Can MSIX be used to package and distribute software in a Modern Desktop
To offer software on a Microsoft Modern Managed Desktop, different ways can be used. In my previous blog post I showed any available method. In this blog post, I want to investigate if software packaging is needed and how the packaged software can be distributed.
There are various types of software installation files. The most common types are MSI and EXE. In the previous blog post, we saw that both variants can be distributed with Microsoft Intune. But what if a software product needs an customization? For example a custom register keys or a custom file. This cannot simply be added. The software needs to be repackaged. This can be done with tooling that is offered by 3rd party vendors (Advanced Installer, Flexera or others) but Microsoft can also help (in Preview) nowadays. Microsoft has launched MSIX in preview in the past period and I want to share my experiences with you.
MSIX is the new MSI. With MSIX Microsoft wants to replace MSI so that MSIX becomes the new format for application distribution on the Windows Operating System. The MSIX package format preserves the functionality of existing app packages and/or install files in addition to enabling new, modern packaging and deployment features to Win32, WPF, and WinForm apps. To pack software in an MSIX format. You can download the MSIX package tool from here.
MSIX packaging tool
Use the MSIX packaging tool to create an MSIX package for any Windows app. The MSIX packaging tool streamlines the packaging experience, offering an interactive user interface or command line to convert and package Windows apps. The MSIX packaging tool is available in the Microsoft Store, supported on Windows 10 from the 1809 version.
*Also 3rd party packaging vendors as Advanced Installer, Flexera and others do have support for MSIX. With this, newly developed applications can be offered directly via MSIX.
How to create an MSIX packaged application
First, create a certificate to sign the Application. This can be realized by creating a self-signed certificate through PowerShell.
New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -Subject “CN=foudendorp” -KeyAlgorithm RSA -KeyLength 2048 -Provider “Microsoft Enhanced RSA and AES Cryptographic Provider” -KeyExportPolicy Exportable -KeyUsage DigitalSignature -Type CodeSigningCert
Export this certificate to a PFX file. This file can be deployed to the machines where the MSIX package must be used. To export the file open the MMC CertMgr for the current user and open the personal certificate store. Right click on the created cert and select “All tasks” – “Export”.
After exporting the certificate to PFX import this one also in the “Trusted Root Certification Authorities. This is needed on the MSIX machine to package the software.
Install the MSIX packaging tool.
Open the MSIX packaging tool. The first question is the “Send diagnostic data” question. Answer this one and the windows will close (1). In the main window of the MSIX Packaging Tool open “Application Package” (2) to create a new MSIX packaged application.
In the “Select Installer” window choose the package of the software you want to install (1). In the additional options section, you can browse for the certificate (the one that is created) (2). After selecting the correct certificate you have to give the password of the certificate file (3). When this is done you can go to the next step (4).
Now we’ve to fill in the Package information (1, 2, 3, 4 and 5). After configuring these settings select “Next”(6).
In the next window select the Recommended action (1) items and disable these services (2). After this select “Next” (3).
After the preparation is done the installer is started. Install the chosen application. In this demo, I will install Notepad++ default (Next, next, finish).
Now it’s time to make some changes to the applications. In my situation, I add some plugins to this installation.
After doing this close the application and select “Next”.
Deploy MSIX using Intune
Before we can deploy this software to a Modern Managed Workplace it is necessary that the Root Certificate is deployed to the machine. Because the MSIX package is singed with my created self-signed certificate. This certificate is deployed with Intune.
The certificate will be deployed into the Trusted Root Certification Authority in the User Certificate store.
In Intune, the app can be added as a LOB (Line of Business) App. After doing this the app will be available for the user. In my scenario, the App “Notepad++” will be available for the user in the Company Portal.
After creating this configuration in Intune the user can install the app. The user opens the Company Portal and the application appears in the Apps section.
With MSIX, Microsoft has a new tool that can bring major changes in the near future. MSIX can completely replace the format of MSI. In addition, MSIX has everything to replace App-V too. Where App-V is especially necessary for on-premises workplaces, MSIX can also facilitate applications on the Modern Desktop. The packaging of applications with MSIX is simple and this offers possibilities.
For me, MSIX can grow to the new standard. However, Microsoft still has enough to do to make this happen. There are still plenty of challenges such as transforming a full App-V environment to MSIX and getting all software vendors to package the software into this new installation type.