Last Updated on June 9, 2023 by rudyooms
In this updated V3 blog, I am going to show you which options you have when you want to deploy and start making use of the Company Portal app. I will also point out the differences/important things we need to know about the “Offline” “Online” and “Real Offline” versions.
I noticed this next question being asked a lot of times
“What’s the difference between offline, online apps? and which or when to use them”
Also, there is still some misunderstanding about it, so I decided to write a blog about it, so here we go! I am going to divide this blog into multiple parts
- How to add the Company Portal App to Intune (Online/Offline)
- Adding the Company Portal App (REAL Offline)
- Important knowledge about the Online, Offline, and Real Offline versions
- The Company Portal App installation
- What could break the Company Portal online App version?
- Conclusion
But before I am going to show you more about how to install the Company Portal app etc, please read my other blogs about WHY you need to use the Company Portal app! Could be useful?
1. How to add the Company Portal to Intune
When we want to add the Company App to your Windows 10/11 AADJ devices you will have multiple options at your disposal.
Let’s start with the first option to deploy the Company Portal App. When you want to add the Company portal, we will need to select the “Microsoft Store App (new) NOT the legacy one!!
This “New” Store app will use the Power of Winget to deploy the Store App to the device
Microsoft Store Apps | Intune | Winget | Private Store (call4cloud.nl)
After searching and selecting the Company Portal we will have 2 options to choice from
Deployment in the system context or the user context.
2. Adding the Company Portal App (REAL) Offline manually
There is also another possibility to add the Company Portal App if you don’t want to use the versions pushed by Microsoft for Store Connection.
Do you know what’s funny, even when you choose to deploy the REAL offline app, you also have 2 options to download the APPX files you need!
2.1 Using the Microsoft Store Directly
With the MSFB being deprecated you can no longer download the Company portal Appx files (and the dependencies)
If you don’t have that luxury anymore I also zipped them for you (Company Portal and the Dependencies)
https://call4cloud.nl/wp-content/uploads/2023/02/CPdependencies.zip
If you don’t trust me, it’s a good thing Microsoft also published the same kind of zip with all the dependencies in it!
Download Microsoft Intune Company Portal for Windows from Official Microsoft Download Center
2.2 Using the Microsoft Store Indirectly
When you don’t want to open the Microsoft Store for business, you could still download the required APPX files. How? Just open Microsoft Edge and open this nice website:
As shown below, you only need to enter a URL to download the company portal appx Files.
Please note: This isn’t an officially supported method to fetch the Microsoft Store apps… so it’s not guaranteed it will always work
2.3 Creating the LOB App
Now start downloading the required Files (Directly or Indirectly) so we can go further and upload these files to start creating your new Company Portal LOB app. Because when you add a new LOB app, you will have the possibility to select/upload a .appxbundle / appx file.
Now select the Company Portal app you downloaded earlier.
When you have added this app, you will also need to upload the Dependency App files.
After all, files are uploaded, a new LOB app will appear in the App section of Intune
2.4 Creating the Win32 App
Of course, if you don’t like mixing up those APPX/LOB apps with your existing Win32Apps, another possibility would be to convert them to a Win32 App Package
You will need to make sure you add every dependency file you downloaded from the MSfB as shown above in your PowerShell script! As you also probably have noticed, I am using the Deployment Image Servicing and Management (DISM) command, to make sure those AppXPackages are added to the device correctly. If you are wondering why I used DISM, this blog would show you why!
3. Important knowledge about Online, Offline, and Real Offline apps
Now we have seen the options available to deploy the Company Portal App, we still need to learn a little bit more about these versions. But reading and testing it a little bit more there is also a difference between the Company Portal Offline version and the Real Offline version I showed you in part 2.
First, take a look at what Microsoft has to tell about “Offline Apps”. I guess that’s where the misunderstanding is happening!
When looking at the picture above, it looks like the Company Portal (offline) version pushed by the Microsoft Store will be managed by Intune, right? So no automatic updates when we do believe the Microsoft Documentation?
