In this guide, you’ll learn how to Add Microsoft Store Apps to Microsoft Intune using Microsoft Graph API. The present discourse aims to elucidate the process of creating the New Microsoft Store apps via Graph API to automate the creation of the apps.
As a passionate advocate for automation, I have been keenly interested in exploring the capabilities of managing Intune through Microsoft Graph API. This approach can offer a powerful means of automating tasks and streamlining workflows. Have you had the opportunity to delve into this area yet?
The Microsoft Store is equipped to accommodate a range of applications, including Universal Windows Platform (UWP) apps and desktop applications packaged in MSIX. Recently, the store has extended its support to include Win32 applications packaged in MSIX or EXE installers. The Windows Package Manager (Winget.exe) implements the new Microsoft Store app type.
It’s important to note that certain requirements must be met in order to use Microsoft Store apps. According to Microsoft, client devices must have at least two core processors, support Intune Management Extension (IME) for installing Microsoft Store apps, and have access to both the Microsoft Store and the target content.
Know More About Microsoft Graph API
Microsoft Graph is an API that lets you access data, intelligence, and insights from Microsoft 365 and other Microsoft Cloud services through a single endpoint. This includes Microsoft 365, Windows, and Enterprise Mobility + Security data.
This Microsoft Graph API is designed to perform the same range of Intune operations as those available through the Azure Portal. By using Microsoft Graph, developers can build intelligent applications that leverage the power of Microsoft 365 and other Microsoft services to enhance productivity and collaboration.
- Best Guide to Restart Intune Devices Remotely using Microsoft Graph API and PowerShell
- Best Guide to Run Intune Device Query with Microsoft Graph API
- Automate Microsoft Intune Device Compliance Report using Graph API
Microsoft Graph can be leveraged to create personalized experiences catering to individual users’ unique contexts, thereby increasing their productivity. It offers a robust suite of services for managing user and device identity, access, compliance, security, and data access on the following Microsoft cloud services. You should have enough permission to run the query. Microsoft has documented an overview of Microsoft Graph permissions. Kindly refer to it to gain a better understanding of Graph permissions.
NOTE! As per Microsoft, request the least privileged permissions that your app needs in order to access data and function correctly. Requesting permissions with more than the necessary privileges is a poor security practiceGet All Store Applications using Microsoft Graph API
Let’s learn how to get All Store Application information using Microsoft Graph API. The reason why I’m using this method is to know the packageIdentifier number, which is a unique value that identifies the Microsoft Store apps that need to be added to Intune through Microsoft Graph API before starting the creation process.
There are other options to get the packageIdentifier number of Microsoft Store apps other than this process, and you may refer to the developer’s document of the need to be added to Intune and get packageIdentifier. If you add any application manually to the Microsoft Store App (New), the App Information page will exhibit the packageIdentifier number.
I will use Graph Explorer, a handy browser-based tool for running your Graph calls. However, it does not support commands in batch and is a single-line command executor. API calls will be made by utilizing the Graph Explorer.
NOTE! You may need to log in to Graph Explorer using your credentials if it's your first time. It’s important to note that you must have two permissions that would let you access the below endpoints, which are DeviceManagementApps.Read.All and DeviceManagementApps.ReadWrite.All. You may receive a forbidden error if your query lacks the necessary permissions to run.
| Permission | Description |
|---|---|
| DeviceManagementApps.Read.All | Allows the app to read the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune. |
| DeviceManagementApps.ReadWrite.All | This allows the app to read and write the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune. |
The below endpoint can be used to get All Store Application details and pick packageIdentifier numbers. You should use the GET request method for the endpoint since you are retrieving data from APIs.
https://graph.microsoft.com/beta/deviceAppManagement/mobileApps?$filter=(isof('microsoft.graph.winGetApp'))
I have decided to Install Microsoft Whiteboard on my test machine through the Microsoft Graph API. Well, 9MSPC6MP8FM4 is the packageIdentifier value for Microsoft Whiteboard. You can use the above API endpoint to search and find the application’s packageIdentifier value that you need to install.
- Install New Outlook for Windows with Microsoft Store App from Intune
- Best Guide to Install Windows App from New Microsoft Store in Intune
- Microsoft Store for Business Apps will be Deleted Soon
Add Microsoft Store Apps via Graph API
We are all set to add a Microsoft Store app via Graph API. The package identifier value that you noted above will be used in the request body while running the API call. Let’s learn how to create a Microsoft Store App via Graph API
- Sign in back to Graph Explorer with your admin account.
