edwin
edwin

How to distribute paid app licenses using Hexnode UEM

edwin edwin

Oct 1, 2021

14 min read

Distributing paid apps have always been a pain for IT admins. More so now that people are moving towards a work environment with absolutely no network boundaries. Assigning the right apps to the right users, managing permissions, it already seems like a nightmare. But little do they know they still haven’t come to face with the chief villain. The final boss. The big question. “How will IT admins distribute paid app licenses to all their users?”

Didn’t think about that? Well, your paid apps are pretty much useless if you haven’t figured out a way to distribute app licenses or activation codes to your users. And if you’re thinking about sending them the good ol’ way via email, well, the 1990s called, they said they want their idea back.

But seriously, it’s 2021! There are way safer and better alternatives to distribute your users’ app licenses. And what’s more, you can even activate licenses without your users ever getting to see or know the code. Such a feat can be achieved by employing the assistance of a Unified Endpoint Management solution.

Well, without further ado, let’s take a look at some popular business apps, and see how you can securely distribute their licenses to your users, using a UEM.

How to distribute Microsoft Office licenses using Hexnode UEM

I’m sure we’re all pretty familiar with Microsoft Office. It’s the OG legend of desktop productivity apps that’s been here for three decades and shows no signs of slowing down. Since the early ages of desktop PCs, MS Office has been a dominant model in delivering modern, office-related, document-handling software environments.

However, when it comes to handling licenses, Microsoft stays true to its name of overly complicating things up. There are a multitude of methods and processes at their disposal when it comes to distributing Microsoft Office licenses. And trust me, if you don’t have a proper guide to help you wade through their swamp of documentation, you’re gonna drown (personal experience talking).

Know the difference between Microsoft 365 (formerly Office 365), and Microsoft Office (volume license)

User working on a paid app
User working on a paid app
 

Alright, before we move on, let’s get this straight. Microsoft 365 and Microsoft Office are not the same software.

Microsoft 365 (formerly Office 365) is a Software as a Service (SaaS) offering that consolidates the popular Microsoft Office applications, including Outlook, Word, PowerPoint, Excel, and OneNote, along with other Microsoft application services, all of which are enabled from within their Azure cloud platform. On the other hand, Microsoft Office (volume licensing) refers to the software offered by Microsoft for organizations that require multiple licenses, without depending on the cloud.

There are several distinct differences in features and use cases – not to mention licensing procedures – between these products. Let’s take a look at them.

  Microsoft 365 (formerly Office 365)  Microsoft Office (volume license) 
Included apps  Outlook, Word, PowerPoint, Excel, OneNote + additional Microsoft 365 apps (depending on the plan you purchased)  Outlook, Word, PowerPoint, Excel, OneNote 
Licensing  Licenses are assigned and activated from the Microsoft 365 portal  Licenses are assigned and activated using product keys 
Licenses are assigned before the end-user installs the software  Licenses are assigned after the end-user installs the software 
Features and updates  Receives the latest features, along with security updates and bug fixes  Receives security updates and bug fixes only 
Provides access to collaboration tools  Does not include collaboration tools 
Allows integration with OneDrive, Office Online, Microsoft Teams, and more  Does not include integrations 
Use cases  When businesses require collaboration   When businesses require shared devices. (Labs, offices) 
When devices are assigned to a single user  When one device is accessed by many users 
When devices have 24/7 access to the internet  When devices do not have 24/7 access to the internet 

If your company has purchased Microsoft 365 apps and services for its users, you can assign and activate the licenses straight from your company’s Microsoft 365 portal. You do not need to activate licenses via product keys.

Depending on your plan, you can also use group-based licensing with Azure AD. However, if you do not like these methods, there are also other ways to activate licenses for Microsoft 365 apps, which I shall briefly mention here.

Using Office Deployment Tool (ODT)

The Office Deployment Tool (ODT) is a command-line tool that you can use to download and deploy Microsoft 365 Apps to your required devices. The ODT gives you more control over the installation, including defining which products and languages are installed, how the device should update those products, and whether or not to perform a silent installation of these products. Here is a gist of the steps involved.

  • Step 1: Download ODT from Microsoft Download Center
  • Step 2: Edit the configuration file
  • Step 3: Use command-line tools to download, install, and configure the software

Using PowerShell commands

Yep. You can Assign Microsoft 365 licenses to user accounts using PowerShell commands. Again, a brief gist of the steps.

