CHAPTER 12
Creating and Using Deployment Types

Chapter 11, “Creating and Managing Applications,” introduced applications and deployment types (DTs), showing how to create a System Center Configuration Manager (ConfigMgr) application by specifying its DT. An application must have at least one DT; additional DTs (if the application permits it) can more fully leverage application functionality. ConfigMgr applications enable you to deploy software to users based on device type. You can use DTs to customize deployment based on the device and other requirements.

A ConfigMgr application is a container used to deliver software. It includes basic information regarding the software application, such as name, version, application owner, and localization information that describes how the application is displayed in Software Center and the Application Catalog. It contains information about the distribution settings used and the distribution points (DPs) and DP groups to which the content is distributed, including references/dependencies for other ConfigMgr applications and whether the application replaces an existing ConfigMgr application or is part of a virtual environment. The application is merely a shell; installing software requires a DT.

DTs are functionally similar to ConfigMgr programs that deploy ConfigMgr packages. Just as a program contains an installation command line and any platform requirements (such as Windows 10 x64), a DT contains that same basic information and much more.

Requirement rules, which are used with DTs, are flexible and can leverage just about anything on a system, including SQL or LDAP queries, primary user information, and so on. ConfigMgr applications are deployed to a user or a group of users, with a DT identifying the type of device being used and where the device is situated at that time.

The following is the most important information for DTs:

Content source location (Universal Naming Convention [UNC] path to source installation files).

Install and uninstall command lines.

Detection method(s), used to confirm whether a ConfigMgr application is installed, confirm dependencies, and determine supersedence. Detection methods are applied on a regular interval (every seven days by default) to reevaluate installation status on each system.

End-user experience configuration to determine when to display notifications, logon requirements, and so on.

Requirement rules, used to determine the requirements for a DT to proceed with the installation.

Success and failure return code information, to provide additional control over the installation process.

Dependency information, in case the application requires other applications to be installed first (for example, Java Runtime Environment).

Using Windows Installer is Microsoft’s preferred method for installing applications. It utilizes MSI file types, which contain installation logic for an application. For information about Windows Installer, see https://msdn.microsoft.com/library/windows/desktop/aa367449(v=vs.85).aspx.

1. In the ConfigMgr console, navigate to Software Library -> Application Management.

2. Click the Applications node and select the 7-Zip 16.02 application. Right-click the 7-Zip 16.02 application and select Create Deployment Type from the context menu.

3. In the Create Deployment Type Wizard, confirm that Windows Installer (.msi) file is selected as the type. Browse to the .msi, in this case \OdysseyDSLApplicationsIgor Pavlov7-Zipv16.02Deployx647z1602-x64.msi, and click Next.

4. If you receive a warning that the publisher of the .msi could not be verified, click Yes to import this file.

5. On the Import Information page, which shows a successful import, click Next.

6. Edit the General Information tab, which displays a subset of settings for the DT, as needed. The defaults are modified so the x64 installation is similar to the x86 DT created in Chapter 11. This information is used to populate the minimally required information for the DT. Following is a basic description of the fields:

Name: Specify the DT’s name. This example contains x64 in the name to simplify troubleshooting.

Administrator Comments: Specify information that is available only in the console.

Languages: Multi-select supported languages for this DP. To restrict the application installation to specific languages, enable that on the Requirements page.

Installation Program: Specify the command line to install the software. The default for a Windows installer program uses the /q switch for a quiet installation. Modify this command if you require additional parameters such as public properties or transforms. This command runs from the root of the content source location; the path should be relative to that location.

Run Installation Program as a 32-Bit Process on 64-Bit Clients: Enable this check box for a 32-bit installation, meaning it will install to %ProgramFiles (x86)%. This setting helps ConfigMgr properly install and uninstall 32-bit applications on 64-bit systems. By default, the ConfigMgr client agent on a 64-bit system does not use this path or the HKLMSoftwareWow6432Node Registry path.

Installation Behavior: Specify the rights used for installation:

Install for User: Install using the rights of the current user.

Install for System: Install using the rights of the SMS Agent Host service (Local System account).

Install for System if Resource Is Device; Otherwise Install for User: If the application is targeted to a collection of devices, install for system; if targeted to a collection of users or user groups, install for user.

For 7-Zip, the installation should always install using system rights, so be sure to select Install for System.

After making all the appropriate settings, click Next.

7. Select the Requirements page, click Add, and choose the appropriate supported platforms. As this installation of 7-Zip is for x64, select the desired x64 platforms to support and click Next.

