Building Windows 8 blog
Windows 8 app developer blog
IE Blog
The Windows blog
Inside SkyDrive blog
Download Windows 8 Release Preview
Selling apps in the Windows Store
Windows Dev Center
Follow us @WinDevs
The //build/ conference
Developer forums
In previous posts, we’ve walked through making your apps available directly to customers using the Windows Store. In this post, Arik Cohen, Lead Program Manager for our Commerce and Licensing team, describes how to build, deploy and manage Metro style apps for business customers. --Antoine
In previous posts, we’ve walked through making your apps available directly to customers using the Windows Store. In this post, Arik Cohen, Lead Program Manager for our Commerce and Licensing team, describes how to build, deploy and manage Metro style apps for business customers.
--Antoine
As customers continue developing great Metro style apps that increase employee productivity, we want to take a few minutes to discuss how businesses can best deploy and manage Metro style apps. The information you find here should be helpful to you, whether you're a developer writing an app targeting business users, or an IT admin responsible for deploying the app throughout your company.
When it comes to building a Metro style app for business users, the first thing you should consider—whether you are a developer or an IT admin—is how you'll deploy the app. You have two options available:
If you want to target the broadest set of customers, we recommend you list apps in the Store (presumably in the Business category). Business apps that you distribute through the Store get all of the benefits of any app in the Store. This includes technical and content certification of the app, discoverability of the app on the web, ease of updates to the users of the app, and telemetry and reporting on the acquisition of the apps. Examples of apps that might fall into this category are cloud backed CRM software, hosted inventory software or sales reporting and monitoring software.
You have two options for selling your app on the Store: you can offer your apps for sale directly to the business user, with each individual user making the purchase directly from the Store. Another option is to offer the app as a free download, then manage the sales and licensing directly with the business. Your app would then use authentication to bring specific functionality to each of your customer’s users.
If you want to enforce a volume licensing model based on user counts for business sales, you can use a signed receipt from the Windows Store. This option enables you to securely identify the user running the app. Receipts are a new feature available for apps that users acquire from the Windows Store.
Here is an example of the XML used to identify the app receipt.
<Receipt xmlns="http://schemas.microsoft.com/windows/2012/store/receipt" Version="1.0" ReceiptDate="2012-03-15T11:34:05-08:00" ReceiptDeviceId="b809e47cd0110a4db043b3f73e83acd917fe1336"> <AppReceipt Id="182A6BB6-A7CE-4040-94E9-44AF572D7FD5" AppId="contoso.SalesApp_5q2xcn1j1t576" LicenseType="Full" PurchaseDate="2012-03-14T15:48:12-08:00"/></Receipt>
The receipt is signed with a standard XML digital signature that you can validate to make sure it came from the Windows Store. The ID of each receipt element is unique per user and per device that acquires the app. You can validate the receipt along with the app’s own authentication model to keep track of how many machines have been activated for a particular business customer. This enables you to bill a business based on the number of “seats” that have run this app.
While the Windows Store will be a great way to deploy apps to business customers, there are apps that IT admins will want to distribute directly to the end-users. This option makes sense for custom and proprietary line-of-business (LOB) apps, or enterprise software purchased directly from an ISV.
So, as either a developer at a private corporation or as a commercial developer, if you decide to build a Metro style app for distribution outside of the Windows Store, you should:
We recommend that you get your app packages signed with a certificate purchased from a Trusted Authority, and Windows trusts many Certificate Authorities without any additional configuration. If the certificate is from one of these already trusted authorities, you don’t need to deploy and manage additional certificates to the targeted Windows 8 PCs. You also can use your company's internal Certificate Authority to sign the app. If you choose this option, your IT admins need to ensure that the CA certificate is installed in the Windows images of targeted PCs.
Visual Studio provides a self-signing test certificate that you can use for testing apps internally. We recommend you use these certificates ONLY for internal testing and not for broad deployment through the enterprise.
After you make the decision to deliver your Metro style app directly within a corporation (and not through the Store), you need to provide your IT admins the following items to deploy and manage the app:
IT admins should also check the Windows App Certification Kit results to validate that the app passed the technical requirements of a Metro style app. This will help keep the quality and experience high for the end-users the apps are deployed to.