- Replace the Graph URL with the following endpoint.
https://graph.microsoft.com/beta/deviceAppManagement/mobileApps
You should use the POST request method for the endpoint since you are Sending Data to APIs. Change the request method from GET to POST and paste the below JSON code to the request body.
{
"@odata.type": "#microsoft.graph.winGetApp",
"displayName": "Microsoft Whiteboard",
"description": "HTMD graph API Testing",
"publisher" : "Microsoft",
"packageIdentifier": "9MSPC6MP8FM4",
"owner" : "Sujin Nelladath",
"installExperience": {
"runAsAccount": "user"
}
}The request body is mandatory in this example. When using the above JSON code, please ensure that you replace the values with your own. Please note that you must have the DeviceManagementApps.ReadWrite.All permission is needed in order to execute the query.
Verify the Request Body input values and Click on Run query. Within seconds of clicking Run query, you will receive a success message with the text created – 201.
Once you click on the Run Query button, the Graph returns a response message as below. You can review the newly created application properties in the response message.
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceAppManagement/mobileApps/$entity",
"@odata.type": "#microsoft.graph.winGetApp",
"id": "f3eb8ef7-033b-4af5-a894-cf72828ead9d2",
"displayName": "Microsoft Whiteboard",
"description": "HTMD graph API Testing",
"publisher": "Microsoft",
"largeIcon": null,
"createdDateTime": "2024-05-07T06:51:30.2561444Z",
"lastModifiedDateTime": "2024-05-07T06:51:30.2561444Z",
"isFeatured": false,
"privacyInformationUrl": null,
"informationUrl": null,
"owner": "Sujin Nelladath",
"developer": null,
"notes": null,
"uploadState": 2,
"publishingState": "processing",
"isAssigned": false,
"roleScopeTagIds": [],
"dependentAppCount": 0,
"supersedingAppCount": 0,
"supersededAppCount": 0,
"manifestHash": null,
"packageIdentifier": "9MSPC6MP8FM4",
"installExperience": {
"runAsAccount": "user"
}
}Well, As per the response message received, the Microsoft Store App has been created successfully with the given inputs. Let’s sign in to the Microsoft Intune Admin portal and verify the application.
Create Store Apps using Microsoft Graph via PowerShell
What if you prefer to completely automate the creation of Store apps with the PowerShell codes to accomplish all the abovementioned tasks? Let’s learn how to Create Store apps using Microsoft Graph via PowerShell.
NOTE! Use the Connect-MgGraph command to sign in with the required scopes. You'll need to sign in with an admin account to consent to the required scopes.I have written a PowerShell script to create Store apps using Microsoft Graph. You must have enough permission to execute the script below.
#Connect to MgGraph
Connect-MgGraph -Scopes DeviceManagementApps.ReadWrite.All
#Graph URL
$CreateAPP_URL = "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps"
#Request body
$body = @"
{
`"@odata.type`": `"#microsoft.graph.winGetApp`",
`"displayName`": `"Microsoft Whiteboard`",
`"description`": `"HTMD graph API Testing`",
`"publisher`" : `"Microsoft`",
`"packageIdentifier`": `"9MSPC6MP8FM4`",
`"owner`" : `"Sujin Nelladath`",
`"installExperience`": {
`"runAsAccount`": `"user`"
}
}
"@
Invoke-MgGraphRequest -Uri $CreateAPP_URL -Method POST -Body $Body- Open the PowerShell as administrator.
- Paste the above code and Run the script.
After running the script, you will receive the output below within seconds. Sign in to the Microsoft Intune Admin portal and verify the application.
- Time to use Microsoft Graph Device Management PS Module Instead of MS Graph Intune Module.
- Best Guide to Install Microsoft Graph PowerShell Modules
I believe that this article will be a valuable resource for you and your organization in streamlining the process of creating Microsoft Store apps in Intune using Microsoft Graph API and PowerShell. Thank you for your patience in reading this post. I look forward to seeing you in the next post. Keep supporting the HTMD Community.
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
About the Author – Sujin Nelladath has over 10 years of experience in SCCM device management and Automation solutions. He writes and shares his experiences with Microsoft device management technologies, Azure, and PowerShell automation.