all right, ladies and gentlemen,hello and welcome to our session. and we join you to dive deeperinto windows store for business. and while you are doing it,we don't want wish to dive so deep that we might feel tireda little bit after lunch. and so if you didn't have enoughcoffee then we brought you some lollipops and i'm sorry i madethe announcement earlier. if you just came thereare lollipops at the mics here. my daughter is actuallysending them to you. they are beautiful.
my favorite all natural lollipops sofeel free to have some anytime. so if you feel little goingslower just raise and take the lollipop please. all right so my name is jan kalis. i'm the product and marketingmanager for windows store for business. and i have a pleasure that todaywith me here is matthew kotler. he is the principal group productmanager from the store for business from the engineering side.
so, you have both worldshere on the stage with you. >> you never know what will happen. >> all right, thanks jan. so i wanna start at a veryhigh level and then dive deep. how many of you have seen oneof our feeder sessions or had a chance to use the store forbusiness? just a quick show of hands. a good set, 20%,about 20%, that's great. so, just briefly,i think at the beginning of
the week if you had a chanceto see sasha's keynote, he talked about this week being aweek to really immerse yourself into the digital transformationthat all of you are feeling. and to learn a lot more, and hopefully be able totake it back with you. and i hope it's been a good week sofar for everyone. this session is really about howwe can make your life hopefully a lot easier. you have so many pressures on youcoming from all different directions
whether that be all the thingsyou had to do in the past or all kinds of new challenges. whether it's our fasterdeployment cadences or whether it be all the kind ofbusiness decisions that you're being asked to help influence. and on and on and on and it goes. and so you all know the pressuresmuch better than even i do, which is why i'm here,to listen to you. and also to, hopefully,
give you some avenues outin one particular space. when we look at windows 10 andthe deployment of windows 10. we've really been focused onthree areas to try to help. one is making deploymentitself as easy as possible. second is the usage, making ita product that is delightful to use whether you're an it professional or whether you're a user somewhereelse in the organization. and then finally of course,underlying this all, it has to be secure.
it can't cause any challenges foryour infrastructure, for any breaches and etc. we have to give you the tools tolock down the organization as much as possible. now a lot of the sessionsthis week have talked about this atthe windows level. this session is gonna talkabout it at the app level. so then i'm gonna transition tothe store for business itself, which takes all those points andtries to apply it to apps.
the store for business is reallythe one place that you need to go to find, to acquire, to manage, andto distribute apps on windows 10. it's designed for organizations. it's not using a microsoft account. it's usingan organizational identity. so first and foremost, it's foryour office 365 users. it's for azure users,dynamics users, any users in your organizationthat have an org id can use it. and we'll talk later about ifyou are mostly on premises.
how to work with the store for business without all the usersin the organization [inaudible]. but it is designed for the business. that means we curate the apps. you're not gonna go in here and find a whole bunch of games foryour organization. you're gonna findproductivity tools. you're gonna find thingsthat will help your users. and that, again,we'll show you in a minute.
and that's the main differencebetween the retail store that you see if you go into windows10 on your home machine. it's also built forvolume acquisition, for distributions, so that it's reallyeasy to acquire both store apps and line of business apps. and the deployment is flexible,leveraging the existing tools that you have in place, orthe store for business itself. and finally, for your users,it's something that's familiar. it's something that they're used to.
they just go to one place and theycan access the apps that they need, again, to do their job. and updates unless they'remanaged through you, through the it department, they canbe handled completely automatically. so, with that quick overview, we're going to talk a bit aboutwhat in detail we're gonna cover. >> so matt just coveredthe first bullet on the agenda, what is windows store for business? we'll do a quick demo ofgetting started so we have
the same level of understanding ofwhat windows store for business is. and then we go deeperinto specifically three areas that follow on the appacquisition and app management. and we are showing bothacquiring public apps and internal private lineof business apps. and we'll also talk aboutthe controls for app distribution. how you can suppress certain apps, how you can apply certain policiesto the windows store itself, so it really matches the requirementsin your organization.
and then we'll wrap up with summary,and questions. >> awesome. so, without further ado, let'sjust go ahead and dig into a demo. so i'm gonna switch over just toa windows 10 enterprise machine, and i'm gonna use twodifferent personas here. i'm gonna start with alice, who isjust a user in our organization so that you get a chanceto see her experience. and then i will switch over to whatmost of you on a day to day job do as an it professional andthat'll be jerry.
so let's start with alice, so alicein windows 10 can just go ahead and launch the store. now this probably looks veryfamiliar to what you would see today if you were usingthis on a home machine. the key difference is, there's an additional tab atthe top, which says, contoso ltd. so if i click on that tab,i transition away from all those retail apps to apps thatare specifically curated by you. these are apps that you've decide tomake available to your organization.
to alice, in this case. and so you can see in this listof things that we've curated, in this case. some standard office applications, whether that be word,powerpoint, excel, or some paid applications in here,like back to the drawing board. what's also in this list,our line of business applications. so these are applications thatare specifically designed either by in house developers orby isvs that you're working with
to provide you with software andagain targeted at your organization. we'll go through all of these typesin more detail as we go through this session. but i want to give you firsta sense of just what that user experience is. alice uses this just like shewould any other store app. i want to click onpowerpoint mobile, the description of powerpoint mobilecomes up, so alice can browse and see what tools might be helpful forher job.
she sees the description andscreenshots and reviews. all the things thatyou would expect and then if i go up to the top,one click and she can install. and she's installed the app thatyou've made available to her. so now let me switch over andshow you what your role is in procuringthese, in making these available. so if i switch to the browser,now i'm jerry. and by the way, i didn't call this out but, twothings i didn't call out on that.
first of all,alice was logged in and single signed on with herorganization account. and so, again,those are made available to her because she is signed into your organization. the other thing isthat on windows phone, i have the exact same store here. so again you just go to the menu andgo down to where it says contoso. and you can see the exact same appsthat were on the machine here, available here if they are built formobile.
