Tenant attach: Install an application from the admin center (preview)

Applies to: Configuration Manager (current branch)


  • This information relates to a preview feature which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Microsoft Endpoint Manager is an integrated solution for managing all of your devices. Microsoft brings together Configuration Manager and Intune into a single console called Microsoft Endpoint Manager admin center. From the Microsoft Endpoint Management admin center, you can initiate an application install in real time for a tenant attached device.

Applications in Microsoft Endpoint Manager admin center


Additionally, you'll need the following for installing user targeted applications:

  • A minimum of Configuration Manager version 2006 and the corresponding version of the console installed.


The user account needs the following permissions:

  • The Read permission for the device's Collection in Configuration Manager.
  • The Read permission for Application in Configuration Manager.
  • The Approve permission for Application in Configuration Manager.
  • The Admin User role for the Configuration Manager Microservice application in Azure AD.
    • Add the role in Azure AD from Enterprise applications > Configuration Manager Microservice > Users and groups > Add user. Groups are supported if you have Azure AD premium.


    The Application Administrator role in Azure AD has sufficient permissions to add a user to the application's Admin User role.

Deploy an application to a device

  1. In a browser, navigate to https://endpoint.microsoft.com.

  2. Select Devices then All Devices.

  3. Select a device that is synced from Configuration Manager via tenant attach.

  4. Select Applications.

  5. Select the application and click Install.

    Application installation from Microsoft Endpoint Manager admin center

You can export all of the data currently in the view into a .csv file. At the top of the page, select the Export option to create the file. If the view exceeds 500 rows, only the first 500 are exported.

Application status

You can filter the application list based on the status.The application status can be one of the following:

  • Available: The application has never has been installed on the device.
  • Installed: The application is installed on the device.
  • Installing: The application is in the process of installing.
  • Install requested: The installation has been requested, but the client hasn't acknowledged the request yet.
    • If the device is offline, the install request will be acknowledged once it comes back online and receives the policy.
  • Failed: The application installation failed.
  • Requirements not met: The application requirements have not been met.
  • Not installed: The application isn't currently installed. Typically this status is seen if a different deployment or a user removed the application.
  • Restart pending: The application is installed but needs a restart to complete (starting in version 2006).

Deploy an application to a user

Starting in Configuration Manager version 2006, user available applications appear in the Applications node for a ConfigMgr device. The list of applications available for the device also includes applications deployed to the device's currently logged on user.

Deploying applications to a user has the following limitations:

  • Multi-user session scenarios aren't supported.
  • Azure AD joined devices aren't currently supported.
    • Devices which are both domain joined and Azure AD joined are supported.

Next steps

Troubleshoot applications