Add Microsoft 365 Apps for enterprise to Microsoft Intune

Completed

Before you can configure, assign, protect, or monitor apps, you must add them to Microsoft Intune.

Intune apps refer to the applications that are managed by Microsoft Intune. These apps can be deployed, configured, protected, and updated to access your organization’s resources. Intune supports various app types, such as store apps, web apps, and line-of-business (LOB) apps. Intune also supports several platforms, such as iOS/iPadOS and Android.

Managing Microsoft Intune apps offers several benefits for your organization, including:

  • Centralized management. Intune allows IT administrators to manage app deployments from a single console, simplifying the process of distributing and updating software.
  • Security and compliance. Ensuring that all devices have the latest security updates and compliance configurations helps protect organizational data.
  • Scalability. Intune supports large-scale deployments, making it suitable for organizations of all sizes.
  • User experience. Users receive a consistent and up-to-date set of applications, reducing compatibility issues and improving productivity.
  • Data protection for managed apps. Intune provides robust data protection policies to safeguard sensitive information within managed apps.
  • Broad app support. Intune supports a wide range of applications, ensuring compatibility with various business needs.
  • Access control to managed apps. Intune enables administrators to control access to apps, ensuring that only authorized users can access sensitive data.
  • App configuration for managed apps. Intune allows for detailed app configuration, ensuring that apps are set up according to organizational policies and user needs.
  • App updates for managed apps. Intune facilitates automatic updates for managed apps, ensuring that all users have the latest features and security patches.

Examples of when you should add, configure, protect, and deploy managed apps using Intune include:

  • Your organization needs to configure the app with specific settings for your organization.
  • Your organization must protect sensitive data used within a managed app.
  • Your organization must protect access to a managed app.
  • Your organization must monitor your managed apps to ensure data is protected and apps are updated as needed.

The users of apps and devices at your organization might have several app requirements. Before adding apps to Intune and making them available to your workforce, you might find it helpful to assess and understand a few app fundamentals. There are various types of apps that are available for Intune, including:

  • You must determine the app requirements that your users need, such as platforms and app capabilities.
  • You must determine whether to use Intune to manage the devices (including apps) or have Intune manage the apps without managing the devices.
  • You must determine the capabilities and apps that your workforce needs and who needs them. The information in this training unit helps you get started.

App types in Microsoft Intune

Intune supports a wide range of app types. The available options differ for each app type. The following table identifies the app types that Intune lets you add and assign.

App types Installation Updates
Apps from the store (store apps) Intune installs the app on the device. App updates are automatic.
Apps written in-house or as a custom app (line-of-business) Intune installs the app on the device (you supply the installation file). You must update the app.
Apps that are built in (built-in apps) Intune installs the app on the device. App updates are automatic.
Apps on the web (web link) Intune creates a shortcut to the web app on the device home screen. App updates are automatic.
Apps from other Microsoft services Intune creates a shortcut to the app in the Company Portal. For more information, see App source setting options. App updates are automatic.

Specific app type details

The following table lists the specific app types and how you can add them in the Intune Select app type pane.

App-specific type General type App-specific procedures
Android store apps Store app Select Android store app as the App type, click Select, then enter the Google Play store URL for the app.
iOS/iPadOS store apps Store app Select iOS store app as the app type, search for the app, and select the app in Intune.
Microsoft store apps Store app Select Microsoft store app as the app type, and enter the Microsoft store URL for the app.
Managed Google Play apps Store app Select Managed Google Play as the app type, search for the app, and select the app in Intune.
Android Enterprise apps Store app Select Managed Google Play as the app type, search for the app, and select the app in Intune.
Microsoft 365 apps for Windows 10 and later Store app (Microsoft 365) Select Windows 10 and later under Microsoft 365 Apps as the app type, and then select the Microsoft 365 app that you want to install.
Microsoft 365 apps for macOS Store app (Microsoft 365) Select macOS under Microsoft 365 Apps as the app type, and then select the Microsoft 365 app suite.
Microsoft Edge, version 77 and later for Windows 10 and later Store app Select Windows 10 and later under Microsoft Edge, version 77 and later as the app type.
Microsoft Edge, version 77 and later for macOS Store app Select macOS under Microsoft Edge, version 77 and later as the app type.
Android line-of-business (LOB) apps LOB app Select Line-of-business app app as the app type, select the App package file, and then enter an Android installation file with the extension .apk.
iOS/iPadOS LOB apps LOB app Select Line-of-business app as the app type, select the App package file, and then enter an iOS/iPadOS installation file with the extension .ipa.
Windows LOB apps LOB app Select Line-of-business app app as the app type, select the App package file, and then enter a Windows installation file with the extension .msi, .appx, .appxbundle, .msix, and .msixbundle.
Built-in iOS/iPadOS app Built-in app Select Built-In app as the app type, and then select the built-in app in the list of provided apps.
Built-in Android app Built-in app Select Built-In app as the app type, and then select the built-in app in the list of provided apps.
Web apps Web app Select Web link as the app type, and then enter a valid URL pointing to the web app.
iOS/iPadOS web clip Web app Select iOS/iPadOS web clip as the app type, and then enter a valid URL pointing to the web app. This app type applies only for the iOS/iPadOS platform.
macOS web clip Web app Select macOS web clip as the app type, and then enter a valid URL pointing to the web app. This app type applies only for the macOS platform.
Windows web link Web app Select Windows web link as the app type, and then enter a valid URL pointing to the web app. This app type applies only for the Windows platform.
Cross platform web apps Web app Select Web link as the app type, and then enter a valid URL pointing to the web app.
Android Enterprise system apps Store app Select Android Enterprise system app as the app type, and then enter the app name, publisher, and package file.
Windows app (Win32) LOB app Select Windows app (Win32) as the app type, select the App package file, and then select an installation file with the extension .intunewin.
Enterprise App Catalog app (Win32) LOB app Select Enterprise App Catalog app (Win32) as the app type, select the app from the Enterprise App Catalog, and then set the app information, installation commands, requirements, and detection rules.
macOS LOB apps LOB app Select Line-of-business app as the app type, select the App package file, and then select an installation file with the extension .pkg.
macOS apps (DMG) LOB app (nonstore app) Select macOS app (DMG) as the app type, select the App package file, and then select an installation file with the extension .dmg.
macOS apps (PKG) LOB app Select macOS app (PKG) as the app type, select the App package file, and then select an installation file with the extension .pkg. This app type is used to add an unmanaged macOS PKG app to Intune.
Microsoft Defender for Endpoint (macOS) Store app (Microsoft Defender ATP) Select macOS under Microsoft Defender for Endpoint as the app type and then continue by setting up the app in Intune.

You can add an app in Microsoft Intune by selecting Apps > All apps > Add. The Select app type pane is displayed and allows you to select the App type.

Tip

An LOB app is one that you add from an app installation file. For example, to install an iOS/iPadOS LOB app, you add the application by selecting Line-of-business app as the App type in the Select app type pane. You then select the app package file (.ipa extension). These types of apps are typically written in-house or as a custom app.

Example - Add Microsoft 365 Apps to Windows 10/11 devices with Microsoft Intune

One of the available app types is Microsoft 365 apps for Windows 10/11 devices. By selecting this app type in Intune, you can assign and install Microsoft 365 apps to devices you manage that run Windows 10 or 11. You can also assign and install apps for the Microsoft Project Online desktop client and Microsoft Visio Online Plan 2, if you own licenses for them. The available Microsoft 365 apps are displayed as a single entry in the list of apps in the Microsoft Intune admin center.

Important

If there are .msi Office apps on the end-user device, you must use the Remove MSI feature to safely uninstall these apps. Otherwise, the Intune delivered Microsoft 365 apps fail to install. Multiple required or available app assignments aren't additive. A later app assignment overwrites existing installed app assignments. For example, if the first set of Office apps contains Word and the later one doesn't, then Word is uninstalled. This condition doesn't apply to any Visio or Project applications.

Review the following considerations before you start adding Microsoft 365 apps to Windows 10/11 devices with Intune:

  • Devices to which you deploy these apps must be running the Windows 10/11 Creators Update or later. Verify that all target devices are running Windows 10 or later.
  • Intune supports adding Office apps from the Microsoft 365 Apps suite only.
  • If any Office apps are open when Intune installs the app suite, the installation might fail, and users might lose data from unsaved files.
  • This installation method isn't supported on Windows Home, Windows Team, Windows Holographic, or Windows Holographic for Business devices.
  • Intune doesn't support installing Microsoft 365 desktop apps from the Microsoft Store (known as Office Centennial apps) on a device to which Microsoft 365 apps are already deployed with Intune. If you install this configuration, it might cause data loss or corruption.
  • Multiple Microsoft 365 deployments aren't currently supported. Only one deployment is delivered to the device.
  • Choose whether you want to assign the 32-bit or 64-bit version of Office. You can install the 32-bit version on both 32-bit and 64-bit devices, but you can install the 64-bit version on 64-bit devices only.
  • Choose whether you want to remove existing Office .MSI apps from end-user devices. The installation won't succeed if there are existing .MSI apps on end-user devices. The apps to be uninstalled aren't limited to the apps selected for installation in Configure App Suite, as it removes all Office (MSI) apps from the end user device. For more information, see Remove existing MSI versions of Office when upgrading to Microsoft 365 Apps. When Intune reinstalls Office on your end user's machines, end users automatically get the same language packs that they had with previous .MSI Office installations.
  • If devices are provisioned using Autopilot and you intend to deploy Microsoft 365 Apps as a tracked app during the enrollment status page (ESP) process, Microsoft recommends to deploy Microsoft 365 Apps as a Win32 app. Unlike Win32 apps in Intune, the installation of the Microsoft 365 Apps(Windows 10 and later) app type isn't managed by the Intune Management Extension (IME). Installing a Microsoft 365 Apps app during ESP could create an installation concurrency issue, where the Microsoft 365 Apps app begins installing while there's an ongoing installation of a Win32 app (also tracked during ESP), which causes the ESP to fail.

When organizations deploy Microsoft 365 Apps using Microsoft Intune, they experience a streamlined, efficient way to manage and distribute essential productivity tools across their Windows 10 and later devices. This approach ensures that all users have access to the latest versions of Microsoft Office applications, enhancing productivity and security.

The following instructions guide you through the process of adding Microsoft 365 Apps to Windows 10/11 devices with Microsoft Intune. For example, you can use this process to deploy Microsoft 365 Apps to a select group of users through an appropriate channel, and with a certain file format, among other requirements.

  1. Sign into the Microsoft 365 admin center with your administrative credentials.
  2. In the Microsoft 365 admin center navigation pane, select Show all.
  3. In the navigation pane, under the Admin centers section, select Endpoint Manager. This displays the Microsoft Intune admin center.
  4. In the Microsoft Intune admin center, select Apps in the navigation pane.
  5. On the Apps | Overview page, you can add apps to Intune through either the All apps page, or through the apps page by platform. Both routes take you through the same configuration process. The only difference is the list of app types that you can choose from in step 6. The All apps route displays a combined list of all Windows, iOS/iPadOS, macOS, and Android apps, whereas selecting a specific platform only shows the apps for that platform.
    1. To add apps through the All apps page, select All apps in the middle navigation pane, and then select +Add in the menu bar.
    2. To add apps by platform, under the By platform section in the middle navigation pane, select the platform type (for example, Windows, iOS/iPadOS, macOS, or Android), and then select +Add in the menu bar.
  6. In the Select app type pane, select in the App type field. In the drop-down menu that appears, select Windows 10 and later and then select the Select button. Doing so initiates the Add Microsoft 365 Apps wizard.
  7. In the Add Microsoft 365 Apps wizard, on the App Suite Information page, update any fields as required by your organization. For example:
    • Suite Name: Enter a unique name for the app suite.
    • Suite Description: Provide a description of the app suite.
    • Publisher: Microsoft.
    • Category: Optionally, select categories to help users find the app suite in the company portal.
    • Featured App: Choose whether to feature the app suite in the company portal.
  8. Select Next.
  9. On the Configure app suite page, update any fields as required by your organization. For example:
    • Architecture: Select either 32-bit or 64-bit based on your organization's needs.
    • Default file format: Select either Office Open Document Format or Office Open XML Format. Using the Office Open XML file format helps ensure compatibility with industry standards and regulatory requirements.
    • Update Channel: Choose the appropriate update channel (Current Channel, Monthly Enterprise Channel, Semi-Annual Enterprise Channel, or Semi-Annual Enterprise Channel (Preview)). The Current channel provides users with the latest features and improvements, enhancing the overall user experience.
    • Languages: Select the languages required for your organization.
    • Remove MSI: Ensure the option to remove existing MSI versions of Office is selected.
  10. Select Next.
  11. On the Assignments page, update any fields as required by your organization. For example:
    • Assignments: Assign the app suite to the appropriate users, groups, or devices.
  12. Select Next.
  13. On the Review + create page, review your settings, and then select Create to finalize the deployment. If you need to make any changes, select Previous to take you back to the page you need to update.