Last Updated on September 28, 2022 by rudyooms
In this updated V3 blog, I am going to show you which options you have when you want to deploy and start making use of the Company Portal app. I will also point out the differences/important things we need to know about the “Offline” “Online” and “Real Offline” versions.
I noticed this next question being asked a lot of times
“What’s the difference between offline, online apps? and which or when to use them”
Also, there is still some misunderstanding about it, so I decided to write a blog about it, so here we go! I am going to divide this blog into multiple parts
- How to add the Company Portal App to Intune (Online/Offline)
- Adding the Company Portal App (REAL Offline)
- Important knowledge about the Online, Offline, and Real Offline versions
- The Company Portal App installation
- What could break the Company Portal online App version?
- Delivery Optimization Bypass Mode
- Conclusion
But before I am going to show you more about how to install the Company Portal app etc, please read my other blogs about WHY you need to use the Company Portal app! Could be useful?
When we want to add the Company App to your Windows 10/11 AADJ devices you will have multiple options at your disposal.
Let’s start with the first the “Offline” And “Online” versions of the Company Portal App.
Before we can start deploying the Company Portal App, we first need to establish a connection between the Microsoft Store for Business and Intune/Endpoint Manager. Please beware the Microsoft Store will be retired in the first quarter of 2023, but let’s go further.
Open Intune and browse to Tenant administration/Microsoft Store for Business and click to open the Business store.
First, we need to enable Offline Apps. We can do this by clicking on Manage/Settings and switching the button for “Show Offline Apps”. Do you notice that nice Yellow bar with a warning on it?
After we have enabled the offline apps, we still need to create the Intune connection. To do this, click on “Distribute” on the same screen and click on “Activate” Microsoft Intune.
Now we are almost ready, but we still need to add the app when we have created the connection. To do so, search for the Company Portal in the search bar and click on “get the app”.
Now we are done, don’t forget to click on the sync button on the Tenant Administration screen. When the apps are synced you will notice the Offline and Online Apps will be visible in the Apps section of Intune.
There is also another possibility to add the Company Portal App if you don’t want to use the versions pushed by Microsoft for Store Connection.
Do you know what’s funny, even when you choose to deploy the REAL offline app, you also have 2 options to download the APPX files you need!
2.1 Using the Microsoft Store Directly
When you have configured the Microsoft Store for Business, maybe you have clicked on the Offline Company App?
As shown above, you can download the files manually!. Let’s go further, when we are choosing this option you need to download ALL of the packages first. After all the files are downloaded go add a new LOB app.
2.2 Using the Microsoft Store Indirectly
When you don’t want to open the Microsoft Store for business, you could still download the required APPX files. How? Just open Microsoft Edge and open this nice website:
As shown below, you only need to enter a URL to download the company portal appx Files.
Please note: This isn’t an officially supported method to fetch the Microsoft Store apps… so it’s not guaranteed it will always work
2.3 Creating the LOB App
Now start downloading the required Files (Directly or Indirectly) so we can go further and upload these files to start creating your new Company Portal LOB app. Because when you add a new LOB app, you will have the possibility to select/upload a .appxbundle / appx file.
Now select the Company Portal app you downloaded earlier.
When you have added this app, you will also need to upload the Dependency App files.
After all, files are uploaded, a new LOB app will appear in the App section of Intune
Of course, if you don’t like mixing up those APPX/LOB apps with your existing Win32Apps, another possibility would be to convert them to a Win32 App Package
You will need to make sure you add every dependency file you downloaded from the MSfB as shown above in your PowerShell script! As you also probably have noticed, I am using the Deployment Image Servicing and Management (DISM) command, to make sure those AppXPackages are added to the device correctly. If you are wondering why I used DISM, this blog would show you why!
Now we have seen the options available to deploy the Company Portal App, we still need to learn a little bit more about these versions. But reading and testing it a little bit more there is also a difference between the Company Portal Offline version and the Real Offline version I showed you in part 2.
First, take a look at what Microsoft has to tell about “Offline Apps”. I guess that’s where the misunderstanding is happening!
When looking at the picture above, it looks like the Company Portal (offline) version pushed by the Microsoft Store will be managed by Intune, right? So no automatic updates when we do believe the Microsoft Documentation?
So let’s take off our jackets and take a look at what in my opinion, are the most important things we need to beware of about the Offline, Online Apps, and the Real Offline Company Portal.
The Microsoft Store:
Real Offline Apps: These apps DON’T require the Microsoft Store to install the app.
The Company Portal Online and Offline App: These apps DO require the Microsoft Store to install the app.
The Company Portal Offline App doesn’t require a connection to the Microsoft Store “Services”
The Company Portal Offline App doesn’t require an Azure Ad Account to get installed
Updating the Company Portal App:
But I am not done yet, as I need to point out another important “thingy” we need to beware of. As I showed you earlier Microsoft told us that Offline apps will be managed by Intune so does this also count for the Company Portal Offline version?
Real Offline Company Portal: When first deployed the Company Portal App, will be managed by Intune and installed by the Intune Management Extension. When the Microsoft Store is NOT available the app WILL NOT automatically be updated.