  • Step 1: Connect to Microsoft 365 tenant using commands
  • Step 2: List the license plans for your tenant using commands
  • Step 3: Get the sign-in name of the account to which you want to add a license, also known as the user principal name (UPN)
  • Step 4: Ensure that the user account has a usage location assigned. If there is no usage location assigned, assign one using commands
  • Step 5: Finally, specify the user sign-in name and license plan name and run the required commands

Assign licenses using Microsoft’s Volume Licensing Service Center

The Volume Licensing Service Center (VLSC) is an online portal where organizations can manage and assign Microsoft Office licenses purchased via the volume licensing programs, to your users and devices.

Microsoft Volume Licensing Service Center (VLSC) login page
Microsoft Volume Licensing Service Center (VLSC) login page
 

The Volume Licensing Service Center (VLSC) gives you easy access to:

  • Download your Microsoft products and their keys
  • Access and manage all of your volume licensing information
  • View your relationship summary and license summary details
  • Review the status of your enrollments
  • Activate and consume Software Assurance Benefits

So, how do you distribute paid app licenses using VLSC? Well, the first step is to register and sign up for VLSC. Then, you must purchase the required Microsoft Office products and their licenses.

“It is important to note that Microsoft Office products purchased and downloaded from the VLSC are volume licensed. The below-mentioned procedures will work only on volume-licensed products. In the case of retail/Cloud versions of Microsoft Office, the following methods are not applicable.”

Once you’ve purchased the required Microsoft Office products from VLSC, you must download the installation package and upload it to your Hexnode app inventory after converting it to a .msi/.pkg format. Next, deploy the volume licensed Microsoft Office products to your required devices. Once you’ve done that, you can move on to the next step.

Your available licenses will be displayed at Licenses > Relationship Summary > Licensing ID > Product Keys. Now, the method for distributing the product keys to your devices is different on a Mac and a Windows device.

For Mac

For macOS devices, The Volume License (VL) Serializer is a tool used to activate Office 2019 as a volume licensed version. It’s an approximately 4 MB package file that you can run on a user’s computer, either before or after you’ve installed the necessary Office apps. The VL Serializer package contains a binary executable named “Microsoft Office Setup Assistant,” that activates the volume license.

To download and run the VL Serializer, follow the below-mentioned steps:

  • Sign in to the Volume Licensing Service Center (VLSC), and navigate to the Download and Keys tab.
  • Search for your required software, and select the download link in the results panel, and click on Continue.
  • Next, select the icon to download the VL Serializer .iso file.
  • Once the download is complete, mount the .iso file to extract the VL Serializer package file.
  • Then, upload the package file in the Hexnode app inventory, and deploy (and run) the file to each device you want to activate Office (as a volume licensed version).
  • The license is then automatically validated

For Windows

In the case of Windows devices, things get a little bit more complicated. There are two different models for completing volume activations on Windows devices.

  • Key Management Service (KMS) allows organizations to activate systems within their own network. However, this method requires your systems to be connected to the same network.

I know, an instant deal-breaker for many businesses. That’s why we recommend going for the MAK.

  • Multiple Activation Key (MAK) activates systems on a one-time basis, using Microsoft’s hosted activation services. It is similar to the product key you usually receive with the retail versions. So, the difference? A retail license lets you install the software on one computer. A volume license like MAK lets you install the software on as many devices as you want, with just one product key. To obtain the MAK, sign into the VLSC , and select Licenses > Relationship Summary > Licensing ID > Product Keys.

Now, once you’ve obtained the Multiple Activation Key, Go to your company’s Hexnode portal. From the Manage tab, select the necessary Windows devices where the Microsoft Office software has been installed, and push the following script to activate the product key for your users (replace XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with the MAK you obtained from the VLSC).

Now, in case you need to remove an assigned license from a device, push the following script. 

How to distribute CrowdStrike Endpoint Security licenses using Hexnode UEM 

CrowdStrike is a leader in cloud-delivered, next-generation services for endpoint protection, threat intelligence, and response. 

CrowdStrike Falcon login page
CrowdStrike Falcon login page
 

The CrowdStrike Falcon is a cloud-managed, agent-based sensor that unifies next-generation antivirus (NGAV), endpoint detection and response (EDR), cyber threat intelligence, managed threat hunting capabilities and security hygiene — all together in a single, lightweight sensor that takes up less than 5 MB of the device storage. 

The process of deploying the CrowdStrike Falcon Sensor and assigning its licenses to your users varies depending on whether they are using a Windows or macOS device. 

For Mac 

The CrowdStrike Falcon Sensor is supported on macOS High Sierra (10.13) or above. For macOS devices, before installing the CrowdStrike Falcon Sensor on your users’ device, you must first push a Kernel Extension policy and a Privacy Preferences Policy Control (PPPC) payload to the macOS device. You can do this by navigating to Policies > macOS, from the Hexnode portal, and configuring the Kernel Extensions, and PPPC tabs with the below-mentioned configurations. 

