New adventures – with TrueSec

Today is the first day of my new adventure. As of today, I´ve joined TrueSec Infrastructure and will be taking on the role as Principal Technical Architect. I will be focusing on Microsoft 365 and other technologies related to it.

Its really a dream come true, I still do remember my first user group that I attended many years ago. Johan Arwidmark was one of the speakers, and he and many of my new colleagues at TrueSec have in different ways been idols and people you always have been able to turn to.

That´s of course one of my goals as well, to become a trusted advisor for both customers and the community. I do see TrueSec as a great company that will enable me to achieve that. They will also be able to provide me with opportunities to work with some of the worlds most interesting and, in a good way, challenging companies and organizations.

From today, Ill be working globally and ill of course still be doing as many community activities as possible. In the coming months I´m speaking at Techdays Sweden, Microsoft Ignite, Experts Live Europe. Looking into the future I´m one of the featured speakers at Igel Disrupt EMEA in February.

Me, Alexander and Toni will continue the adventure we have set out on with Knee-Deep in Tech, that wont change. We will still aim to publish weekly podcasts, blogpost and be active on social media.

On top of that, I know that TrueSec have a few things planned for me – so stay tuned and reach out if there´s anything I can help you out with. You can reach me at Twitter, LinkedIn and of course via e-mail.

Deploying and Managing Power BI using Microsoft Intune

This post is written on request by parts of the Power BI community. I’ve really enjoyed writing it, not because it’s a deep dive, because it isn’t. I’ve enjoyed writing it because this post will show what you can do with Intune and Windows 10, which will help another strong community to grow and make use of Microsoft 365.

So, this is the request:

How do we distribute Power BI to our users, how do we keep the clients up to date and should we choose the Store version of Power BI Desktop or the installed version?

There are a few requisites to what I’ll be showing below:

I do assume that the management and enrollment of these devices (Windows 10, iOS and Android) have been set up and are working. As well as the devices have already been enrolled (if needed).

I do expect the Power BI and Intune licenses have been assigned to the users.

The Windows devices need to be either Azure AD Joined or Hybrid Azure AD Joined.

Windows version needs to be Enterprise, Education, Business, Pro and 1607 or later.

Let’s get started!

Which version should you use – the app or the installed application?

Well, it depends on how you would like to manage it. First, the feature set in these apps are the same. You can do everything you expect to be able to do in both the app and the installed version of Power BI Desktop.

From a Windows, and a security, point of view the app (from the Microsoft Store) would be your primary choice. The reasons being that the app has been built in such a way that it will handle updates and upgrades of Windows just fine. It’s a highly secure architecture and it integrates very well with most of Microsoft’s (and others) management and security solutions.

To deploy the app, which ill show you how to do in a little while, you publish it from the Microsoft Store. That means that you don’t have to repackage it, and that it will keep itself up to date after you’ve installed it. You’ll also ensure that you always are deploying the latest release of Power BI.

The downsides on the other hand are mainly two:

  1. The bad thing about an app that updates itself, is that you don’t have control over the updates. You can’t control when a specific update is being released and installed on your machines.
  2. When you are using the app, it will automatically adapt its language to the language of the Windows 10 operating system its installed on. So, say at you have a Swedish Windows 10 Enterprise, then the app will be in Swedish as well. Which in some cases isn’t at all what we want.

On the other hand, with the installed app, which we from the start get in as an .MSI file you have to take care of your upgrades by yourself. You must repackage it, which is a simple process, but still something you need to do. This is also a fairly old, and not always streamlined way of installing applications. It’s a larger, even though small, security concern than the app and it demands more work from you as an administrator.

The flipside on the other hand is control. You control when the Power BI update gets installed on machines. Its much easier to pilot a new version to a select group of users and you can release in the pace you’d like.

You are also in control of which language Power BI will be installed in, and it doesn’t need to match the language of the operating system.

So, you are in most cases choosing between simplicity or control. Next, ill show you how to set up the distribution of both of these using Microsoft Intune and Microsoft Store for Business.

Distributing and installing Power BI using Microsoft Store for Business & Microsoft Intune

We’ll start in the Intune console, which you can find in the Azure portal (portal.azure.com). Search for Intune and when you’ve found it, navigate into the “Apps” section.

To the left you’ll see an option for Microsoft Store for Business and if this is the first time your organization is using it, we’ll have to set it up. To do this you’ll need Global Admin rights, so usually you would be required to ask on of your colleagues, but if you are “fortunate” enough to have these rights, go ahead.

Open the Business Store using the link and accept the EULA. Thereafter navigate to Manage\Settings\Distribute and activate Intune.

Next, it’s time to choose apps. In black ribbon at the top of the page, click “Shop for my organization” and search for Power BI. Once you’ve found it open it up and click “Get the app”. You’ll need to accept yet another EULA.

Now, I recommend that you add the app to your private store as well as distribute it with Intune. Therefore, next to the “Install” button you have a settings toggle (three dots) in here you can make the app available to everyone in the private part of Microsoft Store for Business.

For now, we are done in Microsoft Store for Business. Go back to the Intune portal and Save your settings for Microsoft Store for business. Refresh the page and you should now see a green checkmark and a text telling you that the connecting between Microsoft Store for Business and Intune has been configure.

In the apps list (you’ll find the link to it to the left in the portal) you should now see Power BI. Click on the line and then choose assignments. You have the possibilities to distribute it to both apps and users, in most cases you would like to distribute it to users.

When you choose to assign it, you’ll be asked to provide a group or a user. I would highly recommend using an Azure AD group for assignment.