so, i get the sameexperience across devices. now, switching to jerry,just to show how this is set up. all you have to do is go tomicrosoft.com/business-store. when i go here,i'm gonna start by signing in. i've already authenticatedas jerry so it's just gonna, in this browser and since,so it's gonna sign me in. and in a moment i will showyou the sign up process, if you have not signed up forstore for business. jerry gets a shopping experiencethat is just like again a store
shopping experienceyou would expect. except the apps thatare here are not games, they're not entertainment. they're things that are targeted forwork, for productivity. whether it be appsmade by microsoft, whether it be things aroundproject management and so on. so you can go through andbrowse all of the apps here. you can go look throughdifferent categories. so if you're a developer or if youwant to make apps available to
developers in your organization, youcan filter down to the category for developers and see the most popularwindows apps for developers. and you can just clickon any of these apps and add it to that catalog there. of course, search also works. so i can just go in and say i'mlooking for some finance apps. i can go ahead and do a search, andi get back a set of finance apps. so just a very high level, before wedig into a lot of the details around all of these aspects, of what youget from the store for business as
an end user, and then what itlooks like as an it professional. >> and what you have just seenthere are two of those experiences. you have just seenthe business experience. but if you are working in educationand if you sign in with your school id, you would see experiencethat is high alert to education with specific educational appsright on the shopping page. >> exactly. >> all right. now, what matt, show,you, is the 101, or
how the end user experience, and itprofessional experience looks like. we want to now walk you through, howyou need to set up windows store for business, if you decide to pilotit within your organization. now, it's very easy,you can sign up and you can use your azure adaccount as matt mentioned. so, if you already are runningoffice 365 or if you have azure ad, you can use the same accountto sign into the store. there is no fee related tosigning up for the store. so you can really playwith it as much as you
need before you deployit to your organization. now obviously we recognize thatyour organization might be bigger, because there's roughly 75%of enterprise organizations here at ignite. and so you may want todelegate access to others, like some other departmental adminsor departmental purchasers and that's exactly what you can do inwindows store for business as well. and that's exactly what matt isgoing to show you right now. >> so we'll switch back over andgo back to,
again, themicrosoft.com/business-store. so now i've opened up a newbrowser in private mode. so i'm longer jerry, i'm just one of you that hasn'texplored the store for business. so i go to this page again,as jon] just mentioned. if i already have an azure activedirectory account for any reason, i can just go ahead click sign in. and in case that i don't, then all ineed to do is, i click sign up now, and it asks me what accountwould you like to use?
so again if you havethe azure active directory account, you can go here andtype in an email address. i'm gonna actually create a newaccount to walk you through that process. if you've gone through any of ourdirect sign up experiences already, this form is probablyfairy familiar to you. >> just out of curiosity, how manyof you already have azure ada accounts orwork accounts in the organization? so it's roughly 50% of the room,okay, thank you.
>> i'm gonna use just forpurposes of this demo and so that you all know. my personal email, okay, andphone number, don't call me. >> [laugh]>> but you can text him. i'll make sure you geta response right now. >> [laugh] always a dangerof doing live demos. so they actually get the textmessage in a moment. okay, so, i'm gonna, i just enteredsome personal information, and then i'm gonna type in my user name.
which is jerryf in this case,i'll continue with that identity. and my company in this case,we'll say, hey it's a test4ignite. and, my password. i won't tell you that. and then i click on next, now i really have toenter the phone number. so we'll wait just a fewseconds to get my code. and go ahead and create my account. so what's going on here is,it's actually provisioning
azure active directory,for this organization. and so again, if you don't have anazure active directory account set up before, at this point you now do. and what it's doing is,it's creating that your organization make sure that you use a name forthat tenant. for that organization that youwant to use across office 365, across the other services. but once it's created,then i'm ready to go and i can go into the store forbusiness.
so when i click on that linki'm gonna now transition into the store for business. and now, we're just doing a littlebit more work on the store for business specifically,to set it up for the organization. and in a moment what you'll see is, when you go through andconfigure that private store. so in order to setup the privatestore, all i'm gonna have to do is, i'm gonna quickly accept an end userlicense agreement in terms of use. if you already have a volumelicensing agreement with microsoft,
or have gone through this before, the main difference in thisagreement is, it gives permission to third parties to sell, but for youto purchase apps from third parties. because that's what we'remaking available in the store. so that's the key difference. so i'll speed read through that,click the check box, and accept. and there i am, that's all it tookto set up the store for business. now, you saw the private store. at this point in time, there's noapps that i've made available in
there, sothe users that sign in on my system, obviously they weren't signing in toactive directory in the first place. but even if they have one, they wouldn't see anythingat this point in time. so if i got to settings and private store in settings,you see that there's a display name that was pre-populated by thatcompany name that i typed in. i can change thatto whatever i want. so you can change it to contoso ltd,was what we had used for
the demo previously. you can change it toanything you want and that's what's gonna showup on that tab there. now, at this point, i'm a globaladmin for the organization. so, i have permissions,as you would expect, to be able to do anything in thatazure active directory account. you may want to make permissionsavailable, specifically, for the store for business,separate from office 365, separate from anything else.
so, in order to do that, i'm gonnaagain just click on settings and go to permissions. you see jerry was automaticallyadded as the global admin there. now, within the store for business, i'm not addingusers to active directory. this is, again, just managingthe store for business. you may have used this again, ifyou deployed office 365, office 365 admin center, you may be using thebiz portal if you're using azure. you can use any of those, they allgo against azure active directory.
in this case, for the demo,i'm going to portal.office.com and this is where i make sure i didn'tactually make any typos before. so when i go to portal.office.comthis is basically the bare bones of the office 365 experience. now i haven't actually deployedexchange or anything, because this is a completely new tenant, so all iget access to, is the admin center. we announced earlier this week thisnew office 365 admin center is fully live. it was in preview, so if you haven'thad a chance to play with this,
i would encourage you to do so. and i can just go in here andi can add a user directly in here. so we'll continue the themethat i was using and i'll go ahead and add alice. and that easily as i've addeda user to active directory, and i can send mail to jerrywith the password for alice. now if i go back to the permissionspage, i can go ahead and add people to this. there are three differenttypes of permissions.