IT admins need to make sure that they prepare the PCs where they are going to install the Metro style app. This involves procedures that are slightly different depending on the edition of Windows installed, since the management capabilities vary in each edition.
Currently, the Consumer Preview and Windows Server 8 Beta are classified as “enterprise sideloading enabled.” This means that when a PC is domain joined, it can be configured to accept non-Windows Store apps from their IT admin. Moving forward, this functionality to install non-Windows Store Metro style apps will be available for Windows 8 Enterprise Edition and Windows 8 Server editions.
On an enterprise sideloading enabled edition, the IT admins needs to verify:
Some business users might not use a PC that supports enterprise sideloading. Common reasons for this are that the edition of Windows that their enterprise uses doesn’t support this, or the IT admins do not manage the PC. This scenario is becoming increasingly common with the growing trend of personal devices used for work.
To enable sideloading of a Metro style app onto a PC:
After confirming that the targeted machines meet the requirements, IT admins can deploy Metro style apps to their users. The admins need to decide if they want to deploy the Metro style apps along with the initial Windows image (and be preinstalled for all users) or install them at runtime. If the admins automate the deployment by using a standard Windows management solution (like System Center), then they can automate both the preparation and the installation at runtime. Windows management solutions can either use the native API’s for installing Metro style apps on systems, or they can use the native PowerShell cmdlets supported by Metro style apps.
IT admins can stage the app by using the App provisioning commands. This allows admins to install the app for every user of the Windows installation when they first sign in. Note that the app will not run until the target computers have been prepared as described above. IT admins can add the apps to a Windows image by:
The app will be installed when any new user signs in to the system at the “Preparing your system” screen.
IT admins can also decide to deploy the app during runtime using the appropriate PowerShell cmdlet. This can be done just using PowerShell on its own, or by using any management tool that supports executing PowerShell scripts or cmdlets. For example, from a Windows PowerShell command prompt, type:
add-appxpackage C:\ContosoApp\ExpenseApp.appx
This will install the app only for the current user.
For more information on how an IT admin can manage the apps on Consumer Preview, see How to Add and Remove Apps.
Deploying updates to the app is done in the same way as deploying an app at runtime. The updates need to be installed per user for each user on a machine. IT admins can detect if the appropriate version of the app is already installed by using the Get-AppXPackage PowerShell cmdlet.
IT admins can force an app update by using this command in a PowerShell command window:
add-appxpackage \\fileserver\ContosoApp\v1.1\ExpenseApp.appx
Apps that the IT admin directly deployed are also updated directly. There is no standard way for the end-user to detect and acquire updates for these apps.
For Windows RT, we have integrated a new management client that can communicate with a management infrastructure to deliver Metro style apps to users. It provides a more streamlined experience to prepare the machine for enterprise sideloading and enables the user to easily acquire the apps that their IT admins have made available to them. More information about managing your Windows RT PC can be found at the Building Windows 8 blog.
Because there will be a rich selection of business related apps in the Windows Store, IT administrators will want to make sure they can enable the Store for their end-users, manage apps delivered from the Store, and help their users better find their business apps.
The Store is enabled by default for Windows 8. To access the store, all the end-user needs is a Microsoft account. IT admins can use familiar tools like AppLocker to allow or restrict apps from the Windows Store. This way, their users get access to the rich variety of apps in the Windows Store, but IT admins can restrict access as needed.
In a tightly managed enterprise, there might be specific situations where IT admins do not want to allow user access to the Windows Store. In this case they can use a group policy to turn off access to the store for those users and/or PCs.
For more information, see Managing the Windows Store.
As you build Metro style apps targeting businesses, you have options on how to make these apps available. You can use the Windows Store to distribute your app, or you can sell directly to a business and allow their IT admins to deploy it. In addition, IT admins have a set of tools and capabilities that enable them to get these apps to the PCs that need them. We look forward to seeing your apps bring about new levels of employee productivity.
-- Arik Cohen