/
Enterprise Apps Enterprise Apps

Enterprise Apps - PowerPoint Presentation

lindy-dunigan
lindy-dunigan . @lindy-dunigan
Follow
462 views
Uploaded On 2016-06-27

Enterprise Apps - PPT Presentation

John Vintzel WINB351 App deployment in an enterprise Common app deployment workflows and features Windows and Windows Phone share a common workflow and set of enterprise features Conceptually the same mechanically different ID: 380679

windows app enterprise apps app windows apps enterprise phone microsoft store company http publisher management deny user aka deployment

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Enterprise Apps" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1
Slide2

Enterprise Apps

John Vintzel

WIN-B351Slide3

App deployment in an enterprise

Common app deployment workflows and features

Windows and Windows Phone share a common workflow and set of enterprise features

Conceptually the same, mechanically different

Convergence across platforms is driving a convergence of enterprise features across Windows and Windows Phone, but we aren't there

yetSlide4

Enterprise

App OverviewWindows Desktop

Windows

Phone

Wrap UpSlide5

Enterprise AppsSlide6

End to end workflowSlide7

Engage in real-time with your users for a delightful app experience

Notification

S

ervices for Enterprise apps

App Type/ Service

Windows Notification Service

(WNS)

Microsoft Push Notification

(MPN)

Windows Runtime App (APPX)*

8.1

not supported

Windows Phone Silverlight App (XAP)

8.18.0/8.1Windows Runtime Phone App (APPX on WP)*not supportednot supported

*Note:

APPX

files signed with a Symantec cert cannot use WNSSlide8

Readying apps for deployment

App ingestion is owned by the enterprise

The company is responsible for the quality of their apps and the impact to the user

LOB Apps offer increased developer flexibility

Enterprise line of business apps are not enforced by store policies (i.e. API checks) and give the developer more flexibility

Available Kits

are

an important step

to evaluate the apps

WACK & MPTK can be downloaded and perform similar checks that the Store would perform Slide9

Readying clients for deployment

Enroll users for management

Use OMA-DM to manage all versions of Windows 8.1 or Windows Phone 8.0 and 8.1

Use management tools to configure device

OMA-DM management tools can push policies, required keys and necessary certificates to the deviceSlide10

Windows apps

d

elivery

in

enterprise

Public WP8 Apps

Internal LOB WP8 Apps

Install from Windows Store

Install from Windows Phone Store

Management

Server

Company

Hub

Distribute LOB apps internally

Public W8 Apps

Internal LOB W8 AppsSlide11

Control access to the Store and Internet Explorer

Built-in device management policies can control access to the Store and restrict Internet Explorer

App policies can control access to apps

Use app policies to control access to which apps a user can run

Managing app policies and restrictionSlide12

Windows DesktopSlide13

Inter-process communication policy now only applies to apps deployed via the Windows Store.

There is no longer a restriction on inter-process communication for side-loaded Windows Runtime apps. Slide14

Increased Developer Flexibility

Interact with the desktop

Windows 8.1 Update allows

sideloaded

apps to interact with the desktop through network loopback or through a brokered

WinRT

component

App Container

Windows Runtime App

Desktop .NET Framework

Win32

Local Service

App Container

Windows Runtime AppDesktop .NET FrameworkWin32BrokerManaged WinRT ComponentBrokered WinRT ComponentLocal LoopbackSlide15

Comparing approaches

Brokered

WinRT

Component

Network Loopback

Requires Windows

8.1 Update

Works on Windows 8 and 8.1

WinRT

based programming

model

WCF or REST based programming model

Loads components on demandRequires service process to be always runningSupports callbacks that activate suspended appsNetwork callbacks do not activate suspended appsFor more information, watch //build 2014 session 2-515, Respecting Your Investments: How to Leverage Your Existing Code In a New Windows Runtime LOB AppSlide16

Device

needs to be enabled for

sideloading

Domain joined or Activated by license key

And ‘

Allow all trusted apps to install’

policy enabled

Install

the appropriate certificate root

A certificate

root,

for the certificate used to sign your

apps,

needs to be in the device’s Trusted Root Certification AuthorityReadying client for deploymentRecent changes to sideloading keysKey availability is now more flexible!Keys not required for any domain joined device running Windows 8.1 Update!!Slide17

Deployment Methods

Can be installed using:

