and Conditions” . Period.
If companies want to sideload applications, there’s still no way around having the Symantec cert
The new App Store SSP is taking the version to 4.1.2777.2 and can be found over here :
Hope it Helps ,
MVP Enterprise Client Management