Downloading Windows apps from a local file share and distributing to devices

The App distribution workflow now allows administrators to download Windows apps that are stored on a password-protected file share located on their organization's network. Administrators can then distribute these apps to the end-user App Catalog, where a user installs the apps on their specific device, or distribute directly to the device where apps are instantly installed on user devices.

How this option works

In previous releases, the only option available to administrators for distributing Windows apps to devices was to upload the apps to a MaaS360® (content delivery server) CDN server, where apps were then downloaded directly by the administrator from the CDN server to devices. In the 10.78 platform release, administrators can now store Windows apps locally on a password-protected file share on their network, access that file share from the MaaS360 Enterprise App for Windows - App Details page by providing the UNC path to the local file share and their local file share credentials, and then distribute those apps directly to user devices.

Note:
  • MaaS360 only supports EXE, MSI, and BAT files.
  • Windows Universal App Packages (APPX and APPXBUNDLE) are not supported.
  • Windows 7 devices that are managed by DTM are not supported.
  • The device that is receiving the app must be connected to the organization's network (VPN or intranet). If the device is not connected to the organization's network, app installation will fail on the device.

Downloading Windows apps from a local file share

Follow these steps to download Windows apps from a local file share:
  1. From the MaaS360 Portal Home page, select Apps > Catalog. The App Catalog page is displayed.
  2. Click Add, expand the Windows section, and then select Enterprise App for Windows. The Select an app type to Add enterprise app for Windows window is displayed.
  3. Select the type of enterprise app that you want to add to the App Catalog. MaaS360 supports the following enterprise app types:
    • Windows Installers: MSI
    • Windows Executable: EXE
    • Windows Scripts: BAT
  4. Click the App Details tab, and then select the Local fileshare location option.
    Network share option
  5. In the App section, enter the Microsoft Windows UNC path of the local network share where app binaries are stored.

    For example: \\Someserver\somepath\test.exe or \\IPaddress\c$\somefolder\test.exe

    Note:
    • MaaS360 only supports EXE, MSI, and BAT files.
    • Windows Universal App Packages (APPX and APPXBUNDLE) are not supported.
    • Windows 7 devices managed by DTM are not supported.
    • The device that is receiving the app must be connected to the organization's VPN or intranet. If the device is not connected to the VPN or intranet, app installation will fail on the device.
  6. In the Local fileshare credentials section, enter the mandatory administrator username and password to access the file share.
    Note:
    • Each endpoint must have access to the file share to receive apps.
    • The UNC shares are located on the intranet, so there are no further networking requirements.
    • SAML authentication is not supported at this time for UNC shares. Only the mandatory administrator username/password login credentials are supported.
  7. Provide additional details about the app:
    Option Description
    App Name Specifies the name of the app. For example, VLC Player.
    App Version Defines the version of the app. For example, 2.0.1.
    App Icon The app icon. The recommended size is 30 x 30 px.
    Description Provides additional information about the app.
    Category Assigns a category to your app.
    Screenshots The screenshots of the app.
  8. Select the Installation Requirements tab and provide the following details:
    Option Description
    Installation Mode
    • Silent Installation: Enables the installation to run on its own without user interaction.
    • UI or Wizard based: Enables the (attended) manual installation that requires user inputs such as User ID or License key during the installation process. Note: UI-based installation is supported only on Windows 10 devices and newer devices that are enrolled in MDM.
    Installation Context
    • System or All Users: Enables all users of the computer to use and access the application. This installation context is recommended if the app installation requires admin privileges. The packages are installed in the Silent installation mode as the installation is run by system administrator.
    • Per User (Enrolled User): Restricts the access and use of the application to the user that installs the application on the computer. This installation context is recommended if the app does not require admin privileges. You must ensure that the user has proper permissions to install the app because some apps require admin rights.
    Execution Commands
    • Install: Specifies the silent installation command. The command must include the application name followed by the installation command switches.
      Some of the common EXE package silent installation commands are:
      • filename /S
      • filename /Silent
      • filename /quiet
      Note: Contact the application vendor or see the application documentation for silent installation and uninstallation commands that are supported by the application.

      For example, use the following command to silently install the VLC media player:

      vlc-2.0.1-win32.exe /L=1033 /S

      where
      • vlc-2.0.1-win32.exe is the filename.
      • /L is the language code.

      For more information about the VLC media player, see https://wiki.videolan.org/Documentation:Installing_VLC/.

    • Uninstall: Specifies the silent uninstallation command. Choose to automatically uninstall the app in the following scenarios:
      • MDM control is removed.
      • Selective wipe is issued to the device.
      • Distribution is removed.
      For example, to silently uninstall an VLC media player app, use C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe /S.
    Relevance to install Defines the prerequisite component that is required for installing the app. The prerequisite is based on a registry key, file, or process. During the app installation, MaaS360 checks for the prerequisite and installs the app only on the devices that meet the requirements.

    For example, use the javaw.exe process as a prerequisite for the Eclipse.exe package.

    The distributed apps that do not meet the requirement are marked as Not Relevant in the App Distribution and Installation Details page. Note: If an app is not relevant, the Get option to download the app is disabled in the end user App Catalog.

