Silently push the Microsoft Intune Company Portal to Azure AD Joined Windows 10 devices

Starting today Microsoft Intune has been integrated with the Business Store. This means that you can use Microsoft Intune to manage public store applications and silently deploy them to users. End-user won’t have to go to the public store and therefore won’t need a Microsoft Account.  

When it comes to Microsoft’s Enterprise Mobility Suite it’s possible to use the Company Portal for a uniform cross-platform experience.

On Windows, installation of the Company Portal can be automated using the Business Store which is capable of pushing applications from the Public Store. We can use this to silently push any modern app from the public store, including the Company Portal, to the end-user’s Windows AAD joined (or Domain Join + AAD registration) 10 device. End-users won’t need an Microsoft Account (MSA) to obtain the application.

You configure this as follows:

1) Browse to and logon with an administrative user in your tenant.

2) Select settings and navigate to Management Tools


3) Select Add a management toolclip_image004

4) Search for Microsoft Intune


5) Press Ok followed by Activate in the bottom right corner


6) In the upper right Search Store textbox search for Company Portal, next select Get the app and afterwards select distribute later.


7) Open a new tab and navigate to Microsoft Intune via

8) Navigate to Admin/Mobile Device Management/Windows/Store for Business and select Configure Sync



9) When for the initial sync to finish and navigate to Apps/Apps/Volume Purchased Apps


10) Now you can deploy the Company Portal as a required application to your user collection.

End result:image

Users on Windows devices that sign in with their Azure AD account (or PIN/Passport) or domain account that has been registered in AAD will get the Company Portal added in their Start Menu without having to do anything. And the best of all: without the need for a Microsoft Account to access the public store.

For more information:

  • IT Professional resources:
  • Developer resources:

Comments (8)
  1. Mathias K. says:

    Finally! Great News Pieter thanks for this update. Any news on when this will be available for Hybrid scenarios with ConfigMgr and Intune integration?


  2. dj says:

    mathias – look in the next sccm tp

  3. Nicholas says:

    Now how do we get the Intune client to install automatically when a user joins the AD without an on premise server? haha

  4. As Nicholas Said says:

    This functionality is one of the key pain points for us and I can’t find an unassisted method.

  5. filip says:

    I configured exactly as You but the app is not installed. Any guidance for troubleshooting?

    1. Gabe says:

      Doesn’t work on our end, either. Suspicion: This is actually not possible for Windows 10 Client Computers.
      When managing the deployment of the app, there’s a yellow box popping up with the following text.

      “Software installation requirements:
      At least one of the selected deployments has the following characteristics:
      – When the approval action is either Required Install or Uninstall, this app will be applicable only to mobile devices and does not apply to client computers.
      – When you deploy a volume purchased app, one license you purchased is used by each user that installs the app. To reclaim the license, change the deployment action to Uninstall.”

      If I read this correctly, all these instructions are for nothing because it only works on smartphones.

  6. Karlis Kisis says:

    It used to work for me but now in a new tenant I don’t seem to get anything installed from the store via Intune. From the device management log:
    MDM ConfigurationManager: Command failure status. Configuration Source ID: (8CA1EED9-9CF5-493E-A98D-9B236E8E3C3B), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (EnterpriseModernAppManagement), Command Type: (CmdType_Execute), CSP URI: (./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/Microsoft.CompanyPortal_8wekyb3d8bbwe/StoreInstall), Result: (Bad request (400).).

  7. rkast says:

    Automatic deployment does not work anymore! I see an installation progress bar and stalls at approx 2/3 and then dissapears and thus not installed.

Comments are closed.

Skip to main content