8. Leave the Dependencies page blank because 7-Zip does not have dependent applications (such as .NET Framework or Oracle Java) and click Next.

9. On the Summary page click Next to create the DT. The Completion page confirms success.

As shown on the Deployment Types tab of the 7-Zip 16.02 application in Figure 12.1, you now have two DTs.

An additional DT feature is priority. In this case, the x86 installation is priority 1, and x64 is priority 2. When an application deploys, the client evaluates the DTs in order of their priority. In this example, the first priority is the x86 version of the DT; be sure to modify the requirements for the x86 DT so it will only install on x86 platforms, since the first DT that meets the requirements is run. If possible, place the DT you expect will run most as priority 1.

Now that you have created a new DT, review Chapter 11 to determine if you need to make any changes. The wizard shows a limited set of options for the DT. View the properties and make additional changes.

The default restart behavior of the MSI file will be used; ConfigMgr cannot control restart behavior for this type of DT.

The detection method uses the MSI product code and product version.

You can only use a Windows Installer database file (.msi); no other files can be used (like Windows Installer .mst or .msp file types, or setup.exe).

Per-user MSI files are installed for a single user; per-machine MSIs are installed for all users on a device.

App updates are supported only when the MSI upgrade codes of the versions are the same.

Follow these steps to add a new DT to an existing application:

1. From the application properties, select the Deployment Types tab and click Add to create a new DT.

2. For DT type, select Windows Installer through MDM (*.msi). For Location, browse to the .msi by using its UNC path.

3. On the Import Information page, which shows a success message, click Next.

4. On the General Information page, modify information, if needed. (This page is similar to the page for the Windows Installer DT, except you cannot modify the Installation Program, Installation Behavior, and Languages fields.) Click Next to proceed.

5. On the Requirements page, add a requirement so the DT installs only on 32- or 64-bit versions of Windows 10. Notice in Figure 12.2 that Windows 10 is available as an applicable operating system.

6. Click Next on each remaining page to save the DT. When complete, edit the DT. The General, Requirements, and Dependencies pages are similar to those of the Windows Installer DT created in Chapter 11.

Creating an App-V application requires a sequencer, an application belonging to the App-V product application suite that must be separately installed. The sequencer monitors the application’s installation and setup process, recording the information necessary for it to run in a virtual environment. The output of the sequencing process should be copied from the sequencing computer to a definitive software library (DSL) hosting the ConfigMgr application sources. See Chapter 11 for information on DSL.

With App-V 5, the ConfigMgr client uses a Windows PowerShell module to manage App-V objects such as virtual applications, connection groups, and dynamic configuration files.

1. From the application properties, select the Deployment Types tab and click Add to create a new DT.

2. For DT type, select Microsoft Application Virtualization. For location, browse to the .xml file for the App-V package.

3. On the Import Information page, which shows a success message, click Next.

4. In the General Information page, notice that the command line is missing. The installation command line is not required for App-V packages. Modify the information as needed and click Next.

5. Examine the Requirements page, which already contains requirements for this package. The information is included in the .xml file imported for the DT. Click Add to add additional requirements if needed.

6. Click Next on each remaining page to save the DT. When complete, edit the DT. The General, Requirements, and Dependencies page are similar to those for the Windows Installer DT created in Chapter 11. The following step review the tabs customized for App-V packages, namely Content and Publishing.

7. Review the Content tab to ensure that the OS requirements were successfully imported from the manifest. The Content tab for an App-V DT provides the following settings:

App-V Manifest Location: Specify the UNC source path to the App-V application manifest. This location is read-only. To update the source location for the manifest file or sequenced application, select Update Content from the Deployment Type properties (either by right-clicking or selecting on the ribbon bar) and walk through the wizard to select a different manifest.

Persist Content in the Client Cache: When you enable this setting and deploy the application to a target collection, clients using this DT (based on the requirement rules) download and keep the installation source in the local ConfigMgr cache folder (%windir%ccmcache), which is 5GB by default.

Enable Peer-to-Peer Content Distribution: Enable this check box to leverage BranchCache or Peer Cache (provided that they are configured for your environment).

Load Content into App-V Cache Before Launch: If this option is disabled and the download content option is configured, a ConfigMgr client downloads the content to its local cache, publishes the icon(s), and exits. If this option is enabled, once content is downloaded, the client calls the App-V command to preload content to the App-V cache immediately (instead of waiting until the first launch). A problem may occur if the check box is cleared. If the software is downloaded to the ConfigMgr cache but the user does not launch the application, the launch will fail if the application is not started until after the cache is cleaned. The authors recommend enabling this check box to pre-cache the application in the App-V cache.