In terms of how it will be installed, you can choose available or required. Required means that the app will be installed automatically on devices that the users you have assigned it to logs on to without any user interaction.

Available on the other hand publishes the app in the Company Portal, and the user can then self-service themselves to the app from the app.

Its up to you what service you would like to provide your users, and you can mix these two for different groups of users.

If you choose required, it will install as soon as the device have synchronized with Intune.

To deploy the Power BI app to Android or iOS you follow almost the same procedure. But you don’t, necessarily, need to configure the platforms specific stores.

You add an app using the “Add” button at the top of the Apps section. Choose your platform and search for Power BI. You’ll then assign it in the exact same way as you did with the Windows 10 apps.

Distributing and installing Power BI using Microsoft Intune and Win32-app deployment

To install the app, a few more steps are required from your side. You’ll first need to create a package that Intune can distribute for you.

To do this, download the Power BI desktop installation file and save it in a folder called “PowerBI”. Before continuing, create an empty folder named “PowerBIApp”. You can find the download here: https://powerbi.microsoft.com/en-us/desktop/

Interestingly enough if you choose the “Download” option you’ll actually be sent to the Store version, which points to which version Microsoft thinks that we should choose. So, to find the MSI file we need to choose the “Advanced Download Options”.

Download the Intune App Packaging tool from GitHub and extract the .ZIP file. https://github.com/Microsoft/Intune-Win32-App-Packaging-Tool

Open a PowerShell prompt as administrator on your machine and run the Intune packaging tool.

You’ll be asked for three things by the packaging tool:

  1. The full path to the “PowerBI” folder where you saved the installation file, aka “Source Folder”. C:\Users\<Username>\Downloads\PowerBI as an example.
  2. The full path to the installation file, aka “Setup File”. C:\Users\<Username>\Downloads\PowerBI\PowerBI.msi as an example.
  3. The full path to the output folder where the package will be created, aka “Output Folder”. C:\Users\<Username>\Downloads\PowerBIApp as an example.

When you have entered this information, the tool will compress the package and the output will be in the form of a .intunewin file.

Now, its time to head back to Intune and add a new app. In the Client Apps section, select add and choose to add a “Windows app (Win32)”.

Select your newly created app package and upload it to Intune.

Next, you are required to enter a suitable name, description and Publisher. Ensure that you make it clear if this deployment is intended for 32-bit or 64-bit (if you are thinking about the 32-bit one, we need to have a discussion) and which language you are installing.

In this case, and usually when we base our package on an MSI-file the installation and uninstallation commands will populate by themselves. However, due to how the Power BI Desktop MSI file is designed we need to change the original command line to the following:

msiexec /I PBIDesktop_x64.msi ACCEPT_EULA=1

Intune will then add ” /qn ALLUSERS=1” to the command line to complete it.

In the next step you must configure which requirements that needs to be fulfilled for the installation to take place. We will only configure x64 and a later version of Windows 10, but you are also able to add requirements on disk space, RAM, number of CPUs and CPU speed if you’d like.

To ensure that the installation is successful, Intune requires you to specify a detection rule. The detection rule could be a file, a registry setting or anything else that will tell Intune that everything is as it should be. The good thing about using an MSI in this case is that the MSI will tattoo a unique value for that file to the MSI, a GUID, which we can use to verify the installation. You can use this by selecting to manually configure a detection rule and add an MSI rule. This will auto-populate for you.

We could, if we would like to add custom return codes as well as tags (often used for Role Based Access Control RBAC), but for this time we can leave them.

When you then press add the package will start the upload to Intune, encrypting it on the way. Once the upload is done, we will then open the app and assign it to our users.

We do this in the exact same way as we did with the app-version of Power BI. Select a group and choose how it should be installed. The user experience is however a bit different form the app.

After the assignment, it can take a while for the devices to retrieve the instructions to install the app, but after a while it will start to download and install without requiring the user to interact with in (in the case of a required deployment).

Done!

Managing Power BI with Microsoft Intune

So, you have deployed your new apps to your machines and the next update gets out. What do you do?

For the app from Microsoft Store for Business, you don’t need to do anything. This will handle the upgrades itself as soon as the new version is available.

For the Win32 app, you need to do some more hands on work. You’ll need to create a new package for the new version and create new a new app in Intune. Before deploying the new version, you need to remove the assignment of the previous version, because when the update is installed the GUID will change and therefore trigger a new installation of the old one and so on…

So, the steps in short:

  1. Create a new package for the new version and upload it as a new app to Intune.
  2. Remove the assignment of the old version. You could create a “Pilot” group and exclude that from the assignment as well, but that’s another story.
  3. Create a new assignment for the new version and let the MSI take care of the update itself.
  4. Done!

You could automate a lot of this with PowerShell, but that’s for another time

Wrap Up

As a wrap up, your first and most important choice is to choose how to install Power BI. What do you value most? Less work or more control? There is nothing that says that you couldn’t even combine these two, its just a matter of controlling the Azure AD groups. The users will be very confused to see two different Power BI apps on their machines.

Next, is this something you as the Power BI administrator should do, or do you have a client management team that could help you out? It depends of course, but this guide will help you to get started if you need (or want) to do it yourself.

If you have any questions regarding this, let me know and ill do my best to help you out!

Don’t forget to follow me on Twitter @Bindertech as well as the #KneeDeepinTech hashtag for more great Microsoft 365 content!

Want to listen to perhaps the most bizarre Microsoft focused podcast out there? Ensure to subscribe to Knee Deep in Tech on Spotify or where you usually find podcasts!