Update to Intune integration with the Microsoft Store on Windows

Bryan Keller and Joe_Lurie Hi and thanks for the updated blog post.  I'm still somewhat confused though and I'm looking for a bit of advice/reassurance on all of these changes please.  MSfB offered us the perfect solution for our needs, which I'll explain below, and I'm very very sad to see it go.  From my perspective these changes are just giving me extra work to do, and offering little to no value in return, in fact users are going to have to be trained on the change so I see this as a lose-lose for all concerned, at least in our use case.  But we can't even do that yet, as the replacement solution is still up in the air and "coming soon" despite this all needing to be implemented and users trained before MSfB goes away early next year.  Nightmare.  Anyhow, breathe Ryan. Breathe!

Our scenario: 

Approximately 8,200 endpoints globally, all currently running Windows 10 with a planned rolling migration to Windows 11 starting in Q1 or more likely Q2 next year.  Managed by a combination of Endpoint Configuration Manager (with co management) and Intune.  Self Service app install offered to users via Software Center.  All Cloud Attach workload sliders on Config Manager directed to Intune except for "Client apps" as we have many apps deployed via ConfigMgr that it's not feasible to deploy via Intune, we also use ConfigMgr for device imaging using task sequences.

Our requirement for Store Apps: 

We need to define a curated list of store apps drawn from the public store that our users are allowed to install.  We have about 50-60 apps that have been added to MSfB private store thus far.  These include the language packs used by our global regions to localise their PCs after using our global gold build image for their PCs. 

We want the public store to be blocked to prevent users being able to install games and other non-business related apps.  But, we also need the inbox apps such as calculator, paint, mail, photos, language pack, etc to continue to get automatically updated by the store as they do now.  Users need to be able to self-serve and install the allowed apps themselves without admin rights.

Specific Questions:

• If I'm to understand correctly that Intune is going to be the new home for this functionality, how do I deploy apps from Intune to PCs when the workload slider in Cloud Attach settings is all the way to the ConfigMgr side?  Can I still install from Intune and still maintain all my apps in ConfigMgr with self-service via Software Center?  I was under the impression that only ConfigMgr or Intune could deploy apps to PCs, but not both at the same time.
• If I've read it correctly, the Company Portal app will be needed to surface the same "self service" capability currently provided by the private store within Microsoft Store.  How exactly do I push Company Portal to all my devices and keep it updated?
• If I disable the new store in Windows 11 with group policy to prevent users installing Candy Crush and Need for Speed, will inbox apps continue to get updated as they do now, or is this something else extra I will need to manage going forward?  The worst case scenario is that I have to add all the inbox apps to the new platform too just so they can receive updates.  More work for admins they didn't need, want or ask for.
• MSfB is going away early next year. How is it that we still don't have the replacement toolset yet?  It would cause much less admin headache if you developed the new system first, documented it, and allowed admins to adopt it gradually.  Instead we're all worried and scrambling because functionality we rely on is being withdrawn without any suitable replacement being ready yet, and no clarity whatsoever on what will be involved.