Hello everyone, we are back with another interesting topic how to publish new iOS apps in Intune. In this article, let’s learn the different types of apps we can publish to users and the required steps.
In this modern digital world, the usage of Mobile devices and mobile applications has become essential. Every Organisation started to develop applications to ease access to various organizational resources. Along with this, the protection of data became crucial for organizations.
Intune provides the solution for this by providing various features like managing the devices, app deployment, secure access to the apps, policy enforcement, silent installation of apps, and protection against data leakage on both corporate-owned and employee-owned devices(BYOD devices).
Microsoft Endpoint Manager supports multiple types of iOS apps to be assigned to users. As an IT admin, it is our responsibility to determine which apps your group of users use. Intune lets you restrict access and apply the configuration and app protection policies.
| App Type | Usage | 
|---|---|
| iOS store apps | We can publish the iOS store apps directly to the user’s device | 
| Line of Business(LOB) apps | These are the apps that are developed for your organization | 
| Web clips | These are the URLs that will be installed as webapps and open in a browser | 
| Built-in apps | These are managed apps like Microsoft 365 apps, third-party apps | 
Publishing iOS store apps
Let’s discuss how to publish iOS store apps
- Sign in to Microsoft Intune admin center https://intune.microsoft.com/
- Navigate to Apps > iOS/iPadOS apps
- Click on Add
- Now select the iOS store app > click on Select

Click on Search app store > search for required app > Click on Select.

We will get all the fields popped up with details. If you want to change the default values, we can edit them(for example, we can change the minimum OS required)

Click Next and select scope tags. If you have any, click next. Now assign the app to the user’s group. Intune supports multiple ways of assigning apps to user groups.
| Assignment type | Description | 
|---|---|
| Required | Required apps are installed automatically on enrolled devices | 
| Available for enrolled devices | These apps are available for assigned users to install on their devices optionally. Users can install it either from the company portal or from the Website. | 
| Available with or without enrollment | These apps are available for assigned users to install on their devices without requiring devices to MDM. Users can install it either from the company portal or from the Website. | 
| Uninstall | This type of assignment uninstall the apps installed by the Company portal on managed devices only. | 
Based on the requirement, select one of the types of assignments to add a user group. Click on Next and Review and create the app.
NOTE: When you publish the app in the required mode, Intune tries to install the app without user intervention(based on the platform, the user might receive a popup for installing the app). These apps are not visible to users in the Compay portal app or Website to install manually. If the user deletes the apps published in Required Mode, Intune attempts to install the app again as soon as the device syncs with Intune. Publishing LOB iOS apps
Publishing LOB iOS apps
Line of business apps are typically custom build applications for any organization and are used for various use cases and used by employees. We should have a valid .ipa file signed with the organizational Distribution certificate for publishing LOB apps.
Let’s see how we can publish LOB apps in Intune.
- Sign in to Microsoft Intune admin center https://intune.microsoft.com/
- Navigate to Apps > iOS/iPadOS apps
- Click on Add
- Now select the Line of business app > click on Select

Click on select App package file > Upload the package, then click on OK > Click on Next.

Once the .ipa file is uploaded, Intune fetches all the info from the .iPa file from its list file. We can change the app’s name and add a description to the app. If the app is supported only by iOS devices, we can define the applicable device type and choose iPhone or iPod. Upload the logo for the app.

Click Next and select scope tags. If you have any, click next. Now assign the app to the user’s group. As mentioned in table 2 above, we can assign apps either Required mode or Available for installation or Available with or without enrollment. Review the details and publish/create the app.

NOTE: If assigned an app is to the user’s group in the required mode, the application is visible in the company portal app. If you wish to make the app available for installation, please add the user group under available for installation.
Publishing iOS/iPadOS web clip
Intune supports the publishing of web applications. Webb applications are nothing but client-server applications. These apps are opened in a browser and provide UI and functionality. Intune creates a shortcut for the web app on the device’s home screen. We can publish the app similar to the LOB app. Let’s see below the steps to publish the app.
- Sign in to Microsoft Intune admin center https://intune.microsoft.com/
- Navigate to Apps > iOS/iPadOS apps
- Click on Add
- Now select the iOS/iPadOS web clip > click on Select

Enter the name of the web clip, and provide a description for the web clip. Provide the publisher details. Now provide the URL for the Web app. If you want to give access to the web app only on the managed browser, click on Yes for Require a managed browser to open this link.

Select a category for applications. Select YES to Show this as a featured app in the Company Portal. Upload the logo for the web app. Click on Next and select the scope tags, if any. Click Next and Assign the app to user groups based on the requirement, either as Required mode or Available for installation, or Available with or without enrollment.

Conclusion
As discussed above, Intune supports various types of apps, and as an admin, we should determine the organization’s requirement and publish it to different user groups. We can protect the application data using app protection policies.
Author
About Author – Narendra Kumar Malepati (Naren) has 11+ years of experience in IT, working on different MDM tools. Over the last seven years, Naren has been working on various features of Intune, including migration from different MDMs to Intune. Naren mainly focuses on Android, iOS, and MacOS.
 

To publish a lob application, you must have an Apple Developer Enterprise account. otherwise it won’t work
iOS store app -> Search the App Store…. is empty
Any change to Apple’s app policy?
Thanks!!!
Hi Andrés,
there is no change in the policy, we are able to deploy App store apps.