there is store administrator, separate from yourglobal administrator. this is just the person that hasaccess to all the capabilities of the store. then there's a purchaser. ignore the bug that thereare no dots on that line. the acquire and distribute apps are the twopermissions that the purchaser has. so they can't go ahead andchange account settings and
change permissions in the store forbusiness, but they can acquire and distribute apps inyour organization. and finally, we'll talk about later, device guard is also integratedinto store for business. so you can go here, and also assign roles specifically formanaging device guard settings. so in this case,i'm gonna just start typing alice. and you'll see it's goingagainst azure active directory, it's already found her there.
and i can say, hey, alice isa purchaser and that easily i've now permissioned alice to the store forbusiness in here, okay? so with that, that's how easy it isto just go ahead and get started. >> so, now what matt talked aboutis to get started from 0 to 100. now, we are going into acquiringapps which is the next section that we talked about. and we want to show youacquisition of two different types of apps in the minute. now, what apps are supportedin store for business?
it's all the so-called modernapps or universal windows apps. now here is one thing to note,that all the apps that are acquired through windows store for businesswill run only on windows 10 devices. because the entitlement or thelicense that the windows store for business issues worksonly on windows 10. now i little bit mentionedthe retail versus line of business apps or meaning the publicapps in the windows store that you can get into your private store ordistribute to your employees, and that's what matt is goingto show you in a minute.
and, i will then demo a lineof business apps meaning, internal apps that were developed byeither your in-house developers for only your company ora third-party developer for only your company orother companies as well. now, we do absolutelysupport purchasing paid ups. if you are purchasing paid apps, you need to purchase a requirednumber of licensing up front, because then as you have seen, theuser experience is very seamless. users don't need to pay becauseall the ownership of licenses
is on you as an organization. we do support 46 markets today,41 one paint, there is a link in the deck,we are evolving this number. we are introducing moremarkets pretty soon. so if your market isnot on the list today, double check the link becauseit might be there tomorrow. >> all right, we'll quickly againswitch back one more time and show you how easythe purchase experience is. and then we'll reviewthat in just a minute.
so, sorry i went tothe wrong machine. we'll show that in a moment. so if i go into the,back to jerry, you see i'm back at the search results thati was at just a few minutes ago. and so i've searched forfinance here and you see in that list there'sa combination of free and paid apps. so i'm just quickly clickon this is my budget. and you see that it's $2.49, i canchoose to buy now and when i click on buy now it brings up an optionto just say how many do i want?
i could just say, 10, enter it. choose from those paymentmethods that were there since it's leon's creditcard that's on this account. i will cancel this at the moment. >> thank you.>> to save him the money. but you just go through,click next, pick the credit card. in fact, i can go ahead and click nextbriefly just to show you that ux. there.
you see i will save charging yanon his american express there. but you see the tax [inaudible] andthe whole thing. and i just click buy, and i'm done. but instead, forthe purposes of the demo, lets go move back toacquire a free app. so in this case,we'll go ahead and pick msn money. and we'll talk about someof the other options here, the difference between online andoffline and what that means. but in this case, because it's free,
i don't have to gothrough it at all. i just click get the app. and now, i've just providedwith a confirmation that's been added to my inventory. and when i click on,close, then you'll see it's acquiring basically unlimitedlicenses for my organization. and in a moment we'llreturn to this page and talk about how we distributeapps on this page. so, in the meantime i'm gonna goquickly to, let me switch back.
to yan, to walk throughthat acquisition flow. again, just a little bitmore in depth, okay? >> thank you. thanks matt. so matt was now acting asan organizational purchaser. and again, those purchasescould be delegated and etc. so as an organizational purchaser,you have to go into windows store for business using your work orschool account. and if you are acquiring free apps,then as he showed earlier,
you can get unlimited number oflicenses, because that app is free. so there's no limit innumber of licenses. and that app could bethen distribute it to users in the organization throughthe methods that we'll be discussing little later. in case it's a paid app, then youneed to decide what number of licenses you need soyou purchase them upfront. and then that number of licensesis added to your inventory. and then using the same distributionmethods then you distribute those
apps to the people orusers in the organization. now of course, if you need more licenses you cananytime buy additional licenses or because those licensesare owned by the organization. you can always reclaim licensesfrom those people who no longer need them and assign thatlicense to somebody else. so, what we've just walked youthrough is the purchasing or acquisition experience. now once you acquire thoseapps they will end up in
one single inventory andas i mentioned, from there, you can then decidehow to distribute these apps. you can see who usesthat particular app and that's the same place whereyou can say i want to reuse this app andmake it available to others. >> all right, we'll showthat super quickly, as well. so, back to this page. again, just at the msn money app,if you go to manage and click on inventory, here,you're taken to that view that has
all your inventory, everythingthat you've acquired here. so msn money, which i just acquired,is right at the top, it shows me again that thereare an unlimited number of licenses. i can scroll down and i can seea whole bunch of other apps, including line of business apps,which we'll talk about next. paid apps and so on,all in this inventory. we'll get into in a moment howthe options are for distributing and further managing these. but there are actions apply to eachof these writing the dot dot dot
menu on the right soi can see more details, i can add it to your privatestore assign it out and so forth. okay. all right, sonow we talked the public apps. those apps that you can find in thestore, and we've just done the demo, so, we will now move tomanaging internal or so called line of business apps,why would you, so why we build this. so we had the feedback from youthat you want to manage all those apps in the one place along withother apps which make total sense.
it's very easy for you, it's also simplifies thecommunication with your developer. especially if it's a third partycompany, that they don't need to send you an email, andthe apex attached to that email, and then you don't need to side-loadit into the organization. because the package, when one'ssubmitted through windows dev center and distributed throughwindows store for business, it's signed bythe store certificate. so you don't need toworry about side-loading,
it works just like any other windows store app as matt showed youfor example in the private store. you see all the rich metadata,you see screenshots and etc. so there was one interesting usescenario that i want to bring up so you can maybe think aboutsome scenarios that you might use this in. we've talked yesterday toa gentleman who works for a company who builds physicalwindows, house windows. and they had a third-party developerwho builds a catalog app for
them which is an appx package. now, they also needthe app internally but they also need to share thatapp with their retailers. and they don't want to make that apublicly available in the store, so this is a perfect scenario for line-of-business app managementthrough windows store for business. where the manufacturer andthe retailers would, through windows store for business,invite the developer to publish such app right totheir inventory and
would be available onlyto those companies. now the simple workflowhere works that. the first step is that you as an itprofessional need to authorize specific developers topublish up to your inventory. the way it's done, it's done inthe user interface off store for business andi'll show that in a minute. and you will use the dev centeraccount of that particular developer, because the submissionis done in the windows dev center. which is an environment that isfamiliar to all the developers
who already have applicationin microsoft windows store or in the microsoft store. now, once that invite is sent, the developer, i'm assuming,they accept the invite. and in that moment,your organization will show on their dev center page, and theycan publish to your organization. one step down, one step is done. then the app is added oris pending your acceptance as an it professional inthe windows store for business.