    Using negative install success/relevance criteria to check whether a script/job executed successfully on a Windows device (applies to MSI, EXE, and scripts)

    The negative install success/relevance criteria determines whether an app was successfully uninstalled or removed from the device during app upload based on the following criteria:
    • Registry key does not exist: Provide the path to the registry key, value name, and value data. For example: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Now
    • File does not exist: Provide the full path to the file name without quotes. For example: c:\recovery.txt
    • Process not running: Provide the process name. For example: testScriptProcessNew.
    Using exit code based install success criteria to check whether a script/job executed successfully on a Windows device

    Administrators enter exit code based install success criteria as a numerical value or as a comma-separated list of numerical values to determine whether an app was successfully uninstalled or removed from the device during app upload.

    Example of configuring negative install success/relevance criteria and exit code based install success criteria for an app

    Criteria
    Requires restart Indicates that a restart is required after the app is installed.
    Install Success Criteria Defines the criteria for detecting the app on the device. After installing the app, MaaS360 validates the criteria to determine the presence of the app on the device and returns the status of the installation. The app detection criteria is based on a registry key, file, or process. Note: The app installation is successful only if the criteria is met.

    For example, use the following file path to determine if the VLC media player is installed: C:\Program Files\VideoLAN\VLC\vlc.exe
  9. Select the Policies and Distribution tab and provide the following details:
       
    Remove app on Removes the app automatically from the device in the following scenarios:
    • MDM Control Removal: When MDM control of a device is terminated by the administrator or a user.
    • Selective Wipe: When a selective wipe is issued to the device.
    • Stopping Distribution: When distribution is stopped on the device.
    Note: The Selective Wipe and the Stopping Distribution options are supported only on Windows desktops that use OS version 10 and later.
    Install Settings Indicates that the app is installed without user intervention.
    Distribute to Distribute to: The devices that receive the app. Use the plus icon to add multiple distributions. MaaS360 allows you to distribute an app to devices in the following ways:
    • None: The app is loaded in the App Catalog, but the app is not distributed to devices immediately.
    • Specific Device: The app is loaded in the App Catalog and deployed to a specific device.
    • Group: The app is deployed to a group of devices.
    • All Devices: All devices receive the app.
  10. Follow these steps to view and then distribute the app to devices:
    1. From the MaaS360 Portal Home page, select Apps > Catalog.
    2. Click on the app that you want to distribute.
    3. In the Detail view of the app, click View. The App Summary page is displayed.
    4. Click Distribute. The Distribute App window is displayed.
    5. Provide the following details:
      Option Description
      Target
      • Specific Device: The app is deployed to the selected device.
      • Group: The app is deployed to all devices in the group.
      • All Devices: The applicable devices are targeted based on the app type. For example, if you deploy a Windows enterprise app to all devices, the app is deployed to all Windows devices. The Android, iOS, and macOS devices do not receive the app. Note: Use the (+) plus icon to add multiple distribution targets.
      Schedule distribution Schedule the installation of distributed apps from the App Catalog to a Windows device or a group of devices over a staggered period of time. When the scheduled date and time approaches, the app is installed on the device.

      Note: The Schedule distribution option only supports Windows EXE, MSI, BAT, and downloadable (DOCX, PPTX, JPEG, PNG, XML, or INIT) files. Windows Universal App Packages (APPX and APPXBUNDLE) and Windows 7 devices that are managed by DTM are not supported.

      App installation scheduling options:

      • Start date: Select the date to schedule the installation of the distributed app on a Windows device or group of devices.
      • Start time (0-23 Hrs): Select the local time on the device to schedule the installation of the distributed app to the Windows device or a group of devices. The values include:
        • Immediately
        • 00 (midnight or 12:00 AM) to 23 (11:00 PM)
      • Distribute over (0-24 Hrs): Forces MaaS360 to space out the installation of distributed app binaries to Windows devices over the selected hours to reduce the load on the network. The values include:
        • Immediately
        • 1 to 24 hours
      Note:
      • If a device belongs to multiple groups that use different scheduling options, the option with the earliest scheduled start date is used.
      • If the scheduled start date for the app installation (for example, 11 November 2020 at 2:00 PM) has passed, then the app installation is scheduled for the next day at the same time (for example, 12 November 2020 at 2:00 PM). MaaS360 tries to reschedule app installation three times. After the reschedule limit of three times is met, the app is installed immediately on devices.
      Install Automatically Installs the app without user intervention.
      Send Notification A notification is sent to devices to inform the devices that a new app is added to the App Catalog.
      Send Email An email is sent to users to inform users that a new app is added to the App Catalog.
    6. Click Distribute. The app is successfully distributed to devices. If distribution fails, see Tracking the status of an app for more information.

Upgrading existing Windows apps and distributing to user devices

In this scenario, the administrator has two versions of an app (an upgraded version and a previous version) and wants to store both versions on the local file share, where they can distribute the upgraded version of the app to user devices.
  1. Follow the steps from the Installing and distributing Windows apps from a local file share section to install the app.
  2. Find the app in the App Catalog, and then select More > Upgrade App. The Upgrade App window is displayed.
    1. If you select Instant Install, the app is upgraded on the device and the App Catalog displays the upgraded version.
    2. If you do not select Instant Install, the Update option is displayed under the app in the App Catalog. Click Update to update the app.

    The upgraded version of the app is kept in the local network file share. You must make sure that the filename for the upgraded version of the app is not the same as the filename for the previous version of the app.

  3. Enter the file path for the upgraded version of the app in the App Catalog.
  4. Upload the upgraded version of the app to the App Catalog. Since each version of an app maps to its own unique app ID, the upgraded version of the app does not overwrite the previous version of the app.
  5. Distribute the upgraded app to devices. Both versions of the app are available on the device.