diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md index 6a6c743b1c..835543cb01 100644 --- a/windows/application-management/add-apps-and-features.md +++ b/windows/application-management/add-apps-and-features.md @@ -1,32 +1,74 @@ --- -title: Windows 10 - How to add apps from Apps & features -description: Learn how to add apps, like XPS Viewer, to your Windows 10 device with the Apps & features page in Settings +title: Add or hide optional apps and features on Windows devices | Microsoft Docs +description: Learn how to add Windows 10 and Windows 11 optional features using the Apps & features page in the Settings app. Also see the group policy objects (GPO) and MDM policies that show or hide Apps and Windows Features in the Settings app. Use Windows PowerShell to show or hide specific features in Windows Features. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: article -ms.author: greglin -author: greg-lindsay +ms.author: mandia +author: MandiOhlinger ms.localizationpriority: medium -ms.date: 04/26/2018 +ms.date: 08/25/2021 ms.reviewer: -manager: dansimp +manager: dougeby ms.topic: article --- -# How to add apps and features to Windows 10 -> Applies to: Windows 10 -Windows 10 includes a range of [applications](apps-in-windows-10.md), from [system apps](system-apps-windows-client-os.md) that support the operating system (like Settings) to ["provisioned" apps](provisioned-apps-windows-client-os.md) (like Feedback Hub) that are installed the first time you run Windows. We also provide additional apps and features, called Features on Demand (like language packs or handwriting recognition), that you can install at any time. If you're working in a managed environment (like at work, where you have an administrator who manages your systems and resources), your admin can use [Windows Update to install Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). +# Add or hide features on the Windows client OS -If you're working on your own device, you can add apps and features from the Settings app. +> Applies to: +> +> - Windows 10 -Here's how you do that: +The Windows client operating systems include more features that you and your users can install. These features are called [Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) (opens another Microsoft web site), and can be installed at any time. On your organization-owned devices, you may want to control access to these other features. -1. In the Search bar, search for "apps." -2. Select **Apps and features** in the results. -3. Select **Manage optional features**, and then select **Add a feature**. -4. Select the feature you want to add, like **XPS Viewer**, and then select **Install.** +This article: -And that's it. You can see the apps you have installed on the **Apps & features** page and the features on **Manage optional features**. +- Shows you how to add features using the user interface. +- Lists the group policies and Mobile device management (MDM) policies to hide Windows Features. +- Includes information on using Windows PowerShell to disable specific Windows Features. -You can manage and uninstall apps and features from the same Settings page. Just select the app or feature, and then select **Uninstall**. \ No newline at end of file +If you're working on your own device, use the **Settings** app to add features. + +## Add or uninstall features + +1. In the Search bar, search for "apps", and select **Apps and features**. +2. Select **Optional features** > **Add a feature**. +3. Select the feature you want to add, like **XPS Viewer**, and then select **Install.** + +When the installation completes, the feature is listed in **Apps & features**. In **Apps & features** > **Optional features** > **More Windows features**, there are more features that you and your users can install. + +To uninstall a feature, open the **Settings** app. Select the feature, and then select **Uninstall**. + +## Use Group Policy or MDM to hide Windows Features + +By default, the OS might show Windows Features, and allow users to install and uninstall these optional apps and features. + +To hide Windows Features on your user devices, you can use Group Policy (on-premises), or use an MDM provider, such as Microsoft Intune (cloud). + +### Group Policy + +If you use Group Policy, use the `User Configuration\Administrative Template\Control Panel\Programs\Hide "Windows Features"` policy. By default, this policy may be set to **Not configured**, which means users can add or remove features. When this setting is **Enabled**, the Windows Features is hidden on the device. + +You can't use Group Policy to disable specific Windows Features, such as XPS Viewer. If you want to disable specific features, use [Windows PowerShell](#use-windows-powershell-to-disable-specific-features) (in this article). + +If you want to hide the entire **Apps** feature in the Settings app, use the `User Configuration\Administrative Template\Control Panel\Programs\Hide "Programs and Features" page` policy. + +### MDM + +Using Microsoft Intune, you can use [Administrative Templates](/mem/intune/configuration/administrative-templates-windows) (opens another Microsoft web site) or the [Settings Catalog](/mem/intune/configuration/settings-catalog) (opens another Microsoft web site) to hide Windows Features. + +If you want to hide the entire **Apps** feature in the Settings app, you can use a configuration policy on Intune enrolled devices. For more information on the Control Panel settings you can configure, see [Control Panel settings in Microsoft Intune](/mem/intune/configuration/device-restrictions-windows-10#control-panel-and-settings). + +## Use Windows PowerShell to disable specific features + +To disable specific features, you can use the Windows PowerShell [Disable-WindowsOptionalFeature](/powershell/module/dism/disable-windowsoptionalfeature) command. There isn't a Group Policy that disables specific Windows Features. + +If you're looking to automate disabling specific features, you can create a scheduled task. Then, use the scheduled task to run your Windows PowerShell script. For more information about Task Scheduler, see [Task Scheduler for developers](/windows/win32/taskschd/task-scheduler-start-page). + +Microsoft Intune can also execute Windows PowerShell scripts. For more information, see [Use PowerShell scripts on Windows client devices in Intune](/mem/intune/apps/intune-management-extension). + +## Restore Windows features + +- If you use Group Policy or MDM to hide Windows Features or the entire Apps feature, you can set the policy to **Not configured**. Then, deploy your policy. When the device receives the policy, the features are shown. +- Using Windows PowerShell, you can also enable specific features using the [Enable-WindowsOptionalFeature](/powershell/module/dism/enable-windowsoptionalfeature) command. diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 185ad28d5e..0ad35e3d24 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -74,7 +74,7 @@ There are different types of apps that can run on your Windows client devices. T When your apps are ready, you can add or deploy these apps to your Windows devices. This section lists some common options. -- **Manually install**: On your devices, users can install apps from the Microsoft Store, from the internet, and from an organization shared drive. These apps, and more, are listed in **Settings** > **Apps and Features**. +- **Manually install**: On your devices, users can install apps from the Microsoft Store, from the internet, and from an organization shared drive. These apps, and more, are listed in **Settings** > **Apps** > **Apps and Features**. If you want to prevent users from downloading apps on organization owned devices, use an MDM provider, like Microsoft Intune. For example, you can create a policy that allows or prevents users from sideloading apps, only allow the private store, and more. For more information on the features you can restrict, see [Windows 10 (and newer) device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10). @@ -87,11 +87,13 @@ When your apps are ready, you can add or deploy these apps to your Windows devic - [Add apps to Microsoft Intune](/mem/intune/apps/apps-add) - [Application management in Configuration Manager](/mem/configmgr/apps/understand/introduction-to-application-management) -- **Microsoft Store**: Using the Microsoft Store app, Windows users can download apps from the public store. And, they can download apps provided by your organization, which is called the "private store". If your organization creates its own apps, you can use **Windows Package Manager** to add apps to the private store. +- **Microsoft Store**: Using the Microsoft Store app, Windows users can download apps from the public store. And, they can download apps provided by your organization, which is called the "private store". If your organization creates its own apps, you can use **[Windows Package Manager](/windows/package-manager)** to add apps to the private store. To help manage the Microsoft Store on your devices, you can use policies: - - On premises, you can use Administrative Templates in group policy to control access to the Microsoft Store app (`User Configuration\Administrative Templates\Windows Components\Store`). + - On premises, you can use Administrative Templates in Group Policy to control access to the Microsoft Store app: + - `User Configuration\Administrative Templates\Windows Components\Store` + - `Computer Configuration\Administrative Templates\Windows Components\Store` - Using Microsoft Intune, you can use [Administrative Templates](/mem/intune/configuration/administrative-templates-windows) (opens another Microsoft web site) or the [Settings Catalog](/mem/intune/configuration/settings-catalog) (opens another Microsoft web site) to control access to the Microsoft Store app. For more information, see: @@ -135,9 +137,8 @@ When your apps are ready, you can add or deploy these apps to your Windows