Last Updated on February 2, 2023 by rudyooms
In this updated V3 blog, I am going to show you which options you have when you want to deploy and start making use of the Company Portal app. I will also point out the differences/important things we need to know about the “Offline” “Online” and “Real Offline” versions.
I noticed this next question being asked a lot of times
“What’s the difference between offline, online apps? and which or when to use them”
Also, there is still some misunderstanding about it, so I decided to write a blog about it, so here we go! I am going to divide this blog into multiple parts
- How to add the Company Portal App to Intune (Online/Offline)
- Adding the Company Portal App (REAL Offline)
- The Microsoft Store App (New)
- Important knowledge about the Online, Offline, and Real Offline versions
- The Company Portal App installation
- What could break the Company Portal online App version?
- Conclusion
But before I am going to show you more about how to install the Company Portal app etc, please read my other blogs about WHY you need to use the Company Portal app! Could be useful?
1. How to add the Company Portal to Intune
When we want to add the Company App to your Windows 10/11 AADJ devices you will have multiple options at your disposal.
Let’s start with the first the “Offline” And “Online” versions of the Company Portal App.
Before we can start deploying the (Old Offline/Online) Company Portal App, we first need to establish a connection between the Microsoft Store for Business and Intune/Endpoint Manager. Please beware the Microsoft Store will be retired in the first quarter of 2023, but let’s go further.
Open Intune and browse to Tenant administration/Microsoft Store for Business and click to open the Business store.
First, we need to enable Offline Apps. We can do this by clicking on Manage/Settings and switching the button for “Show Offline Apps”. Do you notice that nice Yellow bar with a warning on it?
After we have enabled the offline apps, we still need to create the Intune connection. To do this, click on “Distribute” on the same screen and click on “Activate” Microsoft Intune.
Now we are almost ready, but we still need to add the app when we have created the connection. To do so, search for the Company Portal in the search bar and click on “get the app”.
Now we are done, don’t forget to click on the sync button on the Tenant Administration screen. When the apps are synced you will notice the Offline and Online Apps will be visible in the Apps section of Intune.
2. Adding the Company Portal App (REAL) Offline manually
There is also another possibility to add the Company Portal App if you don’t want to use the versions pushed by Microsoft for Store Connection.
Do you know what’s funny, even when you choose to deploy the REAL offline app, you also have 2 options to download the APPX files you need!
2.1 Using the Microsoft Store Directly
When you have configured the Microsoft Store for Business, maybe you have clicked on the Offline Company App?
As shown above, you can download the files manually!. Let’s go further, when we are choosing this option you need to download ALL of the packages first. After all the files are downloaded go add a new LOB app.
Of course, you will already need to have an existing account on the MSFB to download them. If you don’t have that luxury anymore I also zipped them for you (Company Portal and the Dependencies)
https://call4cloud.nl/wp-content/uploads/2023/02/CPdependencies.zip
2.2 Using the Microsoft Store Indirectly
When you don’t want to open the Microsoft Store for business, you could still download the required APPX files. How? Just open Microsoft Edge and open this nice website:
As shown below, you only need to enter a URL to download the company portal appx Files.
Please note: This isn’t an officially supported method to fetch the Microsoft Store apps… so it’s not guaranteed it will always work
2.3 Creating the LOB App
Now start downloading the required Files (Directly or Indirectly) so we can go further and upload these files to start creating your new Company Portal LOB app. Because when you add a new LOB app, you will have the possibility to select/upload a .appxbundle / appx file.
Now select the Company Portal app you downloaded earlier.
When you have added this app, you will also need to upload the Dependency App files.
After all, files are uploaded, a new LOB app will appear in the App section of Intune
2.4 Creating the Win32 App
Of course, if you don’t like mixing up those APPX/LOB apps with your existing Win32Apps, another possibility would be to convert them to a Win32 App Package
You will need to make sure you add every dependency file you downloaded from the MSfB as shown above in your PowerShell script! As you also probably have noticed, I am using the Deployment Image Servicing and Management (DISM) command, to make sure those AppXPackages are added to the device correctly. If you are wondering why I used DISM, this blog would show you why!
3. The Microsoft Store App (New)
As mentioned in the first part of this blog. With the Winget functionality being included in the Intune Management Extension we now have the possibility to deploy the Company Portal by using the new Microsoft Store App option in Intune
As shown below, when selecting the Company Portal from the new Store App option we only have the possibility to choose “User” as install behavior.
So the Company Portal will NOT be installed in the SYSTEM context and will only be deployed after the user logs in.
Please note: Adding this new store app to the ESP is also not yet supported.
I guess with this new CP store app missing the possibility to install it in the system/device context and not having the possibility to add it to the ESP as a required app it’s not ready to be used in combination with Autopilot (In my opinion 🙂 )
4. Important knowledge about Online, Offline, and Real Offline apps
Now we have seen the options available to deploy the Company Portal App, we still need to learn a little bit more about these versions. But reading and testing it a little bit more there is also a difference between the Company Portal Offline version and the Real Offline version I showed you in part 2.
