-
-
Save adotcoop/0241d371684c3771000385dd93da77e4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Automatically installs the Company Portal app | |
Most of this code is is by Oliver Kieselbach from his excellent blog post | |
https://oliverkieselbach.com/2020/04/22/how-to-completely-change-windows-10-language-with-intune/ | |
.NOTES | |
Author: Andrew Cooper | |
Twitter: @adotcoop | |
.LINK | |
https://github.com/adotcoop/Intune | |
.DESCRIPTION | |
This script provides a way to automatically install the Company Portal app. | |
The inspiration for this script came after watching the Greg Shields' Pluralsight course on Intune where | |
it appears that the only current mechanism to autodeploy the Company Portal is through Microsoft Store for | |
Business. MSfB appears to have been deprecated (https://twitter.com/concentratdgreg/status/1246133337200062464). | |
Oliver Kieselbach details how to use the MDM Bridge WMI Provider to force a store app install in his blog post | |
https://oliverkieselbach.com/2020/04/22/how-to-completely-change-windows-10-language-with-intune/ | |
The MDM Bridge provider appears to allow any store app to be installed automatically provided you know the | |
applicationID. The applicationID can be found at the end of the store URL. For example, here is the Company | |
Portal URL | |
https://www.microsoft.com/en-gb/p/company-portal/9wzdncrfj3pz | |
I can't improve on Oliver's code, so the credit for this method of store app deployment should go to him. | |
#> | |
$applicationId = "9wzdncrfj3pz" | |
$skuId = 0016 | |
$webpage = Invoke-WebRequest -UseBasicParsing -Uri "https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/$applicationId/applockerdata" | |
$packageFamilyName = ($webpage | ConvertFrom-JSON).packageFamilyName | |
# you can specify the packageFamilyName if already known | |
#$packageFamilyName = 'Microsoft.CompanyPortal_8wekyb3d8bbwe' | |
# All of the below code is by Oliver Kieselbach | |
$namespaceName = "root\cimv2\mdm\dmmap" | |
$session = New-CimSession | |
$omaUri = "./Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation" | |
$newInstance = New-Object Microsoft.Management.Infrastructure.CimInstance "MDM_EnterpriseModernAppManagement_AppInstallation01_01", $namespaceName | |
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", $omaUri, "string", "Key") | |
$newInstance.CimInstanceProperties.Add($property) | |
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", $packageFamilyName, "String", "Key") | |
$newInstance.CimInstanceProperties.Add($property) | |
$flags = 0 | |
$paramValue = [Security.SecurityElement]::Escape($('<Application id="{0}" flags="{1}" skuid="{2}"/>' -f $applicationId, $flags, $skuId)) | |
$params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection | |
$param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", $paramValue, "String", "In") | |
$params.Add($param) | |
try { | |
# we create the MDM instance and trigger the StoreInstallMethod | |
$instance = $session.CreateInstance($namespaceName, $newInstance) | |
$result = $session.InvokeMethod($namespaceName, $instance, "StoreInstallMethod", $params) | |
} | |
catch [Exception] { | |
write-host $_ | out-string | |
} | |
Remove-CimSession -CimSession $session |
Hello. Need help here.
I'm installing the Company Portal to several Windows devices using this script and a Domain admin user.
The Company portal is installed successfully only within the Domain admin user profile, so the app is not installed and therefore not available within the regular user profile.
Any idea to solve the issue?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
this is interesting, but how would you determine the install identity (device/User)?
I used this to install in our lab (24 systems) and it required use to log into the portal, but if I manage to Push from Intune no log in needed. I'm still struggling with getting the portal to all machines, before/weather/or not a user is logged in. the goal is to have the portal installed before the device is distributed to a user
Also, I noticed that the SKUID of 0016 was different between Online & offline Installs, I made an assumption this was how I could force the "offline" or device install