PowerShell

cmdlets

MDM agent

in Windows 8.1 or later

Provision using

DISM for online or offline scenario

PowerShell

cmdlets

for online

Provisioning

Installation

Register the application for the user

Always per-user

Does not require administrator rights

Side load or from the Windows Store

Register application on the computer

Install automatically for each user

Side load only

Requires administrator

rights

Can be

sysprepped

into a custom imageSlide18

PowerShell support for

appx deployment

Add-

AppxPackage

Get-

AppxPackage

Remove-AppxPackage

Get-

AppxLastError

Get-

AppxLog

Get-

AppxPackageManifest

PowerShell support for appx provisioningAdd-AppxProvisonedPackageGet-AppxProvisionedPackageRemove-AppxProvisionedPackageDeploying with PowerShellSlide19

Demo

Deploying Apps on Windows 8.1 UpdateSlide20

Service pre-installed apps when the store is disabled

Update pre-install Windows Store Apps (Mail, Reader, etc..) within your enterprise without access to the Windows Store

Servicing uses typical enterprise tools

Updates

are

be

published

through WSUS for Windows 8 and

8.1

Servicing of pre-installed Windows apps

Now Available: One-time updates for all the pre-installed apps in Windows

8 and 8.1

http://support.microsoft.com/kb/2971128/en-US

Slide21

Use apps from the Store without custom packaging

Extend the URI list of apps acquired from the Windows Store to include URIs within your enterprise

IT Pro controls the URI list for the enterprise

IT Pros can manage a list of URI specific for the enterprise and target clients using group policy or other management tools.

Enterprise Application Content URI RulesSlide22

Full Support for modern apps

Ability to create Allow or deny lists

A

single rule to control the all files in an

app

A

single rule to control installation and execution of an app

Easy manageability

Can me managed via group policy

PowerShell

cmdlets

available inbox!

Get-

AppLockerFileInformation Set-AppLockerPolicy Get-AppLockerPolicy New-AppLockerPolicy Test-AppLockerPolicy Restricting Apps with AppLockerSlide23

Demo

Managing Apps on Windows 8.1 UpdateSlide24

Windows PhoneSlide25

Must be a Company account

Publisher name displayed on phone

Company approval required

Private key, CSR, cert are local to PC

Acquiring a certificateSlide26

Enterprise certificate

Issuer

Validity period

Publisher name

Publisher ID

Enterprise apps EKUSlide27

Managed and unmanaged enrollment

Feature

Managed

Unmanaged

Enrollment method

Workplace app + MDM

Email/browser

Number of

e

nrollments

Limited to 1

Unlimited

Policy management

YesNoApp install methodMDM/company hubEmail/browser/company hubApp inventoryMDM/company hubCompany hubPush app installMDMNoPush app uninstallMDMNoPush app updatesMDMNoUnenrollRemote and localLocal

NEW

NEW

NEW

For more information on managed enrollments, watch

//build 2014 session

2-513, Windows Phone Enterprise ManagementSlide28

App enrollment token (AET) is generated once per year

Delivered

to

the phone over an authenticated channel via email, browser, or MDM

Validated for signature and expiration

App enrollment

2

1

Windows Phone 8

Email/Browser/MDM

2

Enterprise Service

AET

PublisherID

3Slide29

Company Hub APIs

API feature

WP 8

WP

8.1

Enumerate apps

Yes

Yes

Launch apps

Yes

Yes

Install enterprise signed apps

Yes

YesGet enterprise metadataNoYesRenew an enterprise enrollmentNoYesUnenroll from the current enterpriseNoYesTrigger enterprise phone homeNoYesNEW

NEW

NEW

NEW

Company hubs must be Silverlight apps

Create a Windows Phone 8 Company Hub App

MSDN article by Tony Champion -

http://aka.ms/E7c6xcSlide30

Manifest: Publisher

In order to sign

WinRT

apps, the manifest

Publisher

must match the certificate

Subject

<

Identity

Name="

Sample.Application

"

Version="1.0.0.0" Publisher="OID.0.9.2342.19200300.100.1.1=7755327, CN=&quot;Microsoft Inc. Windows Phone Enterprise Apps&quot;, OU=&quot;Microsoft Inc. Windows Phone Enterprise Apps&quot;" />AppxManifest.xmlSlide31

Manifest:

PublisherID

In order to test Company Hub apps, the

PublisherID

in

WMAppManifest

and

AppxManifest

must match the certificate

<

App

ProductID

="{B316008A-141D-4A79-810F-8B764C4CFDFB}“ Title=“Sample.Application" RuntimeType="Silverlight" Version="1.0.0.0“ Genre="apps.normal" Author=“Sample author" Description="Sample description" Publisher="Contoso Publisher" PublisherID="{0076563F-0000-0000-0000-000000000000}">WMAppManifest.xml<mp:PhoneIdentity PhoneProductID="{B316008A-141D-4A79-810F-8B764C4CFDFB}" PublisherID="{0076563F-0000-0000-0000-000000000000}">AppxManifest.xmlSlide32