devic To help manage App-V on your devices, you can use policies: - - On premises, you can use Administrative Templates in group policy to deploy App-V policies (`Computer Configuration\Administrative Templates\System\App-V`). + - On premises, you can use Administrative Templates in Group Policy to deploy App-V policies (`Computer Configuration\Administrative Templates\System\App-V`). - Using Microsoft Intune, you can use [Administrative Templates](/mem/intune/configuration/administrative-templates-windows) (opens another Microsoft web site) or the [Settings Catalog](/mem/intune/configuration/settings-catalog) (opens another Microsoft web site) to deploy App-V policies. > [!TIP] > If you want to decrease your on-premises footprint, then **Azure Virtual desktop with MSIX app attach** might be the better deployment for your organization. - diff --git a/windows/application-management/index.yml b/windows/application-management/index.yml index d9d22489a8..e6739ae97e 100644 --- a/windows/application-management/index.yml +++ b/windows/application-management/index.yml @@ -28,7 +28,7 @@ landingContent: links: - text: Understand apps in Windows client OS url: apps-in-windows-10.md - - text: How to add apps and features + - text: How to add features url: add-apps-and-features.md - text: Sideload LOB apps url: sideload-apps-in-windows-10.md diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md index 4759d12a8c..5ab1d678f5 100644 --- a/windows/application-management/sideload-apps-in-windows-10.md +++ b/windows/application-management/sideload-apps-in-windows-10.md @@ -1,93 +1,103 @@ --- -title: Sideload LOB apps in Windows 10 (Windows 10) -description: Learn how to sideload line-of-business (LOB) apps in Windows 10. When you sideload an app, you deploy a signed app package to a device. +title: Sideload LOB apps in Windows client OS | Microsoft Docs +description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems, including Windows 10. When you sideload an app, you deploy a signed app package to a device. ms.assetid: C46B27D0-375B-4F7A-800E-21595CF1D53D ms.reviewer: -manager: dansimp +manager: dougeby ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile author: greg-lindsay -ms.date: 05/20/2019 +ms.date: 08/25/2021 +ms.localizationpriority: medium --- -# Sideload LOB apps in Windows 10 +# Sideload line of business (LOB) apps in Windows client devices -**Applies to** - -- Windows 10 +> Applies to: +> +> - Windows 10 > [!NOTE] -> As of Windows Insider Build 18956, sideloading is enabled by default. Now, you can deploy a signed package onto a device without a special configuration. +> As of Windows Insider Build 18956, sideloading is enabled by default. You can deploy a signed package onto a device without a special configuration. -"Line-of-Business" (LOB) apps are present in a wide range of businesses and organizations. Organizations value these apps because they solve problems unique to each business. +Sideloading apps is when you install apps that aren't from an official source, such as the Microsoft store. Your organization may create its own apps, including line-of-business (LOB) apps. Many organizations create their own apps to solve problems unique to their business. When you sideload an app, you deploy a signed app package to a device. You maintain the signing, hosting, and deployment of these apps. Sideloading was also available with Windows 8 and Windows 8.1 -In Windows 10, sideloading is different than in earlier versions of Windows: +Starting with Windows 10, sideloading is different than in earlier versions of Windows: -- You can unlock a device for sideloading using an enterprise policy, or through **Settings** +- You can unlock a device for sideloading using an enterprise policy, or through the **Settings** app. +- License keys aren't required. +- Devices don't have to be joined to a domain. -- License keys are not required +To allow these apps to run on your Windows devices, you might have to enable sideloading on your devices. This article shows you how to: -- Devices do not have to be joined to a domain +- **Turn on sideloading**: You can deploy using Group Policy or a mobile device management (MDM) provider. Or, you can use **Settings** apps to turn on sideloading. +- **Install the app certificate**: Import the security certificate to the local device. This certificate tells the local device to trust the app. +- **Install the app**: Use Windows PowerShell to install the app package. -## Requirements -Here's what you'll need to have: +## Prerequisites -- Devices need to be unlocked for sideloading (unlock policy enabled) +- Windows devices that are unlocked for sideloading (unlock policy enabled). Meaning, sideloading isn't blocked by a policy. +- A trusted certificate that's assigned to your app. +- An app package that's signed with your certificate. -- Certificate assigned to app +## Step 1: Turn on sideloading -- Signed app package - -And here's what you'll need to do: - -- Turn on sideloading - you can push a policy with an MDM provider, or you can use **Settings**. - -- Trust the app - import the security certificate to the local device. - -- Install the app - use PowerShell to install the app package. - -## How do I sideload an app on desktop You can sideload apps on managed or unmanaged devices. ->[!IMPORTANT] -> To install an app on Windows 10, in addition to following [these procedures](/windows/msix/app-installer/installing-windows10-apps-web), users can also double-click any APPX/MSIX package. +Managed devices are typically owned by your organization. They're managed by Group Policy (on-premises), or a Mobile Device Management (MDM) provider, such as Microsoft Intune (cloud). Bring your own devices (BYOD) and personal devices can also be managed by your organization. On managed devices, you can create a policy that turns on sideloading, and then deploy this policy to your Windows devices. +Unmanaged devices are devices that are not managed by your organization. These devices are typically personal devices owned by users. Users can turn on sideloading using the Settings app. -**To turn on sideloading for managed devices** +> [!IMPORTANT] +> To install an app on Windows 10 and later, you can: +> +> - [Install Windows 10 apps from a web page](/windows/msix/app-installer/installing-windows10-apps-web). +> - Users can double-click any `.APPX` or `.MSIX` package. -- Deploy an enterprise policy. +### User interface +If you're working on your own device, or if devices are unmanaged, use the Settings app: +1. Open the **Settings** app > **Update & Security** > **For developers**. +2. Select **Sideload apps**. -**To turn on sideloading for unmanaged devices** +For more information, see [Enable your device for development](/windows/apps/get-started/enable-your-device-for-development) and [Developer Mode features and debugging](/windows/apps/get-started/developer-mode-features-and-debugging). -1. Open **Settings**. +### Group Policy -2. Click **Update & Security** > **For developers**. +If you use Group Policy, use the `Computer Configuration\Administrative Templates\Windows Components\App Package Deployment` policies to enable or prevent sideloading apps: -3. On **Use developer features**, select **Sideload apps**. +- Allows development of Windows Store apps and installing them from an integrated development environment (IDE) +- Allow all trusted apps to install -**To import the security certificate** +By default, the OS might set these policies to **Not configured**, which means app sideloading is turned off. If you set these policies to **Enabled**, users can sideload apps. -1. Open the security certificate for the appx package, and select **Install Certificate**. +### MDM -2. On the **Certificate Import Wizard**, select **Local Machine**. +Using Microsoft Intune, you can also enable sideloading apps on managed devices. For more information, see: -3. Import the certificate to the **Trusted Root Certification Authorities** folder. +- [Sign line-of-business apps so they can be deployed to Windows devices with Intune](/mem/intune/apps/app-sideload-windows) +- [App Store device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#app-store) + +## Step 2: Import the security certificate + +This step installs the app certificate to the local device. Installing the certificate creates the trust between the app and the device. + +1. Open the security certificate for the `.appx` package, and select **Install Certificate**. + +2. On the **Certificate Import Wizard**, select **Local Machine**. + +3. Import the certificate to the **Trusted Root Certification Authorities** folder. -OR- - You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package to a Windows 10 device, see runtime instructions on [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=619162). + You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package to a Windows 10 device, see runtime instructions on [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package). -**To install the app** -- From the folder with the appx package, run the PowerShell `Add-AppxPackage` command to install the appx package. +## Step 3: Install the app - -  - -  \ No newline at end of file +From the folder with the `.appx` package, run the Windows PowerShell `Add-AppxPackage` command to install the `.appx` package. For more information on this command, see [Add-AppxPackage](/powershell/module/appx/add-appxpackage). diff --git a/windows/application-management/toc.yml b/windows/application-management/toc.yml index 0e0f44a1bb..6847361924 100644 --- a/windows/application-management/toc.yml +++ b/windows/application-management/toc.yml @@ -11,7 +11,7 @@ items: href: provisioned-apps-windows-client-os.md - name: System apps in Windows client OS href: system-apps-windows-client-os.md - - name: Add apps and features in Windows 10 + - name: Add features in Windows client href: add-apps-and-features.md - name: Sideload apps href: sideload-apps-in-windows-10.md