  • Kernel Extension Team ID: X9E956P446 
  • Privacy Preferences Policy Control (PPPC) payload: Grant full disk access to /Library/CS/falcond 

Once you’ve configured the policy, you must push it to the necessary macOS devices. 

Next, you must log in to your company’s CrowdStrike portal, and download the sensor installer from Hosts > Sensor Downloads (It is recommended to use the Chrome browser). This page consists of the latest available sensor versions. Once you’ve identified the correct sensor version for your OS, click on the download link to the right. Now, at the top of the downloads page is a Customer ID. Remember to copy this value as it will be required later in the install process. 

Once the download is complete, you will be left with a .pkg file. You must upload this .pkg file to your company’s Hexnode app inventory, after which you must deploy the CrowdStrike Falcon Sensor app to the necessary devices. 

Next, comes the step to activate the license for your CrowdStrike Falcon Sensor App. Open your company’s Hexnode portal, and push the following script to the required macOS devices. 

Here’s an example:

Where A43190DDA81403RANd-91 is the Customer ID, and A313G7326 is the install token.

To confirm that the sensor is running, run this command at a terminal:

The output shows a list of details about the sensor, including its agent ID (AID), version, customer ID, and more.

For Windows

For Windows devices, you must first check the supported operating systems. Then, log in to your company’s CrowdStrike portal, and identify the sensor installer for your OS and version from Hosts > Sensors > Downloads. (It is recommended to use the Chrome browser)

Next, you must consult with the CrowdStrike support team and request them to provide you with the .msi installer file for their app, which is compatible for deployment purposes (the default installer is not feasible for deployment purposes). Once you’ve downloaded the correct installer and obtained the Customer ID linked to the downloaded installer, you must upload the .msi installation package to your company’s Hexnode app inventory, after which you can deploy the CrowdStrike Falcon Sensor app to the necessary devices from the Hexnode portal.

Next, comes the step to activate the license for your CrowdStrike Falcon Sensor app. Open your company’s Hexnode portal, and push the following script to the required Windows devices. 

Where, you must enter your Customer ID in the specified field.

To verify that the CrowdStrike sensor is running, push the following script

The output must show that the “STATE” is “RUNNING”.

How to distribute Lookout Mobile Endpoint Security licenses using Hexnode UEM

Lookout Mobile Endpoint Security (MES) login page
Lookout Mobile Endpoint Security (MES) login page
 

Lookout is a mobile endpoint security solution that provides powerful mobile threat detection and analytic capabilities, anti-malware, data backup and remote management capabilities to help protect organizations from phishing and a range of potential attacks across apps, devices and the network. Lookout currently deploys the ‘Lookout for Work’ app on Android and iOS devices. Deploying licenses for the Lookout for Work app can be made an easy process using Hexnode UEM. Let’s check out how. 

The first step would be to subscribe to the Lookout Mobile Endpoint Security solution and set up your company’s portal. Then, upload the Lookout for Work app to the Hexnode app inventory (this app is available on the Google Play Store and the Apple App Store). The next few steps may vary depending on the user’s mobile OS.

For Android

In the case of Android devices, add the app to the list of approved Android Enterprise apps on the Hexnode portal. Then, from the portal, go to Policies > Android > App Configuration, and select the Lookout for Work app. Along with the other required configurations, enter the Global Enrollment Code. 

The necessary configurations are as follows: (use wildcards to populate the fields) 

  • MDM Name: HEXNODE 
  • Identification: %udid% 
  • Email: %email% 
  • Global Enrollment Code:  

You can obtain the Global Enrollment Code from your Lookout MES Console System by navigating to, Account > Global Enrollment Code page.

For iOS

In the case of iOS devices, go to the Apps tab and select the Lookout for Work app. Download a sample configuration profile. Edit the configuration profile with the elements given below (configuration files support the use of wildcards), and add Global Enrollment Code. Then, upload the configuration file to the Lookout for Work iOS app.

The xml file will be as follows: (use wildcards to populate the fields) 

Now, deploy the Lookout for Work app to your required devices. The activation codes will be automatically validated.

The final note

Employee working on a paid company software
Employee working on a paid company software
 

There exist thousands of premium business apps, including productivity suites, security software, and collaboration tools in today’s corporate world. However, it’s quite impossible to cover managing and deploying licenses for all of these apps. With that being said, if you wish to learn more about deploying apps and app licenses to your organization, or have queries regarding deploying specific apps and their licenses related to your business, drop over at Hexnode and say hi!

Share
  •  
  •  
  •  
  •  
  •  
edwin edwin

Seeking what's there lurking over the horizon.

Share your thoughts