Deploying enterprise apps
Enterprise apps usually fall into one of two categories: apps you deploy to users outside of your company (including customers and business partners), and apps you deploy only to users within your company.
If you want to make your app available to people outside of your company, your best option is to list the app in the Windows Store. In that case, you can follow the regular process for submitting an app.
If you’re writing a proprietary line-of-business app, it’s likely that you want to deploy it yourself within your company—a process called enterprise sideloading. Sideloaded apps do not need to be published to the Windows Store, and they can be developed without using a registered Windows Store developer account.
Note Sideloading can also be used for testing apps during development. For more info, see Developer sideloading Windows Store apps.
Here are the steps you follow to deploy apps through enterprise sideloading.
Before deploying an app within your enterprise, verify that it:
- Meets the base technical expectations that are validated by the Windows App Certification Kit. For information on running the certification kit, see Using the Windows App Certification Kit.
- Meets all guidelines specific to deploying the app within your enterprise. It is important to remember that these apps will not have been certified by Microsoft.
- Is signed by a certification authority that is trusted on your PCs. This certificate does not have to be rooted to a trusted certification authority; it just has to be trusted by your PCs. The Publisher Name in the package manifest must match the Publisher Name in the certificate that is used to sign the app package. Windows trusts many Certificate Authorities without any additional configuration. If the certificate is from one of these already trusted authorities, you don’t need to deploy and manage additional certificates to the targeted PCs. You also can use your company's internal Certificate Authority to sign the app, as long as you ensure that the CA certificate is installed in the Windows images of the targeted PCs.
Note In order to use some features, such as Windows Push Notification Services (WNS), you’ll need to use a Windows Store developer account to reserve a name for your app and then associate your package with the the package identity (package name and publisher name) assigned to your app by the Windows Store. You will need to sign the app with a certificate that matches the publisher name assigned by the Windows Store and which is trusted on your PCs. While app names are released after one year if the app is not published in the Windows Store, the app’s package identity will remain associated with your app, and you can continue to use these features in your app even if you never publish it in the Store.
Windows Server 2012 and Windows 8 Enterprise editions are classified as "enterprise sideloading enabled." This means that the PCs are ready to receive the apps that you deploy outside of the Windows Store. To make sure a PC is ready, verify that:
- The PC is domain joined.
- The group policy is set to Allow trusted apps to install.
If you are deploying apps to Windows 8 Pro, Windows RT, or Windows 8 Enterprise, you can configure them for sideloading apps by:
- Activating the product key for enterprise sideloading on each PC.
- Setting the group policy to Allow trusted apps to install.
You can deploy an app to prepared PCs either by using the Windows image or at run time. Deploying the app via the image makes it available to all existing and future users who access the machine, while deploying at run time makes it available only to the current user.
To deploy the app through the Windows image:
Ensure the Group Policy or registry key to allow all trusted apps has been set. You can do this by using the following setting:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps = 1
Use the Deployment Image Servicing and Management (DISM) command-line tool. For example, to install the package into the offline image, open an elevated command prompt and type:
DISM /Add-ProvisionedAppxPackage /PackagePath:C:\App1.appx /SkipLicense
To deploy the app at run time, use the appropriate Windows PowerShell cmdlet. You can do this by using PowerShell or any management tool that supports executing PowerShell scripts or cmdlets. For example, from a PowerShell command prompt, type:
You deploy updates for an app in the same way that you deploy the app at run time. The updates must be installed per user for each user on a machine.