I recently showed you how to set up Tenant Attach in your ConfigMgr instance and how you can run a script from the Admin Center.

This blog post will take you through another Admin Center feature, the ability to install an application to a device. This is a great feature which works really well.

Remember this is Technical Preview only at the moment, TP2005. Hopefully this will hit the Current Branch release coming up very soon.

Prerequisites

You’ll need Tenant Attach up and running. Follow that blog post first to get yourself in a good shape.

You’ll also need:

  • One of the following browsers:
    • Microsoft Edge v77 or later
    • Google Chrome
  • A user account discovered with AAD and Active Directory user discovery (see the Tenant Attach blog post for details on AAD user discovery).

The following permissions are required for this cool feature to operate:

  • Read permissions on the device’s collection in ConfigMgr
  • The Read permission for Application in ConfigMgr.
  • The Approve permission for Application in Configuration Manager.
  • Added as an admin user in the Configuration Manager Microservice application in Azure AD.

To become a admin user in the Configuration Manager Microservice application search for Enterprise Applications in the Azure Portal.

Under All applications, you’ll see the Configuration Manager Microservice. Click on the application.

Click the 1. Assign users and groups box.

Click the Add user link and add in an account or group of users you wish to assign admin user access.

You’ll also need the following:

  • To enable the feature Approve application requests for users per device.

To do this go to Administration\Updates and Servicing\Features and enable the preview feature.

  • An application deployed to a device collection with An administrator must approve a request for this application on the device selected when you create the deployment.
    • This must be an available deployment to a device collection

Deploying the Application via Tenant Attach

In the ConfigMgr console, go to \Assets and Compliance\Overview\Devices and right click a device which has been uploaded via the Tenant Attach process.

Select Start\Admin Center Preview.

Authenticate with the account which has been assigned the access as an admin user.

When the Admin Center loads up highlighting the particular device you selected in the ConfigMgr console, click Applications. You’ll see the application which has been to the device with the An administrator must approve a request for this application on the device enabled in the deployment. The application will report as Not installed.

Click on the application and you’ll get the option to Install.

When clicking the Install link you’ll receive information Installation initiated.

If all goes well, the application will report back as Installed.

Looking good on the endpoint.

Another cool addition to the Tenant Attach feature set. Next up, I’ll take a look at the CMPivot feature in Tenant Attach.