How to Configure Microsoft Store for Business (MSFB) - MECM
In this post let's see the process of MECM sync with Microsoft Store for Business (MSFB). MSFB gives IT decision makers and administration in business or school a flexible way to find, acquire, manage and distribute free and paid to Windows 10 devices.
Once MSFB is integrated with MECM, don't need to create store applications manually.
Configmgr Infrastructure Admin access is required.
Administrator account needed to integrate MSFB with MECM.
End users need an Azure AD account when they access content from MSFB
Proxy Configuration requirements for MSFB
Devices must be Azure AD Registered or Joined.
Azure AD Global Admin access to create applications to connect Configmgr site to Azure AD and MSFB.
Registration Server App
Let's register Server App for MSFB Azure Active Directory --> App Registration --> click on New registration to create a New Server App
Provide the App Name and select "Accounts in this organizational directory only (Default Directory)" and click on Register
Make a note of the newly registered Server App Display Name and Application (client) ID
Need to provide the authentication for the newly created Server App and leave it to default
Let's create a secret Certificate. Expiry has to be 1 or 2 years.
Once click on ADD and Immediately make a note of Secret Key and Expiry date. If you move away from the screen you won't be able to get the same secret key again and need to generate a new secret.
Let's modify the Microsoft Graph API Permission from User.Read to Directory.Read.all click on Microsoft Graph to enumerate a list of API permission. Select Application Permission and under directory, select Directory.Read.All and unselect User.Read under User.
Let' set Application ID URI (Azure Active Directory ->MECMTechie-Server App -> Expose API). Select Add a Scope
Provide App ID URI and provide Scope name: user_impersonation and who can consent as Admins and users and provide the meaning full text and click on Add Scope.
Make a note of App ID URI
Configmgr Settings to connect Microsoft Store for business (MSFB)
Open the MECM Console and navigate to Administration --> Cloud Services --> Azure Services --> Click on Configure Azure Services.
Enter the name of Azure Services --> select the option Microsoft Store for Business and click on Next.
Click on Browse either to import or create Azure Application and Selected to Import option to import Azure application and provide all required fields and select OK.
Enter Username & Password to create Azure AD App for MSFB and you can see Azure Web application App name and click on Next button to continue.
Enter the source file location for Microsoft Store for Business App content storage and select language to display and click on Next to continue
Click Next and close Summary page.
Microsoft Store for Business Configuration
Let's login to Microsoft Store for Bussiness.
Login to MSFB with Azure AD account https://businessstore.microsoft.com/
Navigate to Manage --> Settings --> Distribute
Move to the Management Tool section and click on Add Management Tool
Search for the Management Tool by name in the search box and click on Add.
Click on Activate button and we can see the management tool as Activated.
Sync from Microsoft store for business
We have connected MSFB with SCCM and let's try to sync the store.
Navigate Administration\Overview\Cloud Services\Azure Services
Choose the Azure Service that you have created for MSFB
Click on Sync From Microsoft store Business and make sure Sync is successful
Note:- There is no custom sync for MSFB and SCCM and synchronization occurs every 24 hours
Navigate to Software Library\Application Mangement\License Information for store Apps
As you can see all applications are available in the License Information for Store Apps.
WSFBSyncWorker.log -- > Records information about the communication with the cloud service.
SMS_CloudConnection.log --> If WSFBSyncworker service isn't started or repeatedly starts and stops.
BusinessAppProcessWorker.log--> Insert the metadata information synced by the BusinessAppProcessWorker component into the database.