So let’s take off our jackets and take a look at what in my opinion, are the most important things we need to beware of about the Offline, Online Apps, and the Real Offline Company Portal.
The Microsoft Store:
Real Offline Apps: These apps DON’T require the Microsoft Store to install the app.
The Company Portal Online and Offline App: These apps DO require the Microsoft Store to install the app.
The Company Portal Offline App doesn’t require a connection to the Microsoft Store “Services”
The Company Portal Offline App doesn’t require an Azure Ad Account to get installed
Updating the Company Portal App:
But I am not done yet, as I need to point out another important “thingy” we need to beware of. As I showed you earlier Microsoft told us that Offline apps will be managed by Intune so does this also count for the Company Portal Offline version?
Real Offline Company Portal: When first deployed the Company Portal App, will be managed by Intune and installed by the Intune Management Extension. When the Microsoft Store is NOT available the app WILL NOT automatically be updated.
If the Microsoft Store is *AVAILABLE, of course, it will be updated!!.
*Please Note: Enabling “Turn off the Store application” policy will disable app updates from the Microsoft Store.
I first tested it with the Online version of the Company Portal. I enrolled a new VM, waited some time, and opened the Microsoft Store… it just got automatically updated!
The second test I did was with the Offline version of the Company Portal we got from the Microsoft Store for Business connection! As shown below… it also updated
Please note: You don’t have to be afraid that this new up-to-date version will be removed by Intune when the old version wants to install itself.
Account vs Device:
And for me, this is the most important item we need to beware of: User/Account vs Device!
Company Portal “Online”: This one Is always installed during the Account phase of the ESP (If marked as required) and doesn’t support device context assignment so this version of the Company Portal must be targetted at a USER GROUP.
Please Note: Even when the Online version is assigned to devices, it doesn’t get installed in the Device phase!
Company Portal “Offline”: This one is installed during the Device Phase of the ESP (If marked as required) when the device context was configured. As shown below, the Offline app does support device context assignment!
When using the Company Portal “Offline” version, please, pretty please with sugar on top, don’t forget to assign it to a device group and device license like I am showing below… DO NOT FORGET THIS LICENSE PART! 🙂
Primary User and the Company Portal
Installing Offline Apps or Online apps from the Company Portal App when that user is NOT the primary user of the device. Did you ever try that? If so, I guess this error sounds familiar.
“This device is already assigned to someone in your organization. Contact company support about becoming the primary device user. You can continue to use Company Portal but functionality will be limited.”
So the only thing we could do is remove the “Primary User” for the device to get the device shared
As shown below, when removing the primary user of the device, the device will become shared
And when it’s shared, everyone can install Apps from the Company Portal!
Offline app and the Microsoft Store
I received a nice reply on this blog, which is, of course, worth mentioning as an important item even when I am shortly mentioning it in the first important item.
I also received a Twitter reply about it so… here we go. Do you know what happens with the Company App deployment when the Microsoft Store is removed?
When the Microsoft Store for Business is removed, Microsoft will provide us with
Important Items Summary:
Let’s sum up all of the important items!
When you want to make sure the Company Portal App is installed before the user logs in and you are using Autopilot for pre-provisioning deployments, please use the Company Portal “Offline” Version and use the Device License.
When you want to make sure the Company Portal App is installed after the user logs in, you will need to use the Company Portal “Online” version. After your user logs in it will sign in to the Microsoft Store with SSO and the Company app will be installed in the User context
If you are blocking the Microsoft Store like I am showing in this blog below, the Real Offline version is the one you will need.
4. The Company Portal App Installation and logs
Now we know the difference between how the types of Apps are managed and updated, let’s take a look at which logs we need to take a look at when something failed.
Let’s start with the installation folder… an easy one, as it is always a Windows (Microsoft Store) App it will be installed in the WindowsApps folder inside the Program Files folder:
Online Apps:
When you want to start troubleshooting the installation of Online apps, the first thing you will need to do is to start collecting the store logs. You can do this by entering the “wscollect.exe” command (Windows Store Collect)
This will produce a nice .CAB file on your desktop. Open the ReportingEvents.log and take a look at what happens when you install the Online version of the company App Portal.
