Prerequisites to deploy user-available apps

هل هذه الصفحة مفيدة؟

هل لديك ملاحظات إضافية؟

سيتم إرسال الملاحظات إلى Microsoft: بالضغط على الزر «إرسال»، سيتم استخدام ملاحظاتك لتحسين منتجات Microsoft وخدماتها. نهج الخصوصية.

Applies to: Configuration Manager (current branch)

When you deploy applications as Available to user collections, then users can browse Software Center and install the apps they need.

For on-premises domain-joined clients, Software Center uses the user's domain credentials to get the list of available applications from the management point.

There are other requirements for clients that are internet-based, joined to Azure Active Directory (Azure AD), or both.

Azure AD-joined devices

If you deploy applications as available to users, they can browse and install them through Software Center on Azure AD devices. Configure the following prerequisites to enable this scenario:

• Enable HTTPS on the management point or enable Enhanced HTTP on the site.

• Integrate the site with Azure AD for Cloud Management.

  • Configure Azure AD User Discovery.

• Deploy an application as available to a collection of users from Azure AD.

• Enable the client setting Use new Software Center in the Computer agent group.

• The client OS must be Windows 10 or later, and joined to Azure AD. Either as purely cloud domain-joined, or hybrid Azure AD-joined.

• To support internet-based clients:

  • Deploy a cloud management gateway (CMG).

  • Distribute any application content to a content-enabled CMG.

  • Enable the client setting: Enable user policy requests from Internet clients in the Client Policy group.

• To support clients on the intranet:

  • Add the content-enabled CMG to a boundary group used by the clients.

  • Clients must resolve the fully qualified domain name (FQDN) of the management point.

  Note

  For a client detected as on the intranet, but communicating via the cloud management gateway (CMG), it uses Azure Active Directory (Azure AD) identity for devices joined to Azure AD. These devices can be cloud-joined or hybrid-joined.

Internet-based domain-joined devices

An internet-based, domain-joined device that isn't joined to Azure AD and communicates via a cloud management gateway (CMG) can get apps deployed as available. The Active Directory domain user of the device needs a matching Azure AD identity. When the user starts Software Center, Windows prompts them to enter their Azure AD credentials. They can then see any available apps.

Configure the following prerequisites to enable this functionality:

• Windows 10 or later device, and:

  • Joined to your on-premises Active Directory domain.

  • Can communicate via CMG.

• The site has discovered the user by both Active Directory and Azure AD user discovery.

Note

If you apply a software restriction policy to the device, it can block the authentication prompt in Windows. Review any domain or local group policies that you apply to the device. Then remove any that might interfere with this Software Center behavior.

Next steps

Deploy applications