We’re back with Part Two of our 2023 series on Intune vs. Workspace ONE Windows Edition. A few weeks ago, we revisited part One. This week, we will refresh our evaluation from 2021 looking at the various app deployments that are available, what they’re like, and if anyone has made any sizeable improvements from a few years ago. Let’s get stuff started!
Types of Windows Applications 2023
|Application Type||What Platform Supports It||Comments|
|MSI||WS1 UEM, Intune||MSI is the standard for applications. They’re good because they are easily uninstalled, logging is standardized, and you can standardize on the commands, such as silent installation, logging, and help pages.|
|MSIX, APPX, appxbundle, and msixbundle||WS1 UEM, Intune||MSIX is a very compelling idea that most people are unaware of unless you’re a VDI person. Some of the benefits are predictable, safe, and reliable deployment/removal, Windows 7 support, optimizes disk and network usage, and provides integrity e.g. tamper protection and policy controls.|
|Win32 Apps||Intune||Win32 apps are are containerized in Windows 10. These classic apps are still very much a part of Windows. You can read more here.|
|UWP Apps||WS1 UEM, Intune||UWP (Universal) apps are also known as Store apps which have a few benefits like control of updates, installs, deployments, and uninstallations. They can control runtime, manage resources, and leverage the Windows Store for business for simplified deployments.|
|EXE Apps||WS1 UEM||Workspace ONE UEM let’s you deploy EXE files or even zip files containing binaries to deploy applications. This is in inevitability as some applications will require that you use an EXE and do some detective work.|
|Set It and Forget It Apps||WS1 UEM and Intune||Both platforms now have apps that take zero effort to deploy. Intune has introduced easy as pie deployments for Edge and Microsoft 365. You can even tell them what channel you want to use. Microsoft 365 app deployments are legit next level where you can literally build your configuration.xml file in the GUI. It’s crazy!|
|Microsoft Store||WS1 UEM and Intune||Microsoft Store Apps are a huge deal and sometimes get a bad rap. They really make life incredibly easy.|
It’s vital to get a good idea around the types of applications that you could run into, which is something we will have to consider or think about regardless of the platform. There is no right or wrong way, but some are easier to work with than others. We can now take a look at how each of them has evolved over the last two years.
Apps that Let You Set it and Forget It!
You have a few ways each platform is making life easier. Let’s start with VMware.
Current State of the VMware Enterprise App Repository
The Enterprise App Repository for Workspace ONE has been a bit of a failure to be honest. The idea was amazing, but the follow-through has been lacking a bit.
My first issue is I can’t sort at all, which drives me crazy. My main issue is since it first appeared a few years ago it has only grown from 100 apps to 175 apps. The actual count of unique apps today (60) are:
|Visual Studio 2019 Enterprise|
|Acrobat Reader DC|
|Amazon Corretto 18|
|Chrome for Business 64-bit|
|Cute PDF Writer|
|Dell Command Monitor|
|Dell Command Update|
|Firefox (English US)|
|Flash Player NPAPI ESR|
|Foxit PDF Reader|
|Google Backup and Sync|
|Java Runtime Environment Version 10|
|Java Runtime Environment Version 9|
|LogMe In Client|
|Microsoft 365 Apps|
|Microsoft Edge for Business|
|PDF-XChange Editor 9|
|Royal TS 5|
|Slack Machine-Wide Installer|
|Tableau Prep Builder 2022|
|Tableau Public 2022|
|Thunderbird (English US)|
|Visual Studio Code|
|VLC Media Player|
|VMware Workspace ONE Tunnel 3|
|Zoom Client for Meetings|
|Zoom Plugin for Microsoft Outlook|
I agree it’s a huge step in the right direction, but they could do a little better here. A small reminder on the architecture for those interested:
Microsoft Edge and Office Deployment Simplicity in Intune
As far as Microsoft’s automated deployment, only a neat little demo can show you how nice it is. They do an amazing job not just deploying apps but powering the configuration of those apps as well.
How Freestyle Orchestrator is Changing the Application Game for Workspace ONE
As I wrote recently, Freestyle Orchestrator is paving the way for some very creative workflows. For those that aren’t familiar they look like this:
The basic idea is that you use check conditions like “sensors” which capture a piece of information on the device and regularly update or a check for a file/registry key to make a decision. That flows into applying profiles (aka CSPs), scripts, and applications in a harmonious way.
It’s incredibly powerful and is probably the one real advantage that WS1 has over Intune in terms of application deployment.
I demonstrated this in my recent article with a nice overview:
I since evolved it further:
It’s pliability is the major strength that it has. Applications are so much more than just some EXE or MSI. They are a compilation of binaries, pre-scripts, post-scripts, sometimes configurations that culminate in a strong user experience. Freestyle has huge potential, but it still is yet to fully realize it.
Another item that makes it special is desired state management for any of your check conditions:
Test Base For Microsoft 365
A great advancement when it comes to apps is Test Base for Microsoft 365. Test Base is an Azure service that provides data-driven application testing. This helps you onboard apps so much easier by checking out deep insights like test results, performance metrics, and crash/hang signals. Powered by Azure, this Microsoft-managed environments makes your application deployment so much easier.
