The “complete” guide to Windows Store for Business

First of all, the headline. I’m fully aware that this post may not be “complete”. I’m also aware of the nearly impossible task of writing about a cloud service in a way that makes the post complete. The development of cloud services, especially from Microsoft, is always ongoing and in a pace that could be hard to keep up with. So, see this is a post that will give you a good start with Windows Store for Business – more posts will follow when new features or ways of using it gets released. And I will update this post with references to the post ill publish later.

A store with three personalities

The Windows Store are available in basically three different flavors. The retail (personal – using Microsoft Accounts) and the Windows Store for Business. The last one could be used either online or offline – to suit most needs. You can of course combine these scenarios to.

You access the Windows Store for Business portal using:

Note that Windows Store for Business isn’t currently available in all markets, you’ll find a complete list of the markets here: and also at the bottom of the Store for Business page.

Before you can start using Windows Store for Business you need to sign-up using an administrative account in your Azure AD/Office 365 environment.


If you don’t have an Azure AD account, you can create one in Office 365 from the portal. As soon as you are registered and Windows Store for Business is added to your account, you can login and start exploring the portal. But first you need to accept a Terms of Use agreement. (Updated as of 31 mars 2016). Noting out of the ordinary here, but be aware that you need to provide payment details and that prices are excluding taxes. More on this in a later post.


The portal

Below you’ll find a reference to the different menu options in the portal.


  • Inventory
    Under Inventory you’ll find information on all managed apps, regardless of their state. You can view license information, revoke licenses, view which user has the app installed, download it if you want to use it in the Offline-scenario etc.
  • New LOB apps
    You may add publishers/developers inside or outside your organization to publish LOB (Line of Business) apps directly to you Windows Store for Business, to use either Offline or Online in the Private Catalog. From “New LOB apps” you’ll see new apps or versions that has been added to you own portal.


  • Account information
    Information of your connected Azure subscription. Language depends on your OS-settings.
  • Device Guard signing
    From this menu you are able to sign and manage your apps for use with Device Guard.
  • LOB publishers
    You can invite developers to publish apps directly to your Windows Store for Business – this is especially useful if you have developed applications for in-house use only (LOB-apps). You invite developers using their Dev Center email address.
  • Management tools
    You can add one management tool at the time to your Windows Store for Business. At the time for writing only Configuration Manager and Intune are supported.
  • Offline licensing
    Offline licensing is currently limited to a single setting – to show or not to show offline licensed apps in the Store.
  • Permissions
    You can delegate the management of your store to different users. You add them using this menu and assign different rights depending on their use of the portal.
  • Private store
    Currently only one setting. The ability to change the name of your Private Store/Catalog. As default the name will be the same as your Azure Active Directory, but here you may change it to something more user-friendly.


Under Support you’ll find useful links to different support resources, as well as contact information to Microsoft and Store for Business support.

Using Windows Store for Business – Online

This is probably the most common scenario and what most of us, including me, expected and requested. In short, this scenario creates a private part (Private Store) in the regular Windows Store app. This part of the store is only available using Azure AD accounts and will only show the apps you have chosen for your users. This will enable you to highlight apps for your users, use the Windows Store without Microsoft accounts (more on that later on), and volume purchase apps and distribute their licenses to the end-users.

Working with apps – Online

When you choose an app, you get to choice of either to add it to your Private Store, assign it to people or distribute later.


If you add it to your Private Store, the app will be visible to users in the Store-app, when logged on with an Azure AD account. When in the Private Store, its visible to all users in your Azure AD.

Assign to people does not install the app, for this you need to use Intune or some other kind of management solution. Assign basically means that you assign a license to the user. In the case of a payable app, this enables the user to install it without entering any payment details.

Also note that, at the time of writing, only free apps are available in Windows Store for Business. On a later stage, we will get payed apps and also support for several different payment methods.

Distribute later is only used for administrative purposes – think of it as a to-do list. You put an app here for distribution or assignment on a later stage.


With the latest Intune release (Mars 2016) Microsoft introduced the possibility to sync apps from the Business Store to Intune. A good overview of this feature can be found here:

and I would also recommend taking a look at this post from Jan Ketil Skanke for a nice step-by-step guide:

End-user experience

First of all, it’s important to understand the different ways you can manage and use different kinds of accounts in Windows 10. Below you have the, probably, most common scenarios:

  • AD Joined computer and local, synchronized user.
    The computer is joined to a local AD and the user logs on using their ordinary username and password. The user accounts are synchronized to Azure AD but are not connected to the local accounts.
  • Workgroup computer and local logon. Probably most common in Education, a workgroup computer with a local account setup by the user and used to logon. This could be connected to a Microsoft account.
  • Azure AD Joined computer and cloud (or synchronized) user.
    The computer is Azure AD joined and the user uses his or hers Azure AD (Office 365 etc) account to logon to the computer.

