Leveraging the Microsoft Store for Business in Deletion of Built-in Windows Applications | Intune-Hybrid

Blog #1

Dear Intune Admin,

During the planning stages of transitioning your current infrastructure to be hybrid-joined to the cloud through Intune, you may have been requested a task that involved getting rid of Windows built-in applications such as Xbox, Groove Music and Microsoft Solitaire Collection. If this pertains to you, then I have the fix! We will be leveraging the use of the Microsoft Store for Business and Intune.

Best Regards,
Nick

Table of Contents

• Pre-Requisites

• Configuring the Connector between Microsoft Store for Business and Intune for Sync’s

• Locating your applications

• Syncing apps to Intune

• Intune Deployment

There are a few things that must be checked off first for you to be able to fully utilize this connection between the MSfB (Microsoft Store for Business) and Intune.

Ø  Sign up for Azure AD account

Ø  Sign up for Microsoft Store for Business account

Ø  Intune Admin and Global Admin Access

Ø  Configure connector between Microsoft Store for Business and Intune for Syncs

Step 1:

Endpoint Manager -> Tenant Administration -> Connectors and Tokens -> Microsoft Store for Business

You will see that initially it will show the status as: Not Set Up

Step 2:

I will be breaking up the process by labeling each step with the corresponding number.

Step 1: “Enabling Microsoft Store for Business sync lets you access volume-purchased apps with Intune” you would set as “Enable”.

Step 2: “First, you’ll need to sign up and associate your Microsoft Store for Business account with Intune” This is the part where you will thank yourself for having all the accounts created before reading this section. (start from the top!) Go ahead and click on the highlighted link “Open the business store” and you should see something like this.

Go ahead and sign in with your Azure AD Global Admin account that you had created before.

Step 2.1: You will be now signed in and should see the Store for Business’s main page. Follow along this image and navigate to the “Distribute” page.

On the bottom of the page, you will see a tool labeled as, “Microsoft Intune”, click on “Activate”.

 Step 3: “Choose the language in which apps from the Microsoft Store for Business will be displayed in the Intune Console”

I chose English, but this is completely up to what your plan requires. It will change the language in which the applications will show up in the Microsoft Store for Business.

Step 4: “Save” You have now successfully connected your Microsoft Store for Business with Intune and you are ready to move onto sync’s once we are able to retrieve the applications from the Store. I will be going into further detail below.

Now that those pesky pre-req’s are out of the way, we can really get into it!

Step 1: Login to Microsoft Store for Business with your Azure AD Global Admin credentials.

Note: The following applications will automatically populate to your Windows Store for Business (Private Store) which include – You do not need to worry about these applications.

-          Sway

-          OneNote

-          PowerPoint

-          Excel Mobile

-          Word Mobile

Step 2: Located on the top-right of the MSfB, you will see a Search bar. Most applications that are publicly available will show up, but sometimes you may not be able to find the specified application that you wanted originally such as Groove Music.  This is where you will be doing a little bit of reverse engineering on Microsoft’s part. Now before you clam up and decide to stop here, let me explain how this works –

Usually, if you were requested to add an application through the MSfB and Sync it through Intune, you would be able to search it and add it very quickly, but because we may not be able to find certain applications such as Groove Music from the initial search, we need to switch around some links to trick Microsoft into giving us the application we seek that is hidden.

 Application Names included in Windows 10
To the end-user, they might see the application Groove Music on their machines, but through Microsoft’s documentation, you will see that it is labeled as “Microsoft.ZuneMusic”. This is important to know because you may be under the impression that on the MSfB, this is called Zune Music, but its just Microsoft’s way of naming their application packages.

Step 1: Go to the provided link above and scroll down until you see “Microsoft.ZuneMusic” under the “App Name” column and click the application that is highlighted. This will open a local Microsoft Store that shows the application.

Step 2: You will see a “Share” link, click that and it should prompt you with another window, you will see “Copy Link” and that is what you will need to click on.

Step 3: Once you have that copied link, you will open a browser such as Chrome and input that link initially. You will see the address update accordingly.

Step 3.1: Open a new tab and navigate to the Microsoft Store for Business and after signing in, search the store for any application, we will be using this as the dummy link. I used “MSN Weather” for example.

Step 3.2: Notice how the website addresses are different, this is where we will be doing some switching around.

 Step 4: I want you to hover over with your cursor and copy only the unique identifier that is shown from the first address.

Step 5: Take this unique string that we have copied now and place it after the “/details/” within the second website’s address, replacing what was MSN-Weather and press enter, you should now the page refreshed with the Groove Music application that we originally were seeking.

Step 6: Press “Get the app” on the application and you will be prompted with a window, just close out of it.

Boom! You have now successfully learned how to find applications and trick Microsoft when they are not showing every application on the public store. This can be used for other built-in applications that are shown on the website above such as Xbox and Mail&Calendar.

So far, we have the applications gathered for what our plan requires to be uninstalled, but the question you may have now is, how do I sync these applications to Intune so that I can move on to the next step? Well, here we go.

Step 1:
Endpoint Manager -> Tenant Administration -> Connectors and Tokens -> Microsoft Store for Business

Let’s round back to the Microsoft Store for Business connector we had set up initially and up until now you were probably curious about that greyed-out sync button on the bottom. This is important because after we had finished configuring the connector between the store and Intune, we need a process to tell Intune and the Store on how to converse between each other and this is where the Sync button comes in handy.

 Once you have gathered your applications from the process detailed above, you can press that “Sync” button and you will get a notification from Intune letting you know that the process is occurring.

Once the sync is completed, you can navigate to Endpoint Manager -> Apps -> Windows -> Windows Apps.  This is where you can see if your application was added.

Congrats, you have now successfully synced your applications to Intune, and it shows!

Very simple. We can create a group through Intune and then assign the application as a “Required Uninstall”. Do not run away yet guys, we are so close to setting all this up!

Step 1: Navigate back to Endpoint Manager -> Apps -> Windows -> Windows Apps.

Step 2: Locate our example application, “Groove Music (Online)”, Under Manage -> Properties.

Step 3: Scrolling down towards the bottom, you will see “Assignments” -> “Edit”
This is broken up into three modes, “Required”, “Available for Enrolled Devices” and “Uninstall”.
For our purposes, we need to focus on the “Uninstall”.

Step 4: Under “Uninstall”, select “Add Group” and input your created group as shown and click “Select”.

Step 5: Once you have changed the group, you may click on “Review + Save”

Congratulations! You have now successfully set up a connection between the Microsoft Store for Business and Intune. You also have learned how to get the applications from the Microsoft Store for Business and lastly configuring the application properties so we can tell Intune how to deploy the application.