Application approval through software center is not a new thing to the SCCM users, it was there since SCCM 2012R2. A few years back I wrote a detail blog post covering the configurations of the application approval process (here). But with SCCM 1806 to the latest SCCM 1810, it has changed for good and now it looks like a complete end to end feature. With these changes, you can adapt the application request and approval to your organization IT process.
When the Application Approval process introduced with SCCM 2012R2, it was rather simple and there were few loopholes such as when an application request approved, it was approved to any machine user decide to log in. Also, there wasn’t any notification to the admin regarding the application request, or to the user saying, “your application is approved”. I remember those days with SCCM 2012R2, I wrote a small PowerShell script to one of my customers to meet these challenges. From that PowerShell script application approvals are picked up and send the notification to the relevant Admin group, and once the application is approved, an Email notification is forwarded to the application requested user. This is one reason I’m so thrilled to see Microsoft address this in a far better way.
From this post, I’m going to talk about the approved application for a user per device feature and from the next post, I will discuss the latest released of Email notifications feature of Application Approval.
Approve application requests for a user per device -1806 and above
Before this, when a user request approval for an application and when it granted, that application is available in any machine where user login. This is a concern for software applications with device licenses. SCCM 1806 Microsoft introduced a new feature called “Approve application requests for users per device”. With this when admin approves the application request, it is approved for that user and the computer where the user is requesting the app. If the same user logs in from another computer and tries to install the app, that would require a user to request the application again.
Configuring the feature
Login to the SCCM Server and navigate to SCCM Console \Administration\Overview\Updates and Servicing\Features
Right-click the Approve application request for users per device and click Turn on
Click Yes
Deploying an Application
You can use this feature when deploying an application to a user group.
- Deploy the application to a user collection
- Select Require administrator approval if users request this application
- And deploy the application with other default configurations.
User Experience
In this scenario I have a user logged into two computers using the same user ID and the 7Zip app is deployed as Administrator approval required. when the user requests the approval from one computer and installs the app after the approval, the user has to make the request again to install the 7Zip app from the other computer.
7Zip deployed as Require administrator approval
And the approval request will display with the user and the device which make the request.
When a user login to another PC, he still requires the approval to install the 7Zip app. Here you can see two approval requests from two different devices
Hope this post is useful and stay tuned for the next post of Email Notification to Application Approval Process.
Cheers
Asitha De Silva