When a user in the two first scenarios open the Store app, everything will look as it does out of the box. From here you have two choices. If you try to install an app from here, you’ll get prompted to add a Microsoft Account (a private account, for example, etc). When the Store GUI is enable there are currently no way to prevent the users to add their own Microsoft account here. I’m currently working on a solution to this and I will write about it in later post.

To start using Windows Store for Business you instead need to press the small “Add Account” button just to the left of the search box.


When the user does that, they’ll have the option below.

Even here they are able to add a Microsoft account, but also an Azure AD account (work or school account). It could be cloud-born or synchronized.


The experience when adding the account should be familiar to the user, it’s pretty straight forward. The only thing to be perfectly aware of is the screen below that will pop-up after authentication.


You are asked to add this account to Windows. This will in fact Azure AD Join the device and therefore, if configured, add the device to Intune as a result. Also, the language above will be based on the location of the device. So if the device is (based on IP) located in Sweden, the above screen – regardless of the user’s language or nationality in Azure AD – will be in Swedish.


If you press Yes, the device will be managed and the account could be used for other services in the OS.


If you press Skip, the account will only be used in the Store. This is probably the most common scenario. You are able to manage who may Azure AD Join a device from the Azure portal.

When the account is authenticated, the private store will be visible in the Store GUI. This should in most cases be instant.


In the private store, the Azure AD account added will be used to install the apps.

In the last scenario (Azure AD Joined device), the user will logon to the device using their Azure AD Account. When they open the Store the first time, the authentication will take place instantly and the Private Store should be visible from the start. This will not prevent the use of Microsoft account, and if the user tries to install an app from the retail store, the experience will be the same as in the previous scenarios.

Using Windows Store for Business – offline

For organizations that for any reason can’t use cloud services (or more commonly, not synchronize user objects to the cloud) Microsoft have added features to make the Store-apps available offline. This scenario will in most cases include System Center Configuration Manager as the distribution engine but – as I will discuss in a later post – you could use for example Powershell or Provisioning Packs to distribute the apps offline. The biggest advantage with the approach is that IT are in 100% control of the apps and are able to disable the Windows Store.

In yet another blogpost I’ll walk you through how to work with the Store GUI and the combination of Azure AD, Local AD and Microsoft accounts.

Quick walkthrough of offline licensed apps

Not all apps are, or will, be available to use in the Offline scenario. It’s up to each developer to decide if the app should be available for offline use of this. The reason for this is that when the app is licensed offline, the developer loses control of the app. In the online scenario, the Windows Store for business will be in control of the licensing and it won’t be possible to install more apps than you’ve payed for.



When you browse the Windows Store for Business portal and open a app you will see the licensing options: Either Online or both Online and Offline. In the second scenario (both Online and Offline) you will be able to download the app, its meta data and its license file. You can distribute an app both online and offline if required. In that case, you’ll see the app two times in the inventory. When you have downloaded the required file (depending on how you would like to distribute the app) you can install in with the management tool of your choice.


Using Windows Store – Retail

Last but not least we have the regular store that’s been around for a while now. In this Store you authenticate using your personal Microsoft account. Ill discuss this in more detail in a later post. But you as an admin basically only have one way of managing this Store, either turn it off or leave it be. This can be done in different ways, but as of Windows 10 version 1511 you are only able to turn of the Store completely in the Enterprise Editions of Windows.

Wrapping up for this time

This is, as I started off with, the first of a series of post on Windows Store for Business. I will update this post on a regular basis with references to my own and others blogposts on the matter to try to give a good start with Windows Store for Business. If there is something in particular you would like me to cover, please let me know!

As a Solution Architect, Simon inspires customers, partners and colleagues to create the best possible workplace for their users. His main focus is the Windows platform – but todays workplace consists of so much more than that. As an MCT he is passionate about teaching and sharing knowledge. He’s a frequent speaker, blogger and podcaster – as well as a penguin fanatic.

Posted in ConfigMgr, Intune, Microsoft, The Basics, Windows 10, Windows Store for Business
3 comments on “The “complete” guide to Windows Store for Business
  1. Roland says:


    nice blog entry!

    When I only (for now) would use offline usage (with ConfigManager),what kind of azure subscription would I need?
    We have nothing yet done with Azure and that would be the only reason so far to start with it.

    So, a brand new subscription.
    When I create the subscription should I use my own (personal company mail) account or rather a generic one to connect the store with ConfigManager?

    thanks, roland

    • bindertech says:

      Hi Roland and sorry for the slow reply. Great to hear that your are getting started! I recommend that you use a generic account when signing up. You will then be able to verify your own (corporate) domain and create a user with a your corporate domain and naming convention. It will also, if you at any point would like to, be a good way to start using other Azure services. If you would like any additional recommendations, please let me know!

  2. […] touch on Windows Store for Business, or in this case Microsoft Store for Education. You can read my, now old, post on Windows Store for Business to get a bit more background – but ill write a new, updated, […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

I’m speaking!
I’m going!
Follow me on Twitter!
%d bloggers like this: