Intune Done Right: Wrangling App Chaos, One Update at a Time
Managing applications across a diverse set of devices has always been a challenge, especially in enterprise environments. With Intune, you’ve got a powerful toolset for app deployment, version control, and automated updates. But Intune alone has its limits—especially when it comes to updating third-party apps and managing large app libraries. Here’s how to optimize your application management strategy in Intune, where supersedence and third-party tools like Microsoft Intune Suite, Chocolatey, and Patch My PC can help make app management smooth, scalable, and headache-free.
1. Choose the Right Deployment Strategy for Your Apps
Intune offers several deployment methods, allowing you to tailor delivery to different app types and user needs. However, one pitfall to avoid is making all apps required. While Intune does handle dependencies well, it installs required apps in a random order, meaning it has no concept of which apps are most important to the user.
Imagine a user with 15 required apps. They could be left waiting for the specific app they need to complete a task while other, less critical apps install first. This unpredictable order can lead to user frustration, wasted time, and unnecessary IT support requests.
To sidestep these issues, consider deploying only essential apps as required and using Available for Install for non-critical apps that users can download as needed from the Company Portal. This approach allows users to access important apps immediately, without waiting for the entire set to install.
- Available for Install: Perfect for optional applications that users can download as needed through the Company Portal.
- Required Install: Ensures that essential apps are deployed automatically to all targeted devices or groups, with no user intervention required. Ensure that only the most essential apps are "required"
- Uninstall: Quickly removes apps from specified devices, helping you maintain compliance or remove outdated versions easily.
Selecting the right deployment type based on your app’s function and necessity allows you to give users the flexibility they need while ensuring critical applications are always up-to-date.
2. Simplify App Version Control with Supersedence—But Beware the Manual Workload
Intune’s supersedence feature is a useful tool for updating Win32 applications when you’re managing apps through Intune alone. Supersedence lets you specify that a new version of an app replaces an older one, automatically removing outdated versions across your environment. This is especially valuable for controlling Microsoft applications and Win32 apps, helping to keep app versions consistent.
However, supersedence relies on manually packaging and updating each application—an enormous workload if you’re managing a large app library. Imagine you’re handling 500 apps, each requiring manual packaging and configuration updates with each new version. Without automation, supersedence can become a bottleneck in maintaining an evergreen environment. Here’s where tools like Microsoft Intune Suite, Chocolatey, and Patch My PC shine.
3. Filling the Gaps: Intune Suite, Chocolatey, and Patch My PC
If your app library is extensive, you need more than just supersedence to keep applications current. Microsoft Intune Suite, Chocolatey, and Patch My PC offer automation and streamlined packaging capabilities, making large-scale app management far easier. Here’s a breakdown:
- Microsoft Intune Suite: Expanding on Intune’s core capabilities, Intune Suite provides enhanced automation, security, and management features. Its app management capabilities offer deeper support for automating updates, no packaging, and enhancing visibility, allowing IT to manage large app portfolios more effectively without the manual work required by supersedence.
- Chocolatey: This package manager simplifies the deployment, updating, and removal of third-party applications and integrates well with Intune. Chocolatey automates the packaging and updating process for a wide range of applications, eliminating the manual steps required with supersedence alone.
- Patch My PC: Specifically designed for third-party app patching, Patch My PC integrates seamlessly with Intune to provide automated updates for a wide array of third-party apps. With robust reporting, version control, and auto-update capabilities, Patch My PC ensures your app library stays evergreen without constant manual intervention. This tool is especially valuable for large app libraries, allowing IT teams to automate patching and package updates with ease.
Using one of these tools alongside Intune reduces the manual work involved in packaging, deploying, and updating apps across a large enterprise, helping you maintain an up-to-date, secure app ecosystem with minimal hands-on effort, yes they come at a cost but that is offset in far reduced effort and complexity.
4. Streamline App and OS Updates with Windows Autopatch for a Fully Evergreen Environment
Modern management isn’t just about deploying applications—it’s about keeping everything, from apps to the operating system, up-to-date in a secure, evergreen state. Windows Autopatch, available as part of Intune, takes OS updating a step further by automating Windows updates across your organization. Unlike WUfB, Autopatch is a fully managed service that handles Windows quality and feature updates on your behalf, freeing up IT resources and ensuring a consistent, optimized update process.
When paired with third-party tools like Patch My PC and Chocolatey to automate updates for non-Microsoft applications, Autopatch enables a comprehensive, evergreen environment. This integrated approach ensures all software stays secure and current without manual effort, providing a seamless experience for end-users and a more resilient setup for IT.
5. Provide Flexible, Self-Service Options for User Empowerment
Users often need quick access to certain apps that may not be “required” for everyone. Intune’s Company Portal allows you to publish optional apps, giving users the freedom to install what they need, when they need it. By using this self-service model, you enable users to install optional apps or essential updates immediately without relying on IT.
This self-service approach is especially useful when updates are rolled out across the organization. Users can check the portal for the latest versions or download optional tools as their needs evolve. The flexibility to access apps on-demand improves user satisfaction, cuts down on IT support requests, and provides a more agile, responsive experience.
Wrapping Up: Optimizing App Management with Intune
When used to its full potential, Intune streamlines app deployment, updates, and management in ways that meet the needs of modern enterprises. From automated updates and lifecycle management to custom configurations and proactive monitoring, Intune enables your organization to stay flexible, secure, and ready to support user productivity.
However, for large app libraries, relying on Intune alone (and supersedence) for updates can lead to a high manual workload. Third-party tools like Microsoft Intune Suite, Chocolatey, and Patch My PC take Intune’s capabilities to the next level by automating patching, packaging, and updating processes that would otherwise require extensive hands-on effort. By combining Intune with specialized tools, you’re setting up your organization for smoother, more efficient app management that meets the demands of today’s dynamic, evergreen IT environment.