Deployment Options: If the client uses a DP located in its current boundary group (defined in the boundary group configuration), you can configure the application to be streamed from the DP or to download the content first. If the client uses a neighbor DP or the default site boundary group, you can choose to not download content, to download and run locally, or to stream content from the DP.

Allow Clients to Use a Fallback Source Location for Content: If a client cannot locate content for this deployment in its defined boundary group, select this check box to allow the client to search other locations. To allow clients to access a source from a different boundary group, the boundary group properties must be configured to allow a client outside these boundary groups to fall back and use this site system as a source location for content.

8. Use the Publishing tab, which is also unique to the App-V DT, to determine which icons to publish to the end user. A common scenario to consider is when a user wants to install software on a device that he or she does not use every day. ConfigMgr considers this a device if the user is not considered the primary user. In this example, the DT will only be installed for primary device users.

9. Select the Requirements tab and click Add to add a new requirement. In the Create Requirement Dialog, select User as the category and verify that Condition is set to Primary Device equals True.

1. In the console, navigate to Software Library -> Application Management -> Applications. Select the application for which you want to add the Windows Store DT and click Create Deployment Type on the ribbon bar. The Create Deployment Type Wizard appears.

2. On the General page, select Microsoft Application Virtualization 5 from the Type dropdown list.

3. Supply the UNC path to the location of the .appv file, created by the App-V sequencer while saving the sequenced application (\odysseydslApplicationsIgor Pavlov 7-Zipv16.02DeployAppv5x647 Zip v16.02.appv in this case). Click Next.

4. Verify the information on the Import Succeeded message in the Import Information page. Click Next.

5. On the General Information page, modify the name to one that suits your organization’s needs. You can also supply administrator comments and select the languages included in this DT. Click Next.

6. On the Requirements page, click Add to open the Create Requirement dialog and select requirements that must be met to start this application. An example could be a global condition check of whether the App-V 5.0 client is installed on the client. Click OK to select the necessary requirements and click Next.

7. On the Dependencies page, select dependencies by configuring a dependency group containing the applications on which this application depends. An example would be the App-V client installation.

If you create a requirement based on a global condition that specifies whether the App-V 5 client is installed, the DT dependency is never reached; the App-V 5 client, even though specified as a dependency, is never installed; and the DT is not started.

After creating the dependency group, click OK to close the Add Dependency window. Click Next to continue.

8. Review the Summary page. Click Next to create the DT.

9. Follow the progress and verify that the DT was successfully created in the Completion page. When successful, click Close to close the wizard.

Applications residing in the same connection group interact and share the file system and Registry on client computers. For example, Microsoft Outlook and a third-party add-in for Outlook could be delivered separately from each other. You can give priority to applications within the connection group, allowing their file system or Registry changes to take precedence over those of an application with lower priority. The next section describes how to create an App-V virtual environment for FreeMind, a mind-mapping tool that requires the Oracle Java Runtime Environment.

FreeMind version 1.0.1: This application creates mind maps and depends on the Oracle Java Runtime Environment to be installed on the machine on which it runs.

Java Runtime Environment: This is the Java JRE version 8 update 11.

Both applications were sequenced on the App-V sequencing machine and imported using the procedure described in the “Creating a Microsoft App-V 5 Deployment Type” section, earlier in this chapter. Create both applications and then create a dependency between them. Follow these steps:

1. In the ConfigMgr console, navigate to Software Library -> Application Management -> App-V Virtual Environments. Select Create Virtual Environment to define a new App-V connection group. The Create Virtual Environment page appears.

2. Specify a name and provide a description for the connection group. In this case, specify Java 8 Update 11 with FreeMind 1.0.1 as the name and Connection Group for FreeMind 1.0.1 as a description.

3. Click Add to open the Add Applications page. Provide a group name, which in this case is JRE 8 Update 11. Click Add to open the Specify Application page.

4. Select the Oracle Java JRE 8 Update 11 - Microsoft Application Virtualization 5 DT and click OK to close the page. If you click Add again and select an additional application, you can specify another application, creating an OR statement for the specified applications. Click OK when finished.

5. Back on the Create Virtual Environment page, click Add to again open the Add Applications page. Specify a group name, which in this case is FreeMind 1.0.1. Click Add to open the Specify Application page.

