The course is part of this learning path

Start course

Publishing Applications With Microsoft Endpoint Manager looks at what's involved when publishing apps to fully managed and BYOD devices. This course examines how to publish and deploy different app types and how to use Microsoft Endpoint manager to implement application configuration and protection. We see what an app needs to support configuration and protection policies, what those policies offer in the way of data protection, and how a policy can configure an app's access to a mobile device's hardware and capabilities. While the course's primary focus is deploying apps to mobile devices through app stores, we also look at using Endpoint manager to publish a custom in-house app to a desktop client.

Learning Objectives

  • Overview of app publishing scenarios
  • Learn about app protection policies and how to create one
  • Learn about app configuration policies and how to create one
  • Publish a custom line of business to a Window client
  • See how to investigate deployment issues

Intended Audience

  • Students working towards the MS-101 Microsoft 365 Mobility and Security exam
  • Those wanting to learn how to use Microsoft Endpoint Manager to publish and deploy applications


  • There are no prerequisite courses needed to take this course

Microsoft Endpoint Manager, incorporating Intune functionality, allows you to publish and deploy apps to fully managed devices or users' BYOD devices. You can publish apps sourced from a platform-specific app store like Apple or Google stores. Web apps can be pushed to devices in the form of URL shortcuts. Custom line-of-business apps can be published and deployed using installation files. Intune supports publishing Azure and Microsoft 365 apps. 

Apps and their data can be protected with app protection policies. Apps integrated with the Intune SDK or wrapped in the Intune App Wrapping Tool support app protection functionality. Protection includes preventing app data from unauthorized access and users from performing unsanctioned actions. Apps and data can be encrypted, protected with a PIN, and prevented from running on compromised or jail-broken devices. APP data protection comes in three enterprise configurations: basic, enhanced, and high, with each level incorporating the features of the preceding one.  

Microsoft endpoint manager supports remote app configuration in both device and app-managed modes. Like protection, configuration depends on apps integrated with the Intune SDK or wrapped in the App Wrapping Tool. While the level of configuration is app-specific, apps deployed in a managed device scenario can have device permissions configured remotely. 

Deployment and remote configuration of mobile apps involve a lot of moving parts, from network connectivity to unintended user intervention. Any number of factors could derail successful deployment. Microsoft endpoint manager's troubleshooting functionality enables you to look at a user's mobile device profile to see which apps have or haven't been successfully deployed and then drill down and investigate flagged failures.

My name is Hallam Webber, and we've been looking at publishing, protecting, and configuring apps using Microsoft Endpoint Manager Admin Center.

About the Author
Learning Paths

Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a  Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.