Basically, you upload the package, whether its a MSI or an Intune Win App. That is where you get started:
Next, you configure the tests. You can pick a few different options. You have:
- Out of Box (OOB) Test will do an install, launch, close, and uninstall of the package. The launch-close will be repeated 30 times to make sure its solid. This gives you solid telemetry.
- Functional tests would execute an uploaded test script on the package. The scripts run in the sequence you specify and any failures will stop the subsequent scripts from running.
- Flow Driven (in public preview) that let you arrange test scripts with enhanced flow control. One cool example they mention is executing tests on baseline OS and target OS to show a side-by-side test result comparison.
My favorite thing is the next section in “Edit Package” you get to check out the various scripts run for the tests you configured. For OOB, you will see the close, install, launch, and uninstall commands. You can tweak the installation commands. For this you can see how it installs my MSI:
log("Installing Application") # Change the current location to bin push-location $bin_dir # Step 1: Install the application $arguments = "/i ZoomInstallerVDI.msi /quiet /L*v "+"$log_dir"+"\atp-client-installation.log" $installer = Start-Process msiexec.exe $arguments -wait -passthru pop-location
It will also prompt you to update the code to show you will launch the application (in my example Zoom and will need to replace this code):
Next, you specify your test matrix. I chose the last two major feature releases:
Once done, you select publish. This will trigger the package verification process. All in all, a really great tool for engineers to build solid apps without impacting users! I could see some people thinking it’s a bit of overkill, but I really like the fact that you now have a really easy way of doing automated/scripted testing. Some of the other products like Selenium are complicated. This gives UEM/Windows Engineers a great opportunity to validate the strength of a particular app deployment. Now, you just need to wait and view the results:
Microsoft Store Apps
With the new changes to the Microsoft Store, it’s going to be more revolutionary. They’re expanding the store with support for Win32 apps along with Microsoft’s Windows Package Manager providing richer app experience in the Intune console with app deployment and app update controls. Remember, one of the great things about Microsoft Store apps is they are kept up-to-date automatically. Win32 apps are currently available in public preview so you can’t deploy EVERYTHING but you can deploy some of them.
You can now see that you can find Win32 apps inside of Intune when going to deploy a Microsoft Store application:
Once they have officially moved to the new Windows Package Manager things will really become a major advantage for Intune. It’s still a bit of unknown territory, but it appears that “Microsoft Store app (new)” is specifically WinGet packages, which is effortless to use in Intune. Companies like VMware are going to need to force their clients to jump through 87 hoops to integrate.
As VMware’s recent KB indicates, you will need to:
- Deploy the Windows Package Manager to devices from GitHub.
- Invoke scripts to deploy packages like you would with yum on a Linux device.
The hidden gem with this is realizing that you can now deploy APPX and MSIX apps/packages now with WS1 as of 22.12 (thanks to Grischa for keeping me honest on that one).
This is very reminiscent of Microsoft killing SCCM + 3rd party MDM co-existence a few years ago paving the way for a major advantage in application management for Intune.
Final Thoughts on App Deployments with Workspace ONE
Workspace ONE app deployments haven’t change a TON over the last few years. The biggest change is obviously Freestyle Orchestrator, which has hit GA since then. One interesting feature they’ve added is overriding reboot handling:
I think it’s a fun idea in the event you want to force restarts for certain people. Overall, I would say the biggest thing impacting VMware here is Windows Package Manager, which is something they can’t really control that gives Intune a major edge on application deployments. Their growth in the category is mainly from Freestyle Orchestrator, but that cannot overcome how Microsoft’s addition through subtraction strategy.
Workspace ONE Application Management Score: 7.5
Final Thoughts on App Deployments with Intune
Microsoft really crushed it here. The simplicity of leveraging Windows Package Manager with zero effort is gigantic. Couple that with Test Base for Microsoft 365 (which helps with a major problem today of perfecting application packaging), and they improved on application deployments, which were already strong.
My biggest criticism back in 2021 was that you needed to package apps instead of straight uploading apps and specifying commands, like VMware can do. The evolution of the Microsoft Store makes them quite formidable along with proving that their competitive advantage (of being the vendor for Windows and CSPs) helps them thrive. It’s also hard not to love the configuration of Office apps directly inside of Intune seamlessly. My only criticism here at all is they need something that is Freestyle-esque to drive more compelling workflows and synergies for these deployments. It’s not the end of the world, but it would make them a perfect 10.
Intune Application Management Score: 9.25
In truth, some of this is unfair to Workspace ONE because their score is largely based on the competitive advantage that Microsoft has. When you are the vendor for the platform, it’s nearly impossible to compete. Windows Package Manager is really changing the game and making arguably the secret weapon of Windows App Deployments a rigged game. VMware needs to invest some people to make it easier. Deploying a package and invoking scripts to deploy apps is pretty 1997 of them. They will need to invest some money to duplicate what Intune is doing otherwise its arguably making Windows management a one-man race.
Inevitably, moving away from the Store and toward Windows Package Manager is a great move especially coupled with support for things beyond UWP makes it so much more viable. The best way that you deliver and elevate your Windows strategy is by eliminating complexity. Windows Package Manager does exactly that! It creates simplicity and gives you time back to focus on what matters. I want to believe that VMware will identify this and shift right as they should.