First, take a look at what Microsoft has to tell about “Offline Apps”. I guess that’s where the misunderstanding is happening!
When looking at the picture above, it looks like the Company Portal (offline) version pushed by the Microsoft Store will be managed by Intune, right? So no automatic updates when we do believe the Microsoft Documentation?
So let’s take off our jackets and take a look at what in my opinion, are the most important things we need to beware of about the Offline, Online Apps, and the Real Offline Company Portal.
The Microsoft Store:
Real Offline Apps: These apps DON’T require the Microsoft Store to install the app.
The Company Portal Online and Offline App: These apps DO require the Microsoft Store to install the app.
The Company Portal Offline App doesn’t require a connection to the Microsoft Store “Services”
The Company Portal Offline App doesn’t require an Azure Ad Account to get installed
Updating the Company Portal App:
But I am not done yet, as I need to point out another important “thingy” we need to beware of. As I showed you earlier Microsoft told us that Offline apps will be managed by Intune so does this also count for the Company Portal Offline version?
Real Offline Company Portal: When first deployed the Company Portal App, will be managed by Intune and installed by the Intune Management Extension. When the Microsoft Store is NOT available the app WILL NOT automatically be updated.
If the Microsoft Store is *AVAILABLE, of course, it will be updated!!.
*Please Note: Enabling “Turn off the Store application” policy will disable app updates from the Microsoft Store.
I first tested it with the Online version of the Company Portal. I enrolled a new VM, waited some time, and opened the Microsoft Store… it just got automatically updated!
The second test I did was with the Offline version of the Company Portal we got from the Microsoft Store for Business connection! As shown below… it also updated
Please note: You don’t have to be afraid that this new up-to-date version will be removed by Intune when the old version wants to install itself.
Account vs Device:
And for me, this is the most important item we need to beware of: User/Account vs Device!
Company Portal “Online”: This one Is always installed during the Account phase of the ESP (If marked as required) and doesn’t support device context assignment so this version of the Company Portal must be targetted at a USER GROUP.
Please Note: Even when the Online version is assigned to devices, it doesn’t get installed in the Device phase!
Company Portal “Offline”: This one is installed during the Device Phase of the ESP (If marked as required) when the device context was configured. As shown below, the Offline app does support device context assignment!
When using the Company Portal “Offline” version, please, pretty please with sugar on top, don’t forget to assign it to a device group and device license like I am showing below… DO NOT FORGET THIS LICENSE PART! 🙂
Primary User and the Company Portal
Installing Offline Apps or Online apps from the Company Portal App when that user is NOT the primary user of the device. Did you ever try that? If so, I guess this error sounds familiar.
“This device is already assigned to someone in your organization. Contact company support about becoming the primary device user. You can continue to use Company Portal but functionality will be limited.”
So the only thing we could do is remove the “Primary User” for the device to get the device shared
As shown below, when removing the primary user of the device, the device will become shared
And when it’s shared, everyone can install Apps from the Company Portal!
Offline app and the Microsoft Store
I received a nice reply on this blog, which is, of course, worth mentioning as an important item even when I am shortly mentioning it in the first important item.
I also received a Twitter reply about it so… here we go. Do you know what happens with the Company App deployment when the Microsoft Store is removed?
When the Microsoft Store for Business is removed, Microsoft will provide us with
Important Items Summary:
Let’s sum up all of the important items!
When you want to make sure the Company Portal App is installed before the user logs in and you are using Autopilot for pre-provisioning deployments, please use the Company Portal “Offline” Version and use the Device License.
When you want to make sure the Company Portal App is installed after the user logs in, you will need to use the Company Portal “Online” version. After your user logs in it will sign in to the Microsoft Store with SSO and the Company app will be installed in the User context
If you are blocking the Microsoft Store like I am showing in this blog below, the Real Offline version is the one you will need.
5. The Company Portal App Installation and logs
Now we know the difference between how the types of Apps are managed and updated, let’s take a look at which logs we need to take a look at when something failed.
Let’s start with the installation folder… an easy one, as it is always a Windows (Microsoft Store) App it will be installed in the WindowsApps folder inside the Program Files folder:
Online Apps:
When you want to start troubleshooting the installation of Online apps, the first thing you will need to do is to start collecting the store logs. You can do this by entering the “wscollect.exe” command (Windows Store Collect)
This will produce a nice .CAB file on your desktop. Open the ReportingEvents.log and take a look at what happens when you install the Online version of the company App Portal.
Real Offline Apps:
But you will notice that with the Offline version, there will be no installation entry inside the ReportingEvents.log. As mentioned earlier the installation of Offline Apps is handled by Intune, so you might think we need to open the IntuneManagementExtension event log.
The IntuneManagementextension event log will log all Apps which are installed by the Intune Management Extension.
