Prerequisites to deploy user-available apps
Applies to: Configuration Manager (current branch)
When you deploy applications as Available to user collections, then users can browse Software Center and install the apps they need.
For on-premises domain-joined clients, Software Center uses the user's domain credentials to get the list of available applications from the management point.
There are other requirements for clients that are internet-based, joined to Microsoft Entra ID, or both.
Microsoft Entra joined devices
If you deploy applications as available to users, they can browse and install them through Software Center on Microsoft Entra devices. Configure the following prerequisites to enable this scenario:
Enable HTTPS on the management point or enable Enhanced HTTP on the site.
Integrate the site with Microsoft Entra ID for Cloud Management.
- Configure Microsoft Entra user Discovery.
Deploy an application as available to a collection of users from Microsoft Entra ID.
Enable the client setting Use new Software Center in the Computer agent group.
The client OS must be Windows 10 or later, and joined to Microsoft Entra ID. Either as purely cloud domain-joined, or Microsoft Entra hybrid joined.
To support internet-based clients:
Deploy a cloud management gateway (CMG).
Distribute any application content to a content-enabled CMG.
Enable the client setting: Enable user policy requests from Internet clients in the Client Policy group.
To support clients on the intranet:
Add the content-enabled CMG to a boundary group used by the clients.
Clients must resolve the fully qualified domain name (FQDN) of the management point.
Note
For a client detected as on the intranet, but communicating via the cloud management gateway (CMG), it uses Microsoft Entra identity for devices joined to Microsoft Entra ID. These devices can be cloud-joined or hybrid-joined.
Internet-based domain-joined devices
An internet-based, domain-joined device that isn't joined to Microsoft Entra ID and communicates via a cloud management gateway (CMG) can get apps deployed as available. The Active Directory domain user of the device needs a matching Microsoft Entra identity. When the user starts Software Center, Windows prompts them to enter their Microsoft Entra credentials. They can then see any available apps.
Configure the following prerequisites to enable this functionality:
Windows 10 or later device, and:
Joined to your on-premises Active Directory domain.
Can communicate via CMG.
The site has discovered the user by both Active Directory and Microsoft Entra user discovery.
Note
If you apply a software restriction policy to the device, it can block the authentication prompt in Windows. Review any domain or local group policies that you apply to the device. Then remove any that might interfere with this Software Center behavior.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for