if you decide to accept the appit's added to your inventory and you can distribute it in the methodusing the methods that we'll talk about with matt in a minute,to the people in the organization. and now, here's the best part. whenever the developer createsa newer version of your app, then he submits the updated version. but because you havealready accepted the app, it can flow allthe way to your users. now of course,there is a lot that you can manage.
you can turn off auto updating,you can use system center, maybe to have some specific workflows andpaths, specifics mode test and etc. so you can make it ascomplex as possible, and you can see that there are options thatare easy for smaller companies and for those that don't need sucha deep level of governance. >> and before we go onto the demo,just one quick note. there is another breakoutsession tomorrow, it's brk-2065. if you're keeping track. which is building and
distributing enterprise appswith store for business. that we'll go into more depth froma developer experience perspective. if you're interested in that. >> yeah, so we're more than happyto see you at that session. so, this is the windows store forbusiness and i'm signed in as jerry, the itprofessional guy and in settings, you see a specific option herethat is called lob publishers. and if i open this,you would see, yeah, i'm not sure if i want torate my build of windows.
i love it, but i'm not sure, i'lldo it later if it's okay with you. and you can see all the developersthat i invited to publish on my behalf. notice here,the contoso development, and i used the developer account asthe login that the developer uses to sign intothe windows desk center. now, if i open the windows devcenter, you can see that in this particular dev center, i have onlyinternal line-of business apps. these are all the appsthat i'm managing, and
i've submitted through the windowsdev center as a developer. and if i, for example,go to the contoso paystub here, and if i open one of those submissions. then, what i want to show youhere is that in the availability, this app is not targeted toso-called retail distribution, but it's only targeted toselected organizations. so right here, when i expand this,there is a number of organizations that trust me as a developer andinvited me to publish this app or any other line-of-businessapp to their inventory.
and only those organizationswould be able to see and install that particular app. now, once i submit that up asa developer, let's go back to the it professional experiencehere in the windows dev center. and i mentioned that before ituplinks it to your inventory, you need to approve that app. and so right here i have twoapps that i have not accepted to my inventory yet, which is thecontoso health and the paystub lob. you can also note herethat we do support two
different licensing types, and mattwill talk about that in a minute. so i will accept,i can accept or reject this app. so if i add it to the inventory,i'm accepting. if i'm rejecting,obviously i'm saying no, i don't want this appto be in my inventory. or if i choose to seesome product details, i can see some metadata of that app. i can see some screenshots andplatforms that this runs on, and etc.
so it looks and feels as it's one ofthe public windows store apps but this one is a particular lineof business apps built for only our company. and then obviously, i can use any of the distributionmethods to distribute this app. all right? back to you, matt. >> and with that, we'll talkabout the distribution method. >> yes.
>> perfect, okay. >> so in the store forbusiness, there are really three different mechanisms that youcan use to distribute your apps. you've already seen one of them andi'll walk you through the first two, and then yeah, i'm gonna walkyou through the third one here. so, the first is just to usethe private store, itself. that's what's available foralice, or was available for alice,just on her client machine. the second option isto assign the app
to specific users inthe organization. and that doesn't requirethat they necessarily go and browse the private store. they just get a link, and you'll seethat, as an invitation and then they can click on that link and be takendirectly to the specific app. and then finally, as we talkedabout earlier, the store for business integrates with allyour existing management tools, whether that be online,like intune, whether the sccm or other mgm solutionsthat you might have.
the store for business offersan interface that a number of providers havetaken advantage of. and we'll listen to things thatare added to the inventory store for business andsync them across to their own tool. so you can integrate them withmany of the tools that you're already using here. so with that, let me go ahead andjust show you the first two quickly and then we'll talk a little bitmore about management tools. so if i go back to the inventoryhere with msn money.
when i click in to msn money back tothat drilling page from msn money. you see a couple of things. first, you see a buttonright at the top, which is, add to your private store. so it's a one-click action to add,it will take approximately 24 hours right now for it to beactually added to the private sore. so there is a bit of a delayin terms of provisioning it to the private store. and then, it's available on yourusers store clients, in windows 10.
the second method, here is,as i mentioned, to just assign this directly to people, and so, i canclick on assigned to people, again, i can go ahead, and click,and type, in alice, here. and when i choose alice andclick assign, what it's doing is it's generatingan email invitation to alice. it's applyingthe license to alice and if i switch over to other browser, you'll see that i just got an emailthat msn money is now available. now, this is again onalice's own machine.
again, i'm signed in asalice in the local machine. so i'm in outlook web access,but i click on get the app. and i'll navigate and i launchthe store client on windows and take me directly to that. i've been licensed forthat app immediately. and so right away, i can just clickon install and it'll go ahead and download msn money. and it'll be availableon my local system. so just again, like you wouldexplore any other apps,
it's that quick to see it andto go ahead and get started there. so that's the integration inthe store business directly from a management perspective. now, let's switch back and let'stalk a little bit about more depth integration from management tools. >> okay, thank you. so, now as matt coveredthe first two store managed options that might be good forlet's say, smaller organizations. then you,
as larger organizations mightneed higher level of governance. or maybe you are alreadyusing methods and tools like, management tools thatallow you to deploy apps using specific policies thatyour organizational requires. and so as matt mentioned initially. the windows store forbusiness has a api, public api that managementtools can connect to and synchronize the inventoryof acquired apps. so the inventory thatmatt showed you,
it included all the apps that heacquired into his environment. and that's exactly the sameinventory that the management tool can synchronize. and then, since that point on,you're working in the management tools anddistributing the apps as if there are a different,as you're used to today. so that's the beauty andthe power of management tools. so we give you richoptions on how to do this. now, i mentioned the businessstore service which is
an api that is documented. so, if you, for example, happenedto have a homegrown management solution that you want to connect tostore for business, you can do that. today, we obviously supportmicrosoft intune and microsoft sccm. there're also third party managementvendors who already announced support for windows store forbusiness, such as light speed and air watch, and some others thatare working on the integration. so if you are not using some ofthe microsoft management tools but using different one,then talk to your management vendor.