6. What could break the Online version of the Company Portal?
I decided to remove this part from this blog because while writing it, it became too large for this blog itself…
Conclusions:
Please note: I have got multiple conclusions… so there are some below the GIF 🙂
So what would be the best choice? The Company Portal Offline, the Company Portal Online version, or the Real Offline Company Portal or the NEW Company Portal Microsoft Store App? I guess it all depends on your wishes.
When you really want to make sure the Company Portal App is installed during Autopilot white-glove esp, you will need to choose the Company Portal Offline version (Beware of the device license I showed you earlier!). If you don’t mind when the CP is being installed you can use the Online version or the new store app CP option
Hey Rudy, thanks for this clarification. There was a lot of information around offline apps but nothing specifically on Company Portal.
Under the section:
3. Stuff we need to know about Online, Offline and Real Offline apps
The first image is not loading.
Hi, Thanx.. I had the same feeling, that why I created this blog 🙂 .
Just checked it, it should show the picture
This is a great blog. I wish I knew all this two months ago. I’ve been going back and forth with MS support to figure out how to get CP installed on Citrix VDI where our admins removed the Company Store with the Citrix optimization tool. Without access to the Store Company portal wouldn’t install. I finally figured out the Real Offline deployment and that seems to have fixed my problem. Although I suspect I’ll have to create new versions of the Real Offline deployment whenever an updated version comes out. I’ve not been able to find a way to install the Microsoft Store once it’s been removed.
Thanks for this insight. It’s really clarifying the process.
Almost at the end of your article I noticed “For me? When it’s not a shared device, I would still go for the online version of the company Portal app. Why you might ask? 2 reasons I guess.”
Our deployment of shared clients is actually stuck during the company portal installation on shared clients. What kind of approach would you recommend then on shared clients?
HI, I assume you are using the Offline version? Did you also tried the “real offline version” i also mentioned in this blog?
Yes, we are using the “real” offline version. For some reason after a few days it started to work, but after that I see also many errors “The application was not detected after installation completed successfully (0x87D1041C)” I guess it’s because on the client there’s a newer version installed at the moment of the check?
Not sure how the detection rule on the different company portal version work but it would try to update it at some time so that could cause that error … I guess i need to check it out myself to see what happens
The same happens also with another “real offline app” we are deploying (Lenovo vantage, for the record). Empirically, the error seams to appear only on those clients with newer versions, but didn’t have the time to dig more.
Isn’t it just the MS Store (for Business) portal that is being shut down? A Microsoft contact stated that the Store apps will be available directly inside of Intune once the MSfB portal is deprecated.
If this is indeed the case, then that would be great, and it would make it much ‘simpler’ to provision required apps. Sadly, no other details have been made available to us at this point in time.
Have you heard anything similar?
I guess we have to have some more patience before Microsoft will release the docs mentioning what is going to change… until then… it’s always NDA 🙂
Great detailed post, thank you so much
If i am understanding what you have read, and this is by far the most comprehensive discussion I’ve seen on this subject, the best option possibly for someone like my company, which as 100 different locations is deploy the Company Portal “Online” since it’s user account based on login.
We have a select group of apps that are required, then we have have apps that are site specific or department specific. So currently the users are in groups that are assigned to those particular apps.
Guess my real question lies with the shared devices. We don’t want to remove the primary user from endpoint manager/AAD. It’s a way we track who has the machine. But for the few shared machines we do have, wouldn’t it still be best for the Company Portal “Online”, since it’s user based. So if User A logs in but doesn’t want any of the “free software”, then User B logs in and does want Firefox, User B can still install Firefox, despite User A being the primary user of the device?
How (if at all) does this affect the issue with Company Portal not working after a wipe/autopilot, as mentioned in you article here – https://call4cloud.nl/2022/06/the-company-portal-and-the-city-of-a-thousand-missing-frameworks/
It depends… but that issue I am refering to, should be solved by now… so it should cause any issue (sfaik for now 🙂 )
Very nice article. However I would do Win32 App in other way. If you want to use DISM.exe, the app cannot be installed in User Context (I assume that the users do not have admin rights, which are required by DISM).
I created a simple PS-Script for installing all the APPX packages (prereqs and Company Portal) using add-appxpackage:
add-appxpackage -Path .\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe.Appx
add-appxpackage -Path .\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe.Appx
add-appxpackage -Path .\Microsoft.Services.Store.Engagement_10.0.19011.0_x64__8wekyb3d8bbwe.Appx
add-appxpackage -Path .\Microsoft.UI.Xaml.2.3_2.32002.13001.0_x64__8wekyb3d8bbwe.Appx
add-appxpackage -Path .\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe.Appx
add-appxpackage -Path .\Microsoft.CompanyPortal_11.1.771.0_neutral___8wekyb3d8bbwe.AppxBundle
After that I wrap it in .intunewin file and the package is ready for the deployment.
can you script this for me please “add-appxpackage : Cannot find path”
So in our environment we have deployed Online version which works but we are preferring to go to Offline version. Do we need to do anything before we push out the offline version or does it just go over top of the online version fine?