App Install/Update Wizard for UAM on Images

One of the responsibilities of any one managing AVD is to patch Golden Images, not only the OS but applications. Before UAM it could be scripted using a multitude of ways and tools to update or install an app. With the introduction of UAM it gives another method built into NMM to decouple the App install/updates from the base image and moves it to the host creation phase or the image creation phase. 

What I am proposing is a wizard that could look at the installed applications on a host pool, since this is already captured for fslogix app rule sets, and could help create UAM app deployments based on the list of installed apps to ensure all applications are either updated or installed with the option to define if it is done at the clone image, the source image or at host creation. As some apps are always apart of the source image and need patched there (windows Store apps, office, .net), while others can be deployed on the clone image during image creation or during host creation. The wizard would be able to determine the applications installed, and what underlying Image the pool is using so it knows what to apply the UAM app install/updates to. It could help add the apps to the Unified catalog if not already added, and then apply them to the customer account. It could create the Deployment policies if being applied to the Host Pool. It could check the image for a scheduled task and add to it the App Management and apply the apps needed, or it could create the scheduled task.  This would ensure in a very easy way that all applications are being patched and allows us to move into using UAM in an easy automated way, rather than manually assessing every image and building UAM deployments.

I am going to go a little further, which I know would be a separate request but, im gonna add it here anyways. I would also love to see an assessment of an image that would show all apps installed on the image and then if those apps are up to date or not. winget allows you to get a list of all applications it sees on a windows machine and then identifies any that needs updating, bring that functionality to NMM so you could look at a image and see a list of apps and status and then could choose an action from there to update the apps, including being able to schedule or trigger it with an image creation task. This would be my preferred method of implementing UAM for existing images to help us ensure applications are being patched that exist on the Golden Image.

0

Comments (3 comments)

Avatar
Dave Stephenson

Cool idea!
Utilize the WinGet list command to identify all the software installed and then patch it, if there's a package available.
Or, like you said, feed a list of identified apps (from FSLogix) and then patch them,
The difficult parts (in my mind) are the explicit app assignments in UAM and how to handle Personal Desktops.

App Assignments
If there's an app on a host that hasn't been "approved" or "assigned" to the Account, does it trigger an automatic approval to get the app assigned to the account?

Personal Desktops
If someone has admin rights on their personal desktop, and installs something that's not approved in UAM (for a good reason), do we want to patch it anyway or if it's not an "approved" app, it's automatically removed?

 

For your second ask (which I see as an extension of the "first" so not really separate 😂) it sounds like you're wanting an image health check (kind of like the Image Validation feature) where you could scan the image during capture (or possibly during VM creation 💭?) that updates/removes applications based on your UAM Deployment Policies and then prompts for action on applications it doesn't have a policy for.
Is that close to what you're wanting or am I just completely off in left field?

 

 

0
Avatar
Brian Stetson

Dave Stephenson, you bring up good questions. If your running the wizard the app assignment can prompt you to approve approval and assignment to the account as a step. The Personal desktops, you provide some good insight, and both of your points could be implemented, provide a policy to auto update if discovered so that any application is up to date that is in the repo, or removal of any unapproved app. Though then you start to wonder is this getting into Intune management and would it be better served there? But I love that idea.
The second ask I see it much like the current ability to see installed apps on a host pool, there could be the ability on an image to select installed apps where it did an assessment utilizing the winget list, and then it can show installed apps, current version, latest version and if there is a corresponding UAM policy. Then it could provide the ability to select multiple or single apps by radial button and could uninstall or update those apps using winget. 

0
Avatar
Dave Stephenson

Thank, Brian.
I tend to navigate to clarifying questions (probably from years of Root Cause Analysis🤣) just to help me understand the "Ask" or the "Why" better.

You're right that we're toeing the line between UAM and Intune with these new features, but it feels like a good direction to go.
Both UAM and Intune have their limitations, but maybe a hybrid of the two will work in this situation? 🤷

What you're asking for with the desktop images is definitely a possibility (you could probably do that fairly easily right now with a scripted action), but adding a check-box to the Set as Image wizard would do what you're wanting without needing to use a scripted action to do it.


The tricky part would be doing the scan before the Set as Image task so you can get that list of applications and being able to select which ones you want to keep up to date or need to keep on a specific version. Maybe we could add a task to the action menu to scan for installed apps and then present it as a list/wizard you could expand in the Set as Image task? 🤔
There's definitely a lot to consider when implementing these features.

It'll be interesting to see what other partners insights/perspectives are on this topic. 🙂

0

Please sign in to leave a comment.