and ask them about whenthe support for windows store for business will be available,and how you can use it? now, we also pointed to somenice resources on technet, so there is some general information onhow to work with management tools. and if you have any feedbackon the technet content, trudy, the author of the management ofthe window store for business, technet article, she's here. so, please,feel free to talk to her. there are also twospecific links on how to
enable the sync with intune andsystem center configuration manager. okay, so i think is time for a demo. so, we'll maybe do a longer demohere because what i want to show is how to setup the integrationwith intune. so what i would do first, i willsign in to the same instance that matt was using earlier, so that'sthe instance that he just created. so i'll use the same account. i'll sign as jerry and .onmicrosoft.com and
as soon as i will sign in i will seethe same experience that he had. and if i take a look intothe inventory he had the msn, he just added msn. >> that was the other account. >> it was the other account, okay. >> [laugh]>> the old account. >> so in order to configurethe connection i need to go to, again, settings but this time it'sthe management tools tab or command. here we pre-populatemicrosoft intune.
but if you're integrating withother tools, you can find others in the browse window here as youclick on the add management tool, or you need to configure it in azure adbefore you can do the next step. so here for intune, it's aseasy as just clicking activate. by this occasion,the windows store for business also asks me if i wantto enable offline licensing, and matt will be talking in a minuteabout what is offline licensing and what are the benefits,so i said yes. perfect, so i just enabled my tools.
so i just pretty much said thatintune now can access this instance of store for business. the next step, what i need to dois to obviously log into intune and enable mobile device management, if not already enabledon that instance. and once it loads then i'll go to admin, and here in the admini'll click mobile device management. it asks me to add the mobilemanagement which i will do. and there's a new section that isbeing populated right below the mdm
section and you can see herethe store for business section. so lastly, i'll go into store forbusiness section, and the only thing that i need todo is say, configure the sync. i want to enable it and i'll choosethe language in which the meta data will be fetched so i'll say english,and that's pretty much it. so now i've configured the sync,now there's the first initial sync. and in a minute we should beable to see all these apps that were available in this instance,right here under apps and volume purchased apps,so there you go.
so it's virtually instant andit works beautifully. now obviously, if you have a paidapp, then we do also bring over the number of licenses in useand number of available licenses. and because these apps were free,not paid, then they have, by default, unlimited numberof licenses that you can use. here is another example ofsystem center integration, it's just a screenshot. but again today,we do support integration with system center configuration managerand
i pointed you on the technetarticle on how to set that up. so, just to wrap up this section, we've shown you three methodson how to distribute apps. the first two as matt was showing, where the store methods usingprivate store and direct assign. and we've also reviewedthe option for using management tools to deployapps from your inventory. all right, so now we are going togo deeper into the online versus offline that we mentioned manytimes, but we haven't explained it.
so matt, please. >> so yan just showed, in clickingthrough hooking up intune, that you have the choice toenable offline licensing. that is also available asa setting on your store, so let me take a moment and explainthe difference between the two. so online licensing also we referto it as store manage licensing is essentially what the store forbusiness handles itself. so it allows you to putinto the private store using direct assignmentin addition to mdm and
solutions such as intune,which supports online licensing. organization-managed licensing, oroffline licensing, is for those situations where you're not goingto leverage the store for business. you're gonna really muchmore heavily leverage sccm, on-premise, and so forth. in this case you can use the offlinelicense to get a copy of the package and then add it to a computer image. you can use manual deployment andwhether it be dism or some other tool to get it out or,again, you can use many mgm tools.
sccm is a good example toprovision the packages themselves. the installation, if it's storemanagement, if it's online, is obviously handled bythe store and store services. if you're installing an offline or organization managed license,that's up to the organization. that's up to all of you to actuallyhandle the installation and the distribution of it. regardless of the type of license, however, all updates comethrough windows update.
you can turn off the updates ifyou want to prevent that and handle everything inyour normal workflow, but by default it doesn't matter howthe package ended up on the machine. regardless of how it got onthe machine, windows update will update it as long as you're online,connected to the internet. there are obviously certainscenarios, i like to use the example of, if you're in the departmentof defense and in a submarine somewhere you might not haveinternet access, maybe you do. and for those situations,
then obviously an offlinelicense is the way to go, because it will never connect up andcheck for that license. it's just trusted tothe organization there. and that's what we referto as license management. license management for online or store manage is handled bythe store for business. if it's an offline license thenthe license management is handled by the it department inthe organization itself. this is also, i said much earlier,
where the point of azure activedirectory accounts comes in. if you're gonna use online licensingor store manage licensing, every user in your organization needsan azure active directory account. you could be in a hybrid state anddirsynced to azure active directory. that's of course fine, butthere has to be an account for each user that's using the store forbusiness, or gonna be assigned licenses to the store for business,in azure active directory. if you're usingorganization-managed or offline, then only the itprofessionals or the purchasers that
you've delegated to, need thatazure active directory account. because they're gonna beactually browsing the store for business through the websitethat i've shown. in order to actuallyconnect to that website, we do look up the account forpermissioning, and so forth there. there are essentiallyno prerequisites from an online licensing app perspective,but for organization managed licenses,the developer has to have opted in. so, jon, earlier,walked you through a bit
of the developer experiencein windows dev center. in that very same section, where you can choose whether youwanna publish retail to everybody or whether you wanna just publish toselect organizations, there's also an additional checkbox there thatsays enable offline licensing. the reason it's notopted in by default is, to some extent the developeris taking a risk, right? it's up to the organization tomanage, if it's a paid app, to manage the number of licences,it's not automatically managed.