Real Offline Apps:
But you will notice that with the Offline version, there will be no installation entry inside the ReportingEvents.log. As mentioned earlier the installation of Offline Apps is handled by Intune, so you might think we need to open the IntuneManagementExtension event log.
The IntuneManagementextension event log will log all Apps which are installed by the Intune Management Extension.
5. What could break the Online version of the Company Portal?
I decided to remove this part from this blog because while writing it, it became too large for this blog itself…
Conclusions:
Please note: I have got multiple conclusions… so there are some below the GIF 🙂
So what would be the best choice? The Company Portal Offline, the Company Portal Online version, or the Real Offline Company Portal or the NEW Company Portal Microsoft Store App? I guess it all depends on your wishes.
When you really want to make sure the Company Portal App is installed during Autopilot white-glove esp, you will need to choose the Company Portal Offline version (Beware of the device license I showed you earlier!). If you don’t mind when the CP is being installed you can use the Online version or the new store app CP option
Hey Rudy, thanks for this clarification. There was a lot of information around offline apps but nothing specifically on Company Portal.
Under the section:
3. Stuff we need to know about Online, Offline and Real Offline apps
The first image is not loading.
Hi, Thanx.. I had the same feeling, that why I created this blog 🙂 .
Just checked it, it should show the picture
This is a great blog. I wish I knew all this two months ago. I’ve been going back and forth with MS support to figure out how to get CP installed on Citrix VDI where our admins removed the Company Store with the Citrix optimization tool. Without access to the Store Company portal wouldn’t install. I finally figured out the Real Offline deployment and that seems to have fixed my problem. Although I suspect I’ll have to create new versions of the Real Offline deployment whenever an updated version comes out. I’ve not been able to find a way to install the Microsoft Store once it’s been removed.
Thanks for this insight. It’s really clarifying the process.
Almost at the end of your article I noticed “For me? When it’s not a shared device, I would still go for the online version of the company Portal app. Why you might ask? 2 reasons I guess.”
Our deployment of shared clients is actually stuck during the company portal installation on shared clients. What kind of approach would you recommend then on shared clients?
HI, I assume you are using the Offline version? Did you also tried the “real offline version” i also mentioned in this blog?
Yes, we are using the “real” offline version. For some reason after a few days it started to work, but after that I see also many errors “The application was not detected after installation completed successfully (0x87D1041C)” I guess it’s because on the client there’s a newer version installed at the moment of the check?
Not sure how the detection rule on the different company portal version work but it would try to update it at some time so that could cause that error … I guess i need to check it out myself to see what happens
The same happens also with another “real offline app” we are deploying (Lenovo vantage, for the record). Empirically, the error seams to appear only on those clients with newer versions, but didn’t have the time to dig more.
Isn’t it just the MS Store (for Business) portal that is being shut down? A Microsoft contact stated that the Store apps will be available directly inside of Intune once the MSfB portal is deprecated.
If this is indeed the case, then that would be great, and it would make it much ‘simpler’ to provision required apps. Sadly, no other details have been made available to us at this point in time.
Have you heard anything similar?
I guess we have to have some more patience before Microsoft will release the docs mentioning what is going to change… until then… it’s always NDA 🙂
Great detailed post, thank you so much
If i am understanding what you have read, and this is by far the most comprehensive discussion I’ve seen on this subject, the best option possibly for someone like my company, which as 100 different locations is deploy the Company Portal “Online” since it’s user account based on login.
We have a select group of apps that are required, then we have have apps that are site specific or department specific. So currently the users are in groups that are assigned to those particular apps.
Guess my real question lies with the shared devices. We don’t want to remove the primary user from endpoint manager/AAD. It’s a way we track who has the machine. But for the few shared machines we do have, wouldn’t it still be best for the Company Portal “Online”, since it’s user based. So if User A logs in but doesn’t want any of the “free software”, then User B logs in and does want Firefox, User B can still install Firefox, despite User A being the primary user of the device?