6. Select the FreeMind 1.0.1 - Microsoft Application Virtualization 5 DT. Click OK to close this page. To select an additional application, if needed, click Add again to create an OR statement for the specified applications. Click OK when complete.

You now see the two virtual applications added as App-V DTs on the Create Virtual Environment page, as displayed in Figure 12.3. Notice the AND statement, which states in this case that FreeMind 1.0.0 and Java 7 update 45 can run in the same virtual environment.

7. Click OK to close the Create Virtual Environment page; the Java 7 update 45 with FreeMind 1.0.0 connection group has been created.

With the App-V virtual environment specified, you can create a deployment for the FreeMind 1.0.1 application. Although you created the App-V virtual environment, you also must specify that the FreeMind 1.0.1 - Microsoft Application Virtualization 5 DT is dependent on the Oracle Java JRE 8 Update 11 - Microsoft Application Virtualization 5 DT.

Check whether the connection group is active on the client by using the Get-AppVClientConnectionGroup PowerShell cmdlet, available on each App-V client after importing the AppvClient.psd1 module and changing the execution policy. Figure 12.4 shows the outcome of running the cmdlet.

After enrolling devices in the hybrid environment, you can manage your Windows-based, Android-based, or iOS devices with ConfigMgr through Intune. You can deploy applications to those devices by using either deeplinking or sideloading; these concepts are explained in the next sections.

For each type of application, the vendors of each platform provide a development environment:

Microsoft Visual Studio is a development platform for developing Windows modern applications, applications for Windows Phone, and Universal Windows Platform apps.

The Apple development platform is called Xcode.

Google provides an Android Developer Tools plug-in for Eclipse, which is a platform for developing open source software.

Xamarin, acquired by Microsoft in February 2016, is a tool for writing native Android, iOS, and Windows apps using a shared C# codebase. Other third-party development environments are also available for developers to write software for devices.

All vendors provide methods for developers to test their applications on devices. To prevent mass deployment of these applications, there must be a way to restrict running them:

Running development applications on Apple requires the developer to register the universally unique identifier (UUID) of the device as a development device for testing purposes; a developer can register 100 devices per year. The developer must also create an Apple Developer account.

Microsoft modern and universal applications can be tested on Windows 8.1 domain-joined machines with a Registry key enabled, or the machines can be provisioned with a certificate. The certificate must be renewed every 30 days when using a Microsoft account and every 90 days when using a Store account. For Windows 10, the machine can be put in sideloading or developer mode, as explained in the article at https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development. For Windows Phone application testing, Microsoft provides an emulator that is available with Visual Studio.

When testing Android applications, enable Developer options to enable installation of applications not coming from Google Play on a per-device basis.

Sideloading applications requires different procedures, depending on the manufacturer of the operating system (OS) on which the mobile device runs. The following scenarios are supported when sideloading applications to mobile devices:

Deploying an application as available to users.

Deploying an application as required to users and devices. This is not supported on Windows Phone 8, and user consent is required for iOS and Android devices.

Uninstalling an application deployed to users and devices. This is not supported on Windows Phone 8; Android devices require user consent.

Chapter 17 provides more information about these scenarios.

With the release of Windows 8.1, Microsoft introduced the universal app concept, where an app could be written such that it could be used both on Windows Phone and Windows devices, although it still had to be specifically compiled for each device type. With Windows 10, apps can be written once based on one common application programming interface (API) set and run on all flavors of Windows 10 (Windows Phone, Windows PC, Xbox, Internet of Things [IoT], and Hololens). This simplifies creation from the developer and deployment perspectives. These apps are now called universal Windows apps based on the Universal Windows Platform (UWP); traditional Win32 applications are called Windows desktop apps.

Requirements for installing apps have changed with each evolution of the Windows OS. This can be confusing, particularly if you have multiple versions of Windows in your environment.

A Windows 8/8.1 Enterprise or Windows Server 2012/2012 R2 computer that is domain-joined can use sideloading of trusted applications with the group policy item Allow all trusted applications to install. Sideloading of applications also requires the application to be signed with a trusted certificate, where the publisher name in the certificate matches the publisher name in the package. The certificate can be distributed to your domain-joined clients using group policy or with the Certificate Profiles option in ConfigMgr.

For Windows devices that are not or cannot be joined to a domain, such as Windows RT devices, you must acquire an enterprise sideloading key, which is a special product activation key. Windows 8 and 8.1 Pro, which can be domain-joined, also require a sideloading key. These requirements were changed with Windows 8.1 Update, as domain-joined Pro editions no longer require a sideloading key. As of Windows 10, sideloading keys are no longer necessary.