and so if you went off andwere a malicious organization and purchased 10,000 offline licenses,there's no tracking there. and that developer doesn't get paid. so they opt into that experience. >> however microsoft is addinga safeguard that we'll be explaining in a developer blog that willbe posted next week on blogging windows, anddeveloping apps for windows, where we are clarifyingthe online and offline licensing. from the organizational perspective,
who wish to purchase offline licenseapps, there are some additional credit checks thatthe organization needs to pass. and plus,all the binaries that are acquired, even in the offline license mode,have a stamp with the name and date of both your organizations. so if needed, the developer,with help of microsoft, can track the package back tothe source in case the app leaks. so you won't get very far if you'rethat malicious organization. so now that we've talked aboutthe online and offline licensing,
let's take that concept andnow apply it to how you, as an organization, can controlthe distribution of that. and it's really a stackof options here. so, the most broad option foryou is if you're a small business or you don't have the tightestrestrictions for your users and what they can use,which is what we certainly hope. in many cases,you can allow users to browse all apps that are in both the publicas well as the private store. if they want to go get facebook,they can go get facebook.
if they want to getthe business apps, they can get the business apps. they have full control andfor certain byod scenarios, that's obviously gonna bevery appropriate there. so that's the very broadest. then, if you go further,you can say, hey, that's fine but you know what, in my infrastructure,there are, for some reason, certain apps thatare causing problems. i wanna block those specific apps.
in order to block those specificapps, i can either use applocker or deviceguard or both. in certain cases applocker is more,and we'll demo this injust a few moments, applocker is more a specificallow list or deny list for apps. deviceguard is based oncertificates, and so you can get the certificates ofcertain publishers and allow or deny access to those specific apps. you can block a specific applike facebook if you so choose.
that's kind of the next level down. then, if you wanna go further,you can apply group policy and limit access to just the apps that havebeen published to the private store. and so your users can just goahead and browse at their will those apps and select the ones thatmight be most useful for them. >> and we'll show this is a minute. >> the next step down is to say, i don't want to give usersaccess to the store at all. i'm gonna handle allthe distribution myself.
and you would use the toolsthat you used today. however, as we've discussed, you canstill use, as an it professional, the store for business toeasily acquire those packages, whether it's using online oroffline. and then, just distribute it, handleall the updates and the workflows, through a sccm, intune,other mdm providers. and then finally, if you wantit incredibly secure, and this is not mutuallyexclusive of the others, you can actually havea specific allow list.
so before we said a block list ordeny list of apps, you can actually have a specific allow list of appsin applocker and deviceguard. say, these are the only appsthat can run our machine. if someone mails your useran executable as an attachment in, say, a zip file and it's not onthat list, it's not gonna run. it's not gonna be installed there. so that's kind of the deepestlevel of control that you have over distribution. so you really have a lot offlexibility for your organization.
again, you can usemultiple of those. you can use multipledistribution mechanisms. you can apply applocker,deviceguard multiple levels here. so we really wanna give youthe most flexibility, and ideally, you users the most flexibilities. so you don't have toturn off everything. you can just give themthe functionality that you want to. >> and if we may ask you to divertthe questions until the end. we have a last demo to do andthen we'll open up for
questions in a couple of minutes. all right, so->> [crosstalk] with that- >> [crosstalk] that's a perfect summary of all the options youhave as an organization and let's take a look at someof those in an action. so i would like to showyou two of those options. the first option is touse some of the policies to show only the private storein the windows store app and then to show you the applockerto block a specific app or
a specific version of the app orapps from a specific publisher. so, back on this windows 10 machine,i launched the windows store. and as you see, on the top wehave home, apps, games, music, movies and tv,as well as the contoso tab. now if you're running windows andenterprise for education or the mobile versionsof windows 10, you can actually apply a specific policy that woulddisplay only the private store. so i'll just close the privatestore, and i'll just open gp-edit, because that's probablythe easiest and
quickest way to show this in action. of course, these policies are also availablethrough management policies. so if you are moving from gpoto management policies, and you're using intune to managesome of those policies, then you can usemicrosoft intune as well. now here, andthis is all commanded on technet, and i'm setting the computerconfiguration in this case. in windows components,
you'll find a folder store withnumber of different policies. what i will just do for this demo, i will enable a policy that iscalled require private store only. so once i apply this and once i relaunch the store,what you see is that the other tabs, the public store,actually disappeared and is hidden. now, yes, we do a great jobin hiding all those apps, so if you'd search forless of a productivity type of apps that are definitely in the store,you won't find them.
if somebody sends somebody deep linkto the store, it simply won't open. so that's one of those optionsof how you can still keep the benefit of the store and makethe private store available to your organization and hide othercomponents of the store that you might be worried about orthat you might want to hide. now, the second part of demo i'd like to show you usingapplocker to block a specific ad. so as you remember, matt installedthis msn money app on the computer. and as you can see,i launched it and it works.
so what i will do,i will actually use the applocker to block this app from running. so, what i will do, i'll justuse the local security policy to define the applicationcontrol policies. right here, we'll create a new rule,and it is a pretty straightforward wizard, where you say,are you allowing, are you denying? so, in this case, i am denying. is it just a specific groupof people or is it everybody? for simplicity,i'm just keeping everybody and
here i can browse apps forreference. so i just say, well,this is the msn money here. and this dial here onthe bottom allows you to either block a specific version of the app. or if i move it higher,i can block msn money app, all the previous andfuture versions. or if i lift it any higher, i would just block all the appsfrom this particular publisher. so for the->> [crosstalk] please don't do
that in this case. >> exactly, exactly. so, for the sake of this demo, i'll just go back to onlyblocking this package. i can define exceptions,etc., and hit create. so, now when i launch the money, here, then you see thisdialogue that says, this app has been blocked byyour system administrator, and contact system administrator formore details.
so these are just the twosneak peeks of how you can control the user environmentto a very granular level. >> okay, so we just have a fewslides to close this off and then we'll open up for questions. so the first thing we wanted to justmention briefly is your feedback to us is invaluable. you probably heard that all week. the store for business team is onedriven by continuous innovation, continuous improvement.
we know many of you are justin the process of piloting or rolling out windows 10 and so you'reprobably also just in the process of exploring store for business. hopefully, that's why youjoined us here today. and so this is a perfect time foryou to explore, to try it out. you hopefully saw how easy andquick it is to just get started and pilot it. at least withinthe it department and then with maybe a few set of users.