If the Microsoft Store is *AVAILABLE, of course, it will be updated!!.
*Please Note: Enabling“Turn off the Store application”policy will disable app updates from the Microsoft Store.
I first tested it with the Online version of the Company Portal. I enrolled a new VM, waited some time, and opened the Microsoft Store… it just got automatically updated!
The second test I did was with the Offline version of the Company Portal we got from the Microsoft Store for Business connection! As shown below… it also updated
Please note: You don’t have to be afraid that this new up-to-date version will be removed by Intune when the old version wants to install itself.
Account vs Device:
And for me, this is the most important item we need to beware of: User/Account vs Device!
Company Portal “Online”: This one Is always installed during the Account phase of the ESP (If marked as required) and doesn’t support device context assignment so this version of the Company Portal must be targetted at a USER GROUP.
Please Note: Even when the Online version is assigned to devices, it doesn’t get installed in the Device phase!
Company Portal “Offline”: This one is installed during the Device Phase of the ESP (If marked as required) when the device context was configured. As shown below, the Offline app does support device context assignment!
When using the Company Portal “Offline” version, please, pretty please with sugar on top, don’t forget to assign it to a device group and device license like I am showing below… DO NOT FORGET THIS LICENSE PART! 🙂
Primary User and the Company Portal
Installing Offline Apps or Online apps from the Company Portal App when that user is NOT the primary user of the device. Did you ever try that? If so, I guess this error sounds familiar.
“This device is already assigned to someone in your organization. Contact company support about becoming the primary device user. You can continue to use Company Portal but functionality will be limited.”
So the only thing we could do is remove the “Primary User” for the device to get the device shared
As shown below, when removing the primary user of the device, the device will become shared
And when it’s shared, everyone can install Apps from the Company Portal!
Offline app and the Microsoft Store
I received a nice reply on this blog, which is, of course, worth mentioning as an important item even when I am shortly mentioning it in the first important item.
I also received a Twitter reply about it so… here we go. Do you know what happens with the Company App deployment when the Microsoft Store is removed?
When the Microsoft Store for Business is removed, Microsoft will provide us with
Important Items Summary:
Let’s sum up all of the important items!
When you want to make sure the Company Portal App is installed before the user logs in and you are using Autopilot for pre-provisioning deployments, please use the Company Portal “Offline” Version and use the Device License.
When you want to make sure the Company Portal App is installed after the user logs in, you will need to use the Company Portal “Online” version. After your user logs in it will sign in to the Microsoft Store with SSO and the Company app will be installed in the User context
If you are blocking the Microsoft Store like I am showing in this blog below, the Real Offline version is the one you will need.
Now we know the difference between how the types of Apps are managed and updated, let’s take a look at which logs we need to take a look at when something failed.
Let’s start with the installation folder… an easy one, as it is always a Windows (Microsoft Store) App it will be installed in the WindowsApps folder inside the Program Files folder:
Online Apps:
When you want to start troubleshooting the installation of Online apps, the first thing you will need to do is to start collecting the store logs. You can do this by entering the “wscollect.exe” command (Windows Store Collect)
This will produce a nice .CAB file on your desktop. Open the ReportingEvents.log and take a look at what happens when you install the Online version of the company App Portal.
Real Offline Apps:
But you will notice that with the Offline version, there will be no installation entry inside the ReportingEvents.log. As mentioned earlier the installation of Offline Apps is handled by Intune, so you might think we need to open the IntuneManagementExtension event log.
The IntuneManagementextension event log will log all Apps which are installed by the Intune Management Extension.
I decided to remove this part from this blog because while writing it, it became too large for this blog itself…
To finish this blog, I still have a small piece of advice. When deploying the Offline version of the Company Portal app with Windows 10/11 please make sure you didn’t configure the download modus in Delivery optimization to Bypass mode. Configuring bypass mode could cause the installation of the Company App to fail
Please note: I have got multiple conclusions… so there are some below the GIF 🙂
So what would be the best choice? The Company Portal Offline, the Company Portal Online version, or the Real Offline Company Portal? I guess it all depends on your wishes.
When you really want to make sure the Company Portal App is installed during Autopilot white-glove esp, you will need to choose the Company Portal Offline version (Beware of the device license I showed you earlier!).
It really doesn’t matter which version of the Company Portal app you are using, as long as the Microsoft Store isn’t blocked it will be updated!
So which version do I prefer?
For me? When it’s not a shared device, I would still go for the online version of the Company Portal app and assign it to my users. Why you might ask? 2 reasons I guess.
*I am noticing a lot of Autopilot for Pre-Provisioning deployments are failing because of the offline version of the Company Portal app assigned to users.
*We are not requiring the company portal during the ESP and we are skipping the User Status page most of the time…Within a few minutes after the user logs in it pops up and for me that works pretty fine.
For the people who are afraid of the Microsoft Store and people installing a lot of stuff on their own, when you locked down the Microsoft Store properly, you have nothing to worry about!
P.S. I am aware that there is also a PowerShell script to install the company App portal… but in my opinion, I want to use the Apps section, so I have one pane of what apps are deployed.