Forum Discussion
How to manage app using Intune
I want some suggestions on how to manage applications in our workplace.
We purchased an Android app for our employees to work in the warehouse. The vendor provides two methods of getting the app to our devices. One is to download it directly from the Play Store, and the other is from the vendor's website. When something is broken, the vendor will roll back by uploading the new version of the app to the Play Store if the problem is informed on time. Sometimes, we have to go to the download site to download the previous version to solve the immediate issue due to the time zone difference.
There, we want to manage the app using Intune. We want to deploy the apk directly to the device using Line Of Business. However, it only works if we enrolled devices using Device Administrator.
Unfortunately, it is impossible now since Intune has stopped supporting this enrollment type.
If we use the Play Stores managed private app to upload the apk, it would get an error with the package name. We do not think that the vendor will build different package names for every customer.
So here is my question: How could we achieve something we achieved in the past and now we cannot?
Intune said it is the change that Google made due to security reasons.
Any suggestion would be much appreciated!!!
Hello King,
Welcome to the Customer Community. I've had a look into this for you.
Device Administrator is considered a bit of a legacy way of managing Android devices. I would recommend that devices be enrolled as Android Enterprise in the EMM at least with a Android Work Profile at a minimum, in order for devices to have some type of communication with Intune and download any applications made available by your Intune console.
Intune allows the admin to manually upload application packages such as apk. Of which, this application package can be acquired by the admin from the vendor or the given site. In the event that the app needs to be rolled back or patched on the Play Store, but is expected to be delayed due to timezone differences for example, you can resort to manually uploading and managing the apk in the Intune consoles app panel.
As an admin, i'd prefer that the vendor patch or update their application on Play Store. With the Play Store you can get a seamless approach in application management, as you will no longer need to worry about the nuances of deploying and updating the application changes manually, everytime there is a change such as patches and rollbacks to the application. But, uploading the package manually to Intune would be your other option and you'd be able to deploy it to the enrolled devices in this regard.
How does this sound to you? Would this work for you? Feel free to add extra context if this doesn't quite work.
GMenzies jarmo_akkanen as you use Intune, wondered if there is anything you would add here (or anyone else using Intune) - thank you?
Thank you,
Lizzie
You were on the right track with this comment mate -
King wrote:We do not think that the vendor will build different package names for every customer.
Yes they will, and do quite often. Is there a commercial aspect to it? Perhaps, but often not if you're already a paying customer. With the unique package name, upload it either to your Google Play iFrame as a private application, or within your own Google Play Console (with a developer account) and set the managed google play options accordingly to keep it private. Which way you go depends on your preference, though if you have a Google Play Console developer account, I'd lean to that as it's not locked to an enterprise ID you might change if moving to another EMM in future.
Thank you for the response.
Our case is slightly different.
The vendor does not provide the apk with a different package name since they have over 1000 customers. Furthermore, every customer uses the app differently. For context, it is the manufacture and warehouse app. The customers might have different ways to do tasks. Therefore, there are customisations and adjustments to suit each customer.
Every now and then, we could have an issue with the new version. We use Intune to manage the rollout. However, if we enrol the device with Android Enterprise, we cannot upload the rollback on time using private since it has an issue with the package name.Our devices are currently enrolled as Device Admin. However, we are concerned about Intune to stop supporting it next year.
Regards,1 or a million customers, developers and customers will have to adapt to this alternative method of app management if relying on a platform that cannot distribute APKs.
It's an outdated and higher-risk method of app distribution in any case, so once transitioned you'll benefit from lower network usage, faster installs, and other benefits of Play.
Your struggles with version update issues can also be quelled with more intentional testing periods and app update management policies that'll allow you to install on test devices and validate before going live to your estate. This same approach can delay updates to periods when your developer is available too for more convenient version iterations.
But ultimately if it's a critical business application they need to work with you to support a custom package name and allow you to manage this end-to-end yourself. It's not difficult, nor high-effort since a bit of scripting can automate as many packages and names as they could want.
Discuss it with them.
Is it possible to share private Google Play apps between different organizations?
Process could be something like this:
- From MDM #1 Play iframe (for instance Intune) upload a private app
- Goto Advanced Editing / Google Play Console
- Under advanced settings add another organization id
- On MDM #2 it should show up as a "public" app in Play.
This is similar to what I would do with a public app that is only shared with a select organizations.
The advantage over public Play would be the less strict rules of private Play that allow older target SDKs etc.
Will this even work and if so is there something to be aware off?
Bo
Hello Community!
Trying to blow life to this thread.
How about using Closed Tracks?!
The developer can create multiple tracks, on for each version, and they can reuse them to multiple customers by inviting them to the track, without the need of creating separate packages for each customer.
From the customer side you can select what version/track you want to deploy to your devices via EMM and also have full control of when to move your device fleet to the next app version. In worst case you can also downgrade (reinstall) to a older version.
I know the intent of closed tracks is not for this use case, but why not?
Feel free to comment!
//NiklasIt's a solid approach where the EMM supports it, agreed. By inviting customers (which is a flow for this, popping in email addresses or creating Google Groups), I figure you mean sharing the app through the customers' organisation/enterprise ID within the track settings yeah? That's the way to do it 😎
Ben pointed out in another thread, tracks are a consumer Play feature.. I'd like to believe nothing drastic would change with them but that's something I guess only Google can comment ( Lizzie !)