send us your feedback. we're really interestedin it because we deliver, on a weekly basis, updates tothe store for business, and so we're constantly taking feedback andincorporate it in. the easiest way to send feedback, unless you wanna come upafterwards and talk to us or ask us questions in just a moment,is just go to feedback hub. if you've been a windows insider,you probably are familiar with using feedback hub to provide forwindows itself.
since centennial launched,feedback hub is now available for all users of windows. and so it's just another store app,just go search for feedback hub and you can download it. and within feedback hub there is astore category and windows store for business subcategory. so if you just enter inyour feedback there, it will get sent tothe product teams and we take this very seriously andlook at all the feedback there.
so please, definitely take some time to try itout and give us any feedback there. if you happen to be a developer, i'll also give one other plug forfeedback hub. feedback hub now also integrateswith any software vendor, so you can go to dev center, and youcan sign up to use feedback hub for your own application. and that gives you a bunch oftelemetry on the application as well there.
>> so this is just a summary of whatwe have walked you through at this session today. so we talked about windows store forbusiness, we showed you high level demo, demoed the end user experienceand the it pro experience. then we went into applicationacquisition ad we talked about getting windows store apps,those public apps and managing your internalline of business apps. we showed you the options ofhow you can deploy your apps. we talked about online andoffline licensing.
and we also coveredthe broad range of options of different policiesthat you can use to lock the environment asyour company would require. now, there are number ofother related sessions and as already mentioned there isa breakout tomorrow, build and distribute enterpriseapps with store for business that we are doingtomorrow with kyle. and so it's more developer related,we are walking through the line-of-business managementwith store for business,
managing internal apps with mdm andthen going to side loading. we have a lot of demos, so ifyou're interested in that topic, or if you know your colleague wouldbe interested, send them over. all the other sessions wererecorded, so there was a great session yesterday aboutall app windows 10 security and management and windows as a service, what types of services helpyou to deploy windows 10? and that's a session that wewould recommend watching. if you are in education,craig actually today did
a session on exploringwindows 10 in education. and also if you want to have handson experience on windows store for business, please visit our labs that also feature windows store forbusiness session, where you setup your intune instanceand then configure windows store for business and start acquiring app andsending them over through microsoft. >> and if you don't havea chance to do it here, those labs are actuallyavailable online at myignite. so, just go to ignite afterwards andthey will be up there for,
i believe it's up there for 30 days. so you have a chance to go throughany labs you missed this week. >> absolutely, so what we want to work up withthe set of these three links. the first one is the sign-up forwindows store for business. the second one is linkedthrough this tech center that is on technet andit's the end to end information for it pros, around windows store forbusiness. and the last one isa similar pointer,
specific to developers whowish to build apps for, that would be distributed throughwindows store for business. we also ask you tosubmit the evaluations, tell us how we can make the product,the session, the content better. >> the lollipops? >> and of course, yes,thank you for mentioning that. there are still some lollipopsthat we brought to you, so they were actuallysent from my daughter. so i really cannot disappointher and fly them back.
so please->> it's our incentive to get you to go to the mics andask us questions now. >> exactly, sowe are opening for questions. >> i'm just wondering if the storeis ever gonna support win32 apps? >> so the question, i guess,it's mic so you heard, will the store eversupport win32 apps? so if you're familiarwith centennial, centennial is technology thatmicrosoft has released that allows you to repackage win32apps as appx packages.
and so if you have win32apps in your organization, encourage you go look or have yourdevelopers look at centennial. and it's a way to basicallywrap it in an appx package. and then that appx package canbe submitted to the store. today that's the easiest way tosupport win 32 apps, thank you. >> and matt's private storeactually includes one microsoft centennial app, which isthe desktopappconverter itself. so it's a centennial app, sothis already works today. >> offline licensing,
how many free apps do yousee adopt offline licensing? because i'm assuming it'sdeveloper selectable on offline, on free apps too. >> yep, great question. so today, we have hundreds of apps that are available foroffline licensing. if there is a particular app thatis blocking your deployment and you need it available for offlinelicensing, the best way is to connect with the developer andtell them why you need it.
or talk to your accountmanager at microsoft and they would help to amplify thatbusiness case to the developer. as i mentioned, we are alsopublishing a specific blog article that explains specifically fordevelopers what does it mean for them, how it makestheir business case of distributing apps even broader,with enabling offline license apps. >> i gave the negative view aboutwhy a bunch of developers didn't check that check box automatically. and yeon gave the response,which is,
we're doing a lot within microsoftto protect the developers, so that they don't have toworry about checking it. and it gives them muchmore distribution. we'll ping pong back andforth a little bit. >> okay, so let's pretend i'man independent software vendor, and i have a plugin for edge that i want to distributeusing windows store for business. what's the story there? >> it's supported, so edge pluginsare supported in the store for
business, in the retail store forbusiness. and so, again, you, i believe it'snot browsable today, but if you have the link to the edge plugin,you can distribute that link. so in the store itself, you can'tbrowse for it, but it's there, and if anyone clicks on thatlink it will be available. >> is that the only way to injectan edge plugin at this time, other than side-loading? >> well, you can do it throughthe consumer store, but i don't think that'sthe question you're asking.
>> right.>> correct. >> correct.>> so, you want to do more a enterprisewide type of deployment. >> of an edge plugin, that's right. >> maybe kyle can,kyle is nodding yes, that's the only way to do it today. >> okay, i'm gonna gotalk to this guy, thanks. >> [laugh] andthat is kyle in the back, who will be joining tomorrow forthe deep dive there, all right.