Apply the sideloading key and reactivate the Windows installation on the device. As of May 1, 2014, Microsoft customers in certain volume licensing programs are provided enterprise sideloading rights at no additional cost. Other customers can purchase enterprise sideloading rights for an unlimited number of devices for as little as $100. (See http://microsoft-news.com/you-can-buy-windows-8-1-enterprise-sideloading-rights-for-an-unlimited-number-of-devices-for-100/ and the volume licensing reference guide at http://download.microsoft.com/download/9/4/3/9439A928-A0D1-44C2-A099-26A59AE0543B/Windows_8-1_Licensing_Guide.pdf.)

Use the slmgr.vbs script for activation with the ConfigMgr client. When managing the client with Microsoft Intune, upload the sideloading key to the ConfigMgr console; it is enrolled during the next maintenance window.

To distribute applications to Windows devices, the application must be signed by a certificate authority (CA) trusted by the device in use. You can obtain a public certificate from a non-Microsoft authority or use your internal organization public key infrastructure (PKI) to generate the code-signing certificate. The certificate can be distributed using the Certificate Profiles functionality in ConfigMgr or with group policy.

1. Start the Group Policy Management Console (GPMC) and browse to the GPO to which you are adding the new policy setting. Right-click the object and select Edit.

2. Browse to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> App Package Deployment. Double-click Allow all trusted apps to install and modify its setting to Enabled.

3. Close the GPMC.

Verify that the policy was applied correctly by opening the local group policy editor on your target machine and browsing for the setting of the group policy that you set using the GPO.

1. In the ConfigMgr console, navigate to Assets and Compliance -> Compliance Settings -> Company Resource Access -> Certificate Profiles. Select Create Certificate Profile on the ribbon bar to start the Create Certificate Profile Wizard.

2. On the General page, provide a name for the certificate profile and an optional description. Confirm that the Trusted CA certificate radio button is selected. Click Next to continue.

3. On the Trusted CA Certificate page, provide the path to the location where the certificate is stored (in this example, \odysseydslApplicationsMicrosoft Barcode Scanner Sample Appv1.0.0.0BarcodeScannerJS_1.0.0.0_AnyCPU_Debug.cer). Verify that Computer certificate store - Root is selected and that the Certificate thumbprint field is filled in after selecting the certificate, as shown in Figure 12.5. Click Next to continue.

4. On the Supported Platforms page, confirm that Windows 8.1 and Windows 10 are selected and click Next.

5. Review the Summary page. Click Next to create the certificate profile.

6. On the Completion page, verify that the certificate profile was successfully created. Click Close to close the wizard.

You can deploy the certificate profile to a collection containing all the devices to which you want to deploy the application so that they receive the policy. After the machines install the policy with the deployment, the certificate is installed during the next scheduled compliance evaluation.

To check whether the certificate installed successfully, verify that the configuration baseline is compliant on the Configuration tab of the ConfigMgr Control Panel applet, as shown in Figure 12.6, or open Local Computer certificates and browse to Trusted Root Certification Authorities -> Certificates. The code-signing certificate should be in the list. Use the serial number as the unique identifier to verify that the certificate is present.

1. In the console, navigate to Software Library -> Application Management -> Applications. Select the application for which you want to add the Windows Store DT and click Create Deployment Type on the ribbon bar to open the Create Deployment Type Wizard.

2. On the General page, select Windows app package (*.appx, *appxbundle) as the type from the dropdown list.

3. Provide the UNC path to the .appx file (\odysseydslApplicationsMicrosoftBarcode Scanner Sample Appv1.0.0.0BarcodeScannerJS_1.0.0.0_AnyCPU_Debug.appx in this case) and click Next.

4. Confirm that the import succeeded in the Import Information page. If it did not, click Previous and verify the information. Click Next.

5. On the General Information page, modify the name as desired. You can also provide administrator comments, publisher information, software version, an optional reference, and administrative categories. Notice that the check box option Use an automatic VPN connection (if configured) is available. Click Next to continue.

8. On the Summary page, review the information and click Next.

9. On the Completion page, shown in Figure 12.7, verify that the DT was created. Click Close to close the wizard.

After creating the DT, you can deploy the application to a user collection. If a user is a member of the collection and receives a new user policy, the application becomes available or is installed for the user (depending on the deployment settings). Figure 12.8 shows the BarcodeScanner JS sample application loaded on a Windows 10 device.

If installation fails, check the AppEnforce.log log file, located in the Logs folder under the ConfigMgr agent installation folder.