How (if at all) does this affect the issue with Company Portal not working after a wipe/autopilot, as mentioned in you article here – https://call4cloud.nl/2022/06/the-company-portal-and-the-city-of-a-thousand-missing-frameworks/
It depends… but that issue I am refering to, should be solved by now… so it should cause any issue (sfaik for now 🙂 )
Very nice article. However I would do Win32 App in other way. If you want to use DISM.exe, the app cannot be installed in User Context (I assume that the users do not have admin rights, which are required by DISM).
I created a simple PS-Script for installing all the APPX packages (prereqs and Company Portal) using add-appxpackage:
add-appxpackage -Path .\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe.Appx
add-appxpackage -Path .\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe.Appx
add-appxpackage -Path .\Microsoft.Services.Store.Engagement_10.0.19011.0_x64__8wekyb3d8bbwe.Appx
add-appxpackage -Path .\Microsoft.UI.Xaml.2.3_2.32002.13001.0_x64__8wekyb3d8bbwe.Appx
add-appxpackage -Path .\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe.Appx
add-appxpackage -Path .\Microsoft.CompanyPortal_11.1.771.0_neutral___8wekyb3d8bbwe.AppxBundle
After that I wrap it in .intunewin file and the package is ready for the deployment.
can you script this for me please “add-appxpackage : Cannot find path”
So in our environment we have deployed Online version which works but we are preferring to go to Offline version. Do we need to do anything before we push out the offline version or does it just go over top of the online version fine?
Thanks for the article. I am trying to build a W10 image with Company Portal pre installed, so I am using the Company portal Appx files + dependencies from your zip file (also tried one one from MS) with DISM but I just can’t get it to install.
DISM succeeds to adding the packages to my offline image (no errors) but then the /Get-ProvisionedAppxPackages doesn’t show any of them as installed.
I then tried installing Company Portal manually in audit mode by simply clicking on the appxbundle file but it keeps giving me an error due to a missing dependency, the Microsoft.Services.Store.Engagement, even tho its appx is present in the folder with the other 4 packages.
Any idea what’s the issue here?
Thanks Rudy for this great information. But I’m still a little bit confused… You write:
“Company Portal “Online”: This one Is always installed during the Account phase of the ESP (If marked as required) and doesn’t support device context assignment so this version of the Company Portal must be targetted at a USER”
Is this still the case for the Online version of CP from Microsoft Store app (new)? I created an App with install behavior System, assigned it to a device group and added it to the required apps in ESP. Get-autopilotdiagnostics showed me that the app was successfully installed during pre-provisioning and CP immediately was available after user logged in, but I’m still not 100% sure if I did it the right way… What’s your opinion?
I’m using the same thing, but I’m stuck on the uninstall command.
What did you use in your Win32 install?
Thanks
FANTASTIC, thank you!!
I did a Win32 push as our Azure AD Registered devices in Intune were not getting the MS Store push. I checked to see if company portal was already installed and then pushed it if not:
$ComapnyPortal = Get-AppxPackage “Microsoft.CompanyPortal” | Select Name
If ($ComapnyPortal){
Write-host “Company Portal Already Installed”
Return 0
}
Else {
DISM /Online /Add-ProvisionedAppxPackage /PackagePath:.\Microsoft.CompanyPortal_11.1.689.0_neutral___8wekyb3d8bbwe.AppxBundle /Skiplicense
DISM /Online /Add-ProvisionedAppxPackage /PackagePath:.\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe.Appx /Skiplicense
DISM /Online /Add-ProvisionedAppxPackage /PackagePath:.\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe.Appx /Skiplicense
DISM /Online /Add-ProvisionedAppxPackage /PackagePath:.\Microsoft.Services.Store.Engagement_10.0.19011.0_x64__8wekyb3d8bbwe.Appx /Skiplicense
DISM /Online /Add-ProvisionedAppxPackage /PackagePath:.\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe.Appx /Skiplicense
DISM /Online /Add-ProvisionedAppxPackage /PackagePath:.\Microsoft.CompanyPortal_11.1.689.0_neutral___8wekyb3d8bbwe.AppxBundle /Skiplicense
Return 0
}