Direct distribution of a Metro style app
While the Windows Store will be a great way to deploy apps to business customers, there are apps that IT admins will want to distribute directly to the end-users. This option makes sense for custom and proprietary line-of-business (LOB) apps, or enterprise software purchased directly from an ISV.
So, as either a developer at a private corporation or as a commercial developer, if you decide to build a Metro style app for distribution outside of the Windows Store, you should:
- Validate the technical compliance of the app. The Windows Store certification process helps to deliver trustworthy apps to users. We expect IT admins to demand the same level of quality with the apps that they distribute directly to their users. As mentioned in our previous post on submitting your app to the Windows Store, you can run the Windows App Certification Kit to run the technical certification tests the Windows Store uses, before you submit the app to the Store. It is critical that you run the Windows App Certification Kit on any app before it is distributed to customers. This helps ensure that the app meets the minimum technical expectations of a Metro style app, helps to define consistent experiences, and validates that the app will behave as expected on future versions of Windows. The Dev Center has more information on how to validate your Metro style app with the Windows App Certification Kit.
- Sign the app. To deploy the package to end-users, your app must be appropriately signed by a Certificate Authority that is trusted by the target PCs. The Publisher Name in the package manifest must match the Publisher Name in the certificate that is used to sign the app. Again, check the Dev Center for additional details on signing the app via Visual Studio.
We recommend that you get your app packages signed with a certificate purchased from a Trusted Authority, and Windows trusts many Certificate Authorities without any additional configuration. If the certificate is from one of these already trusted authorities, you don’t need to deploy and manage additional certificates to the targeted Windows 8 PCs. You also can use your company's internal Certificate Authority to sign the app. If you choose this option, your IT admins need to ensure that the CA certificate is installed in the Windows images of targeted PCs. Handing the Metro style app off to an IT Admin
After you make the decision to deliver your Metro style app directly within a corporation (and not through the Store), you need to provide your IT admins the following items to deploy and manage the app:
- The signed app package(s). There may be different packages for different processor architectures (x86, x64, and/or ARM).
IT admins should also check the Windows App Certification Kit results to validate that the app passed the technical requirements of a Metro style app. This will help keep the quality and experience high for the end-users the apps are deployed to. Preparing target PCs for deployment
IT admins need to make sure that they prepare the PCs where they are going to install the Metro style app. This involves procedures that are slightly different depending on the edition of Windows installed, since the management capabilities vary in each edition. Preparing PCs for sideloading apps on enterprise PCs
Currently, the Consumer Preview and Windows Server 8 Beta are classified as “enterprise sideloading enabled.” This means that when a PC is domain joined, it can be configured to accept non-Windows Store apps from their IT admin. Moving forward, this functionality to install non-Windows Store Metro style apps will be available for Windows 8 Enterprise Edition and Windows 8 Server editions.
On an enterprise sideloading enabled edition, the IT admins needs to verify:
- The PC is domain joined.
- The group policy is set to "Allow all trusted apps to install"
- The app is signed by a CA that is trusted on the target PCs