To create a DT within an application for sideloading on Windows Phone devices, follow these steps:

1. In the console, navigate to Software Library -> Application Management -> Applications. Select the application for which you want to add the Windows Phone Store DT and click Create Deployment Type on the ribbon bar to open the Create Deployment Type Wizard.

2. On the General page, select Windows Phone app package (*.xap file) from the Type dropdown list.

3. Provide the UNC path to the .xap file (\odysseydslApplicationsMicrosoftWindows Phone Sample AppsShapes.xap in this case). Click Next to continue.

4. On the Import Information page, verify that the import succeeded. If it did not, click Previous and confirm that a valid .xap file is specified. Click Next.

5. On the General Information page, modify the name as necessary. You can also provide administrator comments, publisher information, software version, an optional reference, and administrative categories. Click Next to continue.

6. Review the information on the Summary page. Click Next to create the DT.

7. On the Completion page, shown in Figure 12.9, verify that the DT was created. Click Close to close the wizard.

1. In the console, navigate to Software Library -> Application Management -> Applications. Select the application for which you want to add the Google Play Store DT and click Create Deployment Type on the ribbon bar to open the Create Deployment Type Wizard.

2. On the General page, select App Package for Android (*.apk file) from the Type dropdown list.

3. Provide the UNC path to the .apk file (\odysseydslApplicationsCitrixReceiverv3.9.1DeployAndroidCitrixReceiver-v391-373260.apk in this case). Click Next to continue.

4. Verify that the import was successful in the Import Information page. If it was not, click Previous and confirm that the correct path is supplied to a location where the .apk file is located. Click Next to continue.

5. On the General Information page, modify the name as desired. You can also provide administrator comments and select the languages included in this DT. Click Next.

6. If needed, specify a requirement on the Requirements page; in this case, a requirement is already specified: Minimum API Level, which should be greater than or equal to 14. For Android applications, you can only add a requirement based on device ownership. Click Next to continue.

7. Review the Summary page. Click Next to create the DT.

8. Verify that the DT was created successfully in the Completion page, as shown in Figure 12.10. Click Close to close the wizard.

After enrolling an iOS device, a provisioning profile is installed on that device, connecting it to the company’s enterprise program membership. Each device has a special profile for the Apple App Store, which cannot be changed. Any application installed on the device is matched against this profile; if profiles do not match, the application is not installed.

Host an .ipa file on the DSL and then follow these steps:

1. In the console, navigate to Software Library -> Application Management -> Applications. Select the application for which you want to add the Apple App Store DT and click Create Deployment Type on the ribbon bar to open the Create Deployment Type Wizard.

2. On the General page of the wizard, select App Package for iOS (*.ipa file) from the Type dropdown list.

3. Provide the UNC path to the .ipa file (in this case \odysseydslApplicationsAppleWireLessAdHocDemov.1.0.0iOSWirelessAdHocDemo.ipa). Click Next to continue.

4. Confirm that the import succeeded in the Import Information page. If it did not, click Previous and confirm that the path is correct. Click Next to continue.

5. On the General Information page, modify the name, if needed. You can also provide administrator comments and select the languages included in this DT. Click Next to continue.

6. Specify requirements on the Requirements page. Click Add to open the Create Requirement dialog box. Select Operating System as a condition and specify that the application can only run on All iOS 7 iPhone and iPod touch devices. Click Next to continue.

7. Review the information on the Summary page. Click Next to create the DT.

8. On the Completion page, verify that the DT was successfully created, as shown in Figure 12.11. When successful, click Close.

Unlike with other platforms, installing sideloaded applications for iOS requires the user to access the web version of the company portal. The user should start Safari and browse to https://portal.manage.microsoft.com to log in with his or her Windows Intune account. From there, the user can choose to install the applications that are available for installation on the iOS device.

1. In the ConfigMgr console, navigate to Software Library -> Application Management -> Applications. Select the application for which you want to add the Windows app package (in the Windows Store) DT and click Create Deployment Type on the ribbon bar to open the Create Deployment Type Wizard.

2. On the General page, select Windows Phone app package (in the Windows Store) from the Type dropdown list.

3. Provide a URL to the app or click Browse to start the Windows Phone app package browser and search for the application you want to add (in this case, Instagram), as shown in Figure 12.12. Click OK and then click Next.

4. Confirm that the import was successful in the Import Information page. If it was not, click Previous and verify that the URL in the Location field is correct. Click Next to continue.

5. On the General Information page, modify the name as necessary. You could also provide administrator comments and select languages included in this DT. Click Next.

