When people suddenly went to work from home, it was a scary situation for all, including InfoSec who, in some cases saw corporate assets walk out the door with no line of sight to them for the foreseeable future. End User Computing also faced a logistical nightmare, with some relying on Virtual Private Networks that were frankly not fit for purpose when pushing patches or deploying applications. You need a performant reliable network to yield high success doing enterprise deployments.
As workstyles look set to change permanently with more organizations moving to 100% work from home or at least a blended hybrid workstyle, there has never been a greater need to manage remote devices, including enforcing security settings, measuring compliance, and of course managing applications on those remote devices. Microsoft’s Intune (new branding: Microsoft Endpoint Manager) offers a cloud native solution for managing these devices. Intune is a cloud native product, so unlike traditional on-prem architected deployment solutions, no unreliable VPN is required.
Microsoft for their part have started to make it even easier for current Microsoft Endpoint Configuration Manager customers to move more toward Intune with the Cloud Attach feature within MECM providing some line of site and making enrolling into Intune that bit easier. Once onboarded with Cloud Attach, devices in your MECM collections will be visible in MEM. If you currently use MECM and a VPN for remote management this could offer a major lifeline to help move toward Intune and cut that VPN chord once and for all or at least reduce your dependency on the VPN when it comes to security and device management. Who knows, if you can deploy apps and patches outside of hours when remote devices may not be connected to the VPN, maybe without large app deployments and patches saturating an already limited VPN in the morning, the network can become reliable for other types of workflows.
Whilst enrolling your devices into Intune can be a quick win for Mobile Device Management needs like ensuring device compliance, managing firewall, Windows Defender etc. moving your app management from MECM to MEM requires some effort unless you use an automated solution like Rimo3.
For the actual product setup, there are multiple options to select from. I decided to go with the cloud hosted managed service integrated with my Azure tenant. Getting setup was easy, I got my entitlements from Rimo3, I created an app registration and ran a few simple PowerShell scripts. This built out several resources including a virtual machine that would be used as a task runner e.g., this VM would be used for running automated conversions of my App-V and MSI packages to MSIX, as well as testing the apps etc. I did briefly look at the option to upload by my own custom image for testing purposes, but I decided for my conversion needs, the Microsoft Azure Gallery image was fine.
If you do not want to dig into the finer details like on the previous chart, the performance across platforms is also shown in a high-level chart as seen above.
Exporting Converted MSIX Containers
Now that I have my report that shows the applications, I converted to MSIX, showing which of the apps are likely to work and which are unlikely to work, I can focus on testing the apps that may have issues and move forward with User Acceptance Testing for those that tested successfully. I can choose to export all the packages to various platforms including directly to my Intune tenant. In my scenario, that is exactly what I did. I exported some of the apps that tested successfully straight to Intune and downloaded some of the apps that didn’t work or those that did but I wanted to deploy with another product.
In my experience, most of the applications I onboarded and sequenced with Rimo3 did successfully convert to MSIX. Now, while most did convert, not all packages ended up getting deployed that way e.g. It converted Foxit PDF Editor. On testing the MSIX, I discovered that the application did launch and somewhat functioned, but the print driver was not working which is the main purpose of this application. So, for that one, MSIX was not an option at this time.
Checkout my video overview of just some of the features of Rimo3 including an example of exporting an MSIX package to Intune and also how to export to deploy the converted MSIX containers to a Cloudpager Workpod.
Rimo3’s managed service is quick and easy to get setup and the automation provides a quick launch approach to migrating your applications to a new platform or Operating System. While it doesn’t provide 100% certainty on testing or conversion of applications, it can handle a lot of your applications saving your from needing to touch every single application in your estate.