How to manage app using Intune

Level 1.5: Cupcake

I want some suggestions on how to manage applications in our workplace. 


We purchased an Android app for our employees to work in the warehouse. The vendor provides two methods of getting the app to our devices. One is to download it directly from the Play Store, and the other is from the vendor's website. When something is broken, the vendor will roll back by uploading the new version of the app to the Play Store if the problem is informed on time. Sometimes, we have to go to the download site to download the previous version to solve the immediate issue due to the time zone difference. 


There, we want to manage the app using Intune. We want to deploy the apk directly to the device using Line Of Business. However, it only works if we enrolled devices using Device Administrator. 


Unfortunately, it is impossible now since Intune has stopped supporting this enrollment type. 


If we use the Play Stores managed private app to upload the apk, it would get an error with the package name. We do not think that the vendor will build different package names for every customer. 

So here is my question: How could we achieve something we achieved in the past and now we cannot?
Intune said it is the change that Google made due to security reasons. 


Any suggestion would be much appreciated!!!



Google Community Manager
Google Community Manager

Hello @King,


Welcome to the Customer Community. I've had a look into this for you.


Device Administrator is considered a bit of a legacy way of managing Android devices. I would recommend that devices be enrolled as Android Enterprise in the EMM at least with a Android Work Profile at a minimum, in order for devices to have some type of communication with Intune and download any applications made available by your Intune console.


Intune allows the admin to manually upload application packages such as apk. Of which, this application package can be acquired by the admin from the vendor or the given site. In the event that the app needs to be rolled back or patched on the Play Store, but is expected to be delayed due to timezone differences for example, you can resort to manually uploading and managing the apk in the Intune consoles app panel.


As an admin, i'd prefer that the vendor patch or update their application on Play Store. With the Play Store you can get a seamless approach in application management, as you will no longer need to worry about the nuances of deploying and updating the application changes manually, everytime there is a change such as patches and rollbacks to the application. But, uploading the package manually to Intune would be your other option and you'd be able to deploy it to the enrolled devices in this regard.


How does this sound to you? Would this work for you? Feel free to add extra context if this doesn't quite work. 


@GMenzies @jarmo_akkanen as you use Intune, wondered if there is anything you would add here (or anyone else using Intune) - thank you?


Thank you,


Welcome to the Community everyone!

Have a question or want to start a conversation, click here.

Level 2.3: Gingerbread

You were on the right track with this comment mate - 


@King wrote:

We do not think that the vendor will build different package names for every customer. 

Yes they will, and do quite often. Is there a commercial aspect to it? Perhaps, but often not if you're already a paying customer. With the unique package name, upload it either to your Google Play iFrame as a private application, or within your own Google Play Console (with a developer account) and set the managed google play options accordingly to keep it private. Which way you go depends on your preference, though if you have a Google Play Console developer account, I'd lean to that as it's not locked to an enterprise ID you might change if moving to another EMM in future.



Level 1.5: Cupcake

Thank you for the response. 


Our case is slightly different. 

The vendor does not provide the apk with a different package name since they have over 1000 customers. Furthermore, every customer uses the app differently. For context, it is the manufacture and warehouse app. The customers might have different ways to do tasks. Therefore, there are customisations and adjustments to suit each customer. 

Every now and then, we could have an issue with the new version. We use Intune to manage the rollout. However, if we enrol the device with Android Enterprise, we cannot upload the rollback on time using private since it has an issue with the package name. 


Our devices are currently enrolled as Device Admin. However, we are concerned about Intune to stop supporting it next year. 


Level 2.3: Gingerbread

1 or a million customers, developers and customers will have to adapt to this alternative method of app management if relying on a platform that cannot distribute APKs. 


It's an outdated and higher-risk method of app distribution in any case, so once transitioned you'll benefit from lower network usage, faster installs, and other benefits of Play.


Your struggles with version update issues can also be quelled with more intentional testing periods and app update management policies that'll allow you to install on test devices and validate before going live to your estate. This same approach can delay updates to periods when your developer is available too for more convenient version iterations.


But ultimately if it's a critical business application they need to work with you to support a custom package name and allow you to manage this end-to-end yourself. It's not difficult, nor high-effort since a bit of scripting can automate as many packages and names as they could want.


Discuss it with them.