>> if an app developerproduces an update of the app, how long does it take before itis showing up on the devices and can you track that in some way? see which clients already havethe update and which don't? >> so, yeon may know more details ofthe specific kind, but essentially, the developer just like submittingany other package to the dev center, you have to go through thesubmission process for the updates. once it's submitted upthrough the dev center, it's essentially the samelife cycle as it is for
any retail app,it just goes through windows update. so my understanding isthat that's pretty quick in terms of getting out. in terms of actual distribution, how many users have connected andaccess it? that's where i was referring beforeto the telemetry that's available in dev center. dev center provides a bunchof reporting in there, around i believe it haswhat versions you're in,
what the usage ofthe your app is in there. so a bunch of the stuff is in devcenter itself and if the specific thing is not feedback hub is fordev center as well and they're actively looking that forspecifically analytics. they're really spending a lifetimeon analytics for developers there, so that's a great suggestionif it is not there but i'm pretty sure it is there already. >> thank you.>> is it possible to use different purchasers with different paymentoptions like one in the us,
one in europe, one in asia that might be differenttype of licenses or prices? >> that's a great question,very frequently asked question. as matt said, we are on the pathto continuous innovation. so absolutely, enablingmulti-organizational purchase and enabling additional paymentmethods is on our roadmap. so today, it is not possible butagain, tomorrow as these updates will be rolled to the environment,it will be possible. so yes, we are enabling thesecapabilities in the future.
>> is there a schedule for i don't think there's anythingspecific that we can share today. i'm happy to havea one-on-one conversation. what is the exact need that youwould need and then we can bring it back to the engineering team andprioritize this appropriately. >> one program that's not it's notrestrictive, it is to basically have multiple shared credit cards there,organization-shared credit cards. and you can say hey,if you're in this department, if you're in this subsidiary, right?
use this one andif you're in this, use that. so that might be, again dependingon how much you need to restrict, you don't just need to have one. in fact, [inaudible] visa andamex are both on there. >> so even today actuallythe payment methods, the payment instrumentsare per user. >> yeah>> so if you're a different user you have a differentpayment instrument. >> so that is available.
the breadth of payment methods and having more kinda specific stageof departmental purchasing, those are things as said are comingand we're definitely interested in. and would love moreon your scenario. >> monty will walk around. thank you.>> thank you. >> hi. when i send the mail to the user for the app to download witha licensed user, how can the user
see if it's a company app or stufffor business app or private app? >> so in the email,if i still have it up, the email actually saidit came from jerry. so let me. [inaudible]>> so you can see that it'scome from jerry. see, it's associatedwith [inaudible] here, let me see if i see that. >> but you won't see specificallyif it's an internal app or.
>> when i click get the app,there's no information about this. is it public or is it business? >> when i go in there,you're saying. well, so, there's really not a differencefrom an app perspective, right? the difference is whatyou've made available. so msn money is available inthe retail store for everybody. you have maybe chosen to make itavailable in your private store. so this page is exactly the same,
as someone that'sbrowsing in a company, that lets users have access tothe public store would see. as in yours, unless a lot ofbusiness application that has just been published directly to yours. does that make sense? >> this one is a free one, butwhat's one app cost something? policy of the user is purchased forthe company or for personal? >> so, that's a great question. once you've purchased it and
you've assigned it out,it will have the same thing. it will look like it'salready been purchased. >> okay>> okay, so the user doesn'thave to purchase it. >> okay, thanks. >> great question.thank you. >> so you've showed ushow to publish an app, how to automatically upgrade it,how to lock an old version, but what about completelyremoving an app?
>> that is a great question and something, you're right that idid not show and we often do. so if i go back to my inventory. here, actually, i don't evenneed to go to my inventory. >> so just to clarify the question,is it removing the app from inventory or removingthe app from windows 10 machines? >> i mean removing itfrom the machines. >> okay.>> so, i will get there. the brief answer is you can't,through the store for business,
remove it from the machine. but if i click on alice here andreclaim the license for this app, now the license is gone. when the user triesto launch that app, they will no longer beable to run the app. so they're no longer licensed to it. i guess i have to sign back in, but->> so if you're asking about, for example, the in box apps thatyou want to remove from windows, there is a specific policy.
i don't know the exact details but,when exactly it was published, but i think it was inthe anniversary update. check the technet forspecific information, you can actually remove thoseinbox apps and then, for example, we store for business, if you wishto add the camera app, you can get the offline license of that cameraapp and using your management tools, you can then deploy that app toonly those specific devices. you allow the camera app. copy on.
>> ok, thank you. >> and, i could say, also,i've been asking, actually, for clarification on this. i believe you can also use the mdmsto actually remove the app, i just need to getclarification on that. so if you wanna [inaudible]>> okay, three questions we goton windows 10 mobile. i'm assuming that allthe configurations that you showed setting up private stores, etc.,
will be done through equivalent csb,csb provided commands from an mdm. is there any gap there? >> there are,there's actually a great technical article that goesthrough this in detail. the policies do vary slightlybetween mobile and sf. so i'd recommend go to the article,or i think the online mightactually have it up. and you can read ingreat detail on it. that's something we definitely,those x's and
checks tell you exactlywhat's available, where. that is something we're definitelywork on and so we're looking to try to, where possible, provide morealignment on that over time. >> okay, so question number two. from a user experience perspective,and again on the phone, you would justbasically click on the store. the default store app andyou would basically then see the private store,if that's the setting. >> exactly, exactly, and the userexperience is actually very, very,
very similar. to the experience if i would takethe store here and make it small, make it actually like this so thenthe menu is on the left hand side. so, that's exactly the same. because it's exactly the same. >> okay. >> so, if you wanna see afterwards. just feel free to come up. but, you click on the littlemenu on the left.
i don't have the policyapplied on here. i haven't relaunched it. and so, it does show all of them andthen the one that is highlighted in blue at the bottom,is what says contoso. >> okay, and then finally,if i basically use a private store does that, in any way,limit my capability to make applications vpn app triggered,or use whip with them? like, can i still use windowsinformation protection settings with those apps, or even, like, makethem to trigger my vpn connection?
>> that is a great question idon't know the exact answer. so we need to->> carl says yes. >> yes.>> carl says yes, so that will be the microsoft auto vpnoption, right? if it's a third party mdm,it's a different story. >> so, yes. yes, i can actually stilluse a functionality. >> okay, good. >> that's great.
all right, let's take a lastquestion on the mic and then our time is up. so we are happy to take thequestions then here at the podium. so, your last question,madame, please. >> is tomorrow's session forthe developers being recorded? >> yes, it is. >> so it'll be available on the hub? >> it will be available on the hub, all the breakoutsessions are recorded.
>> so, yes it is- andplease if you have other questions, [inaudible] please feelfree to come up and we'll stick around outside fora while. okay, thank you. [applause]
This post have 0 comments
EmoticonEmoticon