App is

packaged, signed, and published to the company’s store

Delivered to the phone over an authenticated channel via email, browser, MDM, or company hub

Validated for

signature, an associated AET, and allowed capabilities

App deployment

Windows Phone 8

Email/Browser/MDM/

Company Hub

2

1

2

Enterprise Service

App

App

NEW

XAP

APPX

3Slide33

App ingestion and certification

App ingestion is owned exclusively by the enterprise

Apps are not submitted to Windows Phone Store

The company is responsible for the quality of their apps and the impact to the user

The Windows Phone Marketplace Test Kit is useful to evaluate apps

Images, capabilities, error handling, memory usage, API checks, startup

perf

, etc.

Capabilities are limited to the same as standard marketplace apps

Enforced on the phone at app install time

Apps must specially handle ID_CAP_LOCATION usage

Prompt for user approval and give the user an option to disableSlide34

User launches an enterprise app via the shell or an API

Publisher ID is extracted and used to find the associated AET

AET must be present and valid (not expired, revoked or disabled)

App launch

Windows Phone 8

Execution Manager

2

1

Enterprise Service

3Slide35

Phone sends device ID,

p

ublisher IDs, and enterprise app IDs

Phone receives status for each enterprise

Apps of invalid enterprises are blocked from being installed or launched

Scheduled daily,

plus

each enrollment

After

7

consecutive failed

attempts,

the install

of enterprise apps is blocked, but the launch of installed apps still worksPhone homeWindows Phone Services12Slide36

Demo

Unmanaged App deployment on Windows Phone 8.1Slide37

Response

Request

Phone home – sample protocolSlide38

Create allow or deny lists to manage app on your Windows Phones

Use

app deny lists when you know the list of apps that you want to deny (block) and want to allow all other

apps

Use app allow lists when you know the list of apps that you want to allow and want to deny all other apps

Restricting Apps with Allow/Deny ListsSlide39

<?xml version="1.0" encoding="utf-8"?>

<

AppPolicy

Version="1"

xmlns

="http://schemas.microsoft.com/phone/2013/policy">

<Deny>

<App

ProductId

="{619c483b-ba14-432c-8611-dd6a6aa08888}"

/><!-- Games App -->

<App

ProductId

="{deedfbce-0ecf-410d-ab0e-5d9fa1253786}" /><!-- Sports App --> <App ProductId="{92381d1f-6b8a-455a-94d9-0f41d2d97cd0}" /><!-- Social Media app --> <Publisher PublisherName=“Contoso"> <AllowApp ProductId="{b112e297-eb89-4618-8ff7-b452037e1150}" /><!-- Expense app --> <AllowApp ProductId="{b112e297-eb89-4618-8ff7-b452037e1155}" /><!-- Audio app --> </Publisher> </Deny></AppPolicy>Allow/Deny List - SampleSlide40

Wrap UpSlide41

Convergence for LOB app

deployment

Certs, Enrollment, OMA-DM protocol, WNS, …

App management of Store apps

Better LOB app and data protection

Support more customer

scenarios

More secure/isolated environments, flexible cert management, …

More policies/settings to push to LOB app

Looking forward…Slide42

Thank You!Slide43

Windows 10

http://aka.ms/trywin10

Stop by the Windows Booth to sign up for the Windows Insider Program to

get a FREE Windows 10 T-shirt, whiles supplies last!

Windows Springboard

windows.com/

itpro

Windows Enterprise

windows.com/enterprise

Windows Resources

Microsoft Desktop Optimization Package (MDOP)

microsoft.com/mdopDesktop Virtualization (DV)microsoft.com/dvWindows To Gomicrosoft.com/windows/wtgInternet Explorer TechNet http://technet.microsoft.com/ieSlide44

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

Developer Network

http

://developer.microsoft.com

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEdSlide45

Windows Client

Windows

Sideloading

:

http://aka.ms/lanmep

AppLocker

Step-by-Step Guide:

http://aka.ms/X21isi

Notification Services:

http://

aka.ms/Iqqonk

Windows Phone

Company app distribution:

http://aka.ms/wp8companyhubCreate a Company Hub App blog: http://aka.ms/E7c6xcMDM whitepaper: http://aka.ms/V0h3v6ResourcesSlide46

Please Complete An Evaluation Form

Your input is important!

TechEd Schedule Builder

CommNet

station

or PC

TechEd Mobile

app

Phone or Tablet

QR codeSlide47

Evaluate this sessionSlide48

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.