Digital Experience, SCCM

Email application approval in MECM – Key takeaways

Hello friends, hope this post finds you in good health and spirit. I am writing this post regarding email approval for application deployment in Configuration Manager. This feature was first introduced in SCCM 1810. I will try to help you understand it from practical perspective and add key takeaways at the end for implementation consideration. So, lets start.

What is email approval?

There is an option in Configuration Manager ( I would refer it as CM ) to seek for admin approval before deployment of applications. Users request the application in Software Center, and then admin can review the request in the console to either approve or deny the request. Pretty straight forward…

However in today’s world when all the approvals from leave, to ticket or accommodation are coming on mails for manager approval, isn’t its great to have similar flexibility for CM applications. Delightful experience for managers and admins 🙂

This feature was available with few 3rd party applications integration as 1E shopping but now its inherently available in CM.

How to Configure ?

  1. Turn on “Approve application request for users per device” feature from Administration>Overview>Updates and Servicing>Features.

2. Configure “Email Notification” from Monitoring>Overview>Alerts>Subscriptions>Configure Email Notification.

Note: For M365 use these settings:

a. SMTP Server – smto.office365.com

b. Port – 587

3. Now we are ready to deploy application. While you deploy any application please keep these settings:

a. Collection – User Collection

b. Purpose – Available

c. Setting – An administrator must approve a request for this application on the device

Enter email of approvers and any of them can approve the application.

4. Now user would get option to request the application from software center.

5. This will trigger mail for approvers to approve

Few key takeaways

  1. It supports approval from internet using CMG. Detailed pre-requisites listed here:https://learn.microsoft.com/en-us/mem/configmgr/apps/deploy-use/app-approval#to-take-action-from-internet
  2. Name of the requester comes from “name” field in the Active Directory user object based on the discovered user information from Active Directory or Azure Active Directory
  3. If notification is sent to multiple approvers and one has approved it, other can’t deny the request
  4. The requests have lifetime of 30 days. Its removed if not approved within this timeline
  5. Once approved, application is installed automatically on user device
  6.  If the user uninstalls the app, or if the initial install process fails, CM doesn’t reevaluate its state and reinstall it.

Isn’t it interesting. Most of the corporates have approval mechanism in-place using ITSM workflows as ServiceNow. So when user requests using service catalog, it goes for approval flow and once approved, application deployment is triggered. But now, you are empowered to do it straight in CM. Enjoy it 🙂

So, that’s all in this blog post. See you soon with some other interesting stuff. Till then, Ta-Ta.

Published by Vinit Pandey

I am Microsoft Certified Trainer ( MCT) with couple of other certifications including MCSE, MCITP and MCTS. My core technologies are Windows Servers and clients, System Center products including MECM, Intune, Systrack, Nexthink, Yellow.AI, PowerShell, Nomad, Tachyon, Shopping, SCOM, SCVMM, Hyper-V, Failover Clustering and Azure. I have done B.Tech in electronics and communication stream. I have total 15+ experience in IT field. Presently, I am working with Larsen and Toubro Infotech as Experience Architect. My job includes transition, transformation and migration activities which we perform for our esteemed clients. Often I need to provide consultancy to my clients in migration and planning projects. I am from Chousa (Buxar) which has a lot of historical significance. In my free time I love to blog and play with Shreya (my daughter) and Tiger ( my pet dog).

Leave a comment