Deploy line of business appx with Intune

If you work on Windows 10 you know that there are not a lot of modern apps (store apps/universal App/metro apps/appx) and most of the developers are still creating normal Desktop Applications. I hope this will change in the future, because the Microsoft Store helps to keep the apps up to date. But in the meanwhile, we have also time to better understand the handling of these new apps. The main benefit of this “new” app model is:

• the security (permissions per app)
• sandboxing
• trusted and verified repository / all apps must be signed
• improved UI for Touch devices and high-resolution displays
• automatic update handling trough store

Recently a customer got one application which was developed internally as an appx file. With that the expedition began .

Dependencies

First of all, the developer was not really aware of the model and has just sent the appx file, but the application also requires some dependencies. The error message you will find in Event Log is:

Add-AppxPackage: Deployment failed with HRESULT: 0x80073CF3, Package failed updates, dependency or conflict validation.

The good thing is, that this folder just must be available in the source folder. Then PowerShell, ConfigMgr or Intune is taking care of it.

Hint for Intune: If you are using Intune to deploy the application, and you get this error, then try to use the old Silverlight portal. In my case the dependency folder was not uploaded when I did it over the Ibiza Portal. The old Portal is available here: https://admin.manage.microsoft.com/

Certificates

The next pain point is, that an application needs to be signed. Only when this prerequisite is fulfilled the app can be deployed over Intune. Imagine, the developer has not used a code signing certificate which was trusted by the devices. But this is not a problem, if you are aware of the requirements. If it was self-signed certificate, then you have to add the certificate not only to the trusted publisher store, it has also to be added to the trusted root authorities.

If you face other issues, you will find a great resource about errors and their solutions here. I hope this blog is helping you, if you like it, please share it.

• About
• Latest Posts

Follow me

Thomas Kurth

Principal Security Consultant | MVP at baseVISION AG

I’m a consultant, trainer and architect for modern workplace and enterprise mobility projects with Microsoft Technologies in the past ten years. I love to push and design the modern workplace based on Microsoft 365 for my customers which is the only answer for the current security threats, agile world and the fast-changing business requirements of my customers. Important for me is to simplify and automate the operational processes, because there are the highest costs.

Follow me

Latest posts by Thomas Kurth (see all)

• Microsoft Sentinel ASIM Parser demystified - March 31, 2024
• Enhancing Network Security Insights with IDS/IPS of Ubiquiti Dream Machine Pro and Microsoft Sentinel - March 10, 2024
• Ubiquiti Dream Machine Pro Logs to Microsoft Sentinel - February 6, 2024