6. On the Requirements page, specify any necessary conditions.

7. Review the information on the Summary page and click Next.

8. Follow the progress and verify that the DT was successfully created in the Completion page. When successful, click Close to close the wizard.

1. In the console, navigate to Software Library -> Application Management -> Applications. Select the application for which you want to add the Google Play Store DT and click Create Deployment Type on the ribbon bar to open the Create Deployment Type Wizard.

2. On the General page, select App Package for Android on Google Play from the Type dropdown list.

3. Provide the URL to the app you want to specify. If you know the URL, paste it into the Location field; otherwise, browse for the URL, using the App Package for Android Browser dialog (which opens https://play.google.com), as shown in Figure 12.13. Click Next when the URL is filled in.

4. Confirm that the import was successful in the Import Information page. If it was not, click Previous and verify that the URL in the Location field on the General page is correct. Click Next to continue.

5. On the General Information page, modify the name as necessary. You can also provide administrator comments and select the languages included in this DT. Click Next.

6. Review the information on the Summary page and click Next.

7. Follow the progress and verify that the DT was successfully created in the Completion page. When successful, click Close to close the wizard.

1. In the console, navigate to Software Library -> Application Management -> Applications. Select the application for which you want to add the Apple App Store DT and click Create Deployment Type on the ribbon bar to open the Create Deployment Type Wizard.

2. On the General page, select App Package for iOS from App Store from the Type dropdown list.

3. Supply the URL of the app in the Apple App Store. If you already know the URL, paste it in the Location field; otherwise, click Browse to open the App Package for iOS dialog and find it there.

4. Click the search icon in the menu bar and type the name of the application you want to add in the search field (in this case Instagram). Select the Instagram page, as shown in Figure 12.14, and notice that OK in the lower-right corner is now selectable. Click OK to select this application and close the App Package for iOS dialog.

5. Ensure that the URL in the Location field on the General page now contains the Apple App Store location. Click Next to continue.

6. Confirm that the import was successful in the Import Information page. If it was not, click Previous and verify that the URL in the Location field on the General page is correct. Click Next to continue.

7. On the General Information page, modify the name, if needed. You can also enter administrator comments and select the languages to include in this DT. Click Next.

8. Specify requirements on the Requirements page. Click Add to open the Create Requirement dialog. In this case, select All iOS 8 iPhone or iPod touch devices, All iOS9 iPhone or iPod touch devices, All iOS 8 iPad devices, and All iOS9 iPad devices as the platform on which this application can run. You can also create a requirement for the ownership of the device as personal or company. Click Next.

9. Review the Summary page. Click Next to create the DT.

10. On the Completion page, verify that the DT was created successfully. Click Close to close the wizard.

1. From the application properties, select the Deployment Types tab and click Add to create a new DT.

2. For DT type, select Script Installer (Native).

3. The source location property is disabled because you selected Script Installer (Native) instead of Windows Installer. Click Next to display the General Information tab.

4. On the General Information tab, complete as much information as possible and click Next to advance to the Content page. If you have previously worked with different types of installations, you know there are no standard installation arguments. For Citrix Receiver, use the arguments /silent /noreboot when running the CitrixReceiver.exe installer. You should request a Windows Installer package or a document with the correct install/uninstall arguments from the application vendor. As you do not currently know the proper uninstall command, leave it blank.

5. On the Detection Method page, specify for a valid detection method. Another advantage of a Windows Installer application is that the detection method is automatically configured when ConfigMgr interrogates an .msi (based on the Windows Installer product code); detection rules must be built for script-based installations. For this step, you will create a basic detection rule. Chapter 11 discusses detection methods. Click Add Clause and select File System as the setting type; then click Browse to browse to selfservice.exe on a test system with the Citrix Receiver installed.

6. Complete the User Experience page, which provides the standard settings for user experience.

7. Fill out the Requirements page, which is similar to the one discussed earlier in this chapter, in the “Creating a Windows Installer–Based Deployment Type” section. Chapter 11 includes an in-depth look at requirements, also known as global conditions. This optional field is blank, implying that the installation will occur on all operating systems and platforms targeted with the installation.

8. Click through the Dependencies, Summary, and Progress pages, which are the same as when creating a DT for a Windows Installer–based application.

As there are no requirements (global conditions), this application is available for any targeted system. If you had a different installation for the server and created a second DT with a priority of 2 for the server DT, it would never run, as DTs are evaluated in priority order. When a system evaluates the requirement rules for a DT, if there are none, that DT is deployed, ignoring all other DTs. Place the least restrictive DT at the lowest priority (that is, with the largest priority number) to ensure that all other DTs are evaluated for applicability first.

