With this new feature, you can use CSM for Intune to automatically update any applications the users have installed through the Intune Company Portal as self-service.

Once again, we have heard your hopes, and are proud to present the new CSM for Intune feature you have probably been waiting for the most. The new feature deal with how we update the applications an end user has chosen to install from the Company Portal. Previously, CSM for Intune has had the means to deploy these available applications as well call them, but not to update them automatically.

The reason for this? Microsoft didn’t offer a decent feature for updating this type of application deployment, and there had been loud calls for a similar feature on Microsoft Intune’s feedback forum UserVoice. We decided to take the matter into our own hands, and now CSM for Intune can form Azure AD groups based on the applications’ installation information. We call these automatically formed groups CSM for Intune Application Groups.

We’ve eliminated the need to install the applications for all users – instead the users can go to the Company Portal themselves and select the applications they need. When a new version is released for any of these applications, we can automatically update them.

The images below show the feature in action, Citrix Workspace App working as an example.

1. First, you go to the menu and select CSM Application Groups.

2. For a CSM Application Group you need to have an empty Azure AD group. Click on the Create CSM Application Groups button to select the group.

3. Next, you’ll select the CSM-supported application you want to add to the selected Azure AD group, using CSM for Intune Application Group function.

4. You can now use this Azure AD group in the deployment process. CSM for Intune Application Group feature makes sure the group will always include the devices the application in question was installed on using Intune.

5. When a user installs an application from the Company Portal, CSM for Intune Application Group feature will automatically update the application every time a new version is released.

6. Once the user has installed the application from the Company Portal, we’ll use the CSM Application Group to add the device object as a member of the managed Azure AD group, needed to install the new versions.

The self-service model in application installation is popular option for a large number of organizations. With the CSM for Intune Application Group feature, you can make sure the applications that were installed as self-service are always up to date as well. For us, developing this functionality was extremely important: now the Company Portal can be used both efficiently and safely. For the users, this application release model has at least the following benefits:

  • The applications are installed only for the users and workstations that actually need and want them.
  • It’s safe to let the end users install up-to-date software directly from the Company Portal, without local admin rights.
  • Microsoft Intune’s application installations are fast; however, for instance when introducing new devices to an environment, you’ll save time and cut down on network traffic when you don’t need to install a big chunk of standardized applications on users who don’t really need them.
  • Strict application standardizing is no longer necessary, as there is a safe way for the end users to select their own applications.

This spring, we are releasing plenty more new features for CSM for Intune. Among other things, we want to be able to update the supported applications based on workstation inventory data. With this feature, however, we’ll need to sit tight and wait for Microsoft’s move: they have promised their upcoming versions will fix and improve the inventory data in Win32 applications, and that’s precisely what we’ll need to make sure our new feature will be as reliable as possible.

The CSM for Intune Application Groups feature will be released to the public in the coming weeks.

Read more about CSM for Intune here.

Read more on this topic:

Trend with high amount of vulnerabilities continues on patch tuesday of May

There are 103 published vulnerabilities for the following products this month: Windows OS, browsers and Microsoft Office. It seems that the monthly trend keeps up with high amount of vulnerabilities. Luckily, the criticality of the vulnerabilities do not reach the highest level this patch Tuesday. The highest CVSS scoring is 8.8 includes two vulnerabilities: CVE-2020-1117 […]

Comparing Patch Management solutions – Part 8/12 – Ivanti Patch for SCCM

This blog series is based on our Patch Management Tools’ Comparison, conducted in 2019. In the eight post of the series we’ll look at the features and function of Ivanti Patch for SCCM solution.