Creating a DT for a script-based installer is similar to creating a Windows Installer DT. The challenge is determining the proper detection method and the install and uninstall command-line arguments. Work with your packaging team and third-party application vendors to ensure that your information is correct. And be sure to test!

ConfigMgr supports the following Mac OS packaging formats:

Apple disk image (*.dmg file)

Meta package file (*.mpkg file)

Mac OS X installer package (*.pkg)

Mac OS X application (*.app)

Before deploying these app packages, gather application information using the CMAppUtil utility, available with the OS X client installation files. Output is a .cmmac file, which must be supplied with the OS X package when importing the DT in ConfigMgr.

Complete the following steps to create a .cmmac file for an Apple Disk Image file you can use to install Acrobat Reader DC:

1. Confirm that the package is copied to the folder that contains the extracted files from the macclient.dmg file used to install the ConfigMgr client.

2. Open a terminal window and navigate to that folder. Type mkdir AcroReaderDC to create a subfolder to store the .cmmac file.

3. Execute CMAppUtil by typing ./CMAppUtil -C /users/sysadmin/Downloads/AcroRdrDC_1501720050_MUI.dmg -o AcroReaderDC. You now have a AcroRdrDC Installer.pkg.cmmac file in the AcroReaderDC folder.

4. Copy the AcroRdrDC Installer.pkg.cmmac.pkg.cmmac file to the DSL.

After creating the .cmmac file, you can define the application DT for Mac OS X. Follow these steps:

1. In the console, navigate to Software Library -> Application Management -> Applications. Select the application for which you want to add the Mac OS X DT and click Create Deployment Type on the ribbon bar to open the Create Deployment Type Wizard.

2. On the General page, select Mac OS X from the Type dropdown. Provide the UNC path to the .cmmac file (in this case, \odysseydslApplicationsAdobeReader DC2015.017.20050DeployMacOSAcroRdrDC Installer.pkg.cmmac). Click Next to continue.

3. Confirm that the import succeeded in the Import Information page. If it did not, click Previous and verify that the correct path is supplied. Click Next.

4. On the General Information page, modify the name as needed. You can add administrator comments and select languages as well. Click Next.

5. On the Requirements page, click Add to open the Create Requirement dialog box. You can select the operating system as a condition to specify the platform on which you can run this application. Click Next.

6. Review the Summary page. Click Next to create the DT.

7. Verify that the DT was successfully created, as shown in Figure 12.15, and click Close.

After a deployment is created, the user receives a popup indicating that new software is available. The user can install the software or let ConfigMgr install it at the specified deadline. Use the CCMClient.log file on that system to troubleshoot any issues.

1. In the ConfigMgr console, navigate to Software Library -> Application Management -> Applications. Select the application to which to add a Web Application DT. Click Create Deployment Type on the ribbon bar to open the Create Deployment Type Wizard.

2. On the General page, select Web Application from the dropdown. Specify a URL to the web page hosting the application. Click Next.

3. Verify that the import was successful. If it was not, click Previous and confirm that the URL for the Location field is correctly formatted. Click Next.

4. On the General Information page, modify the name to one that suits your organization’s needs. You can provide administrator comments and select the languages included in this DT. Click Next.

5. On the Requirements page, click Add to open the Create Requirement dialog box and specify any requirements. Click Next.

6. On the Dependencies page, define any dependencies. For example, you could specify that Microsoft Silverlight is needed to view the web application. In this case, indicate the necessary Microsoft Silverlight DTs in a dependency group name, if needed, and click Next to continue.

7. Review the Summary page. Click Next to create the DT.

8. On the Completion page, verify that the DT was successfully created, as shown in Figure 12.16, and click Close.

In order for synchronization with the Windows Store for Business to work, Azure services must be set up and configured for the Windows Store for Business, as described in Chapter 6, “Installing and Updating System Center Configuration Manager.”

Once the Windows Store for Business synchronization is established, the purchased apps become available in the ConfigMgr console. Follow these steps to create an app synchronized from the Windows Store for Business:

1. Open the ConfigMgr console and navigate to Software Library -> Application Management.

2. Click License Information for Store Apps and select the app you want to deploy.

3. Click Create Application in the ribbon bar to create a ConfigMgr application.

Chapter 13, “Creating and Managing Packages and Programs,” describes how to create packages and programs.