deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into cz-fresh-perusersvc

Browse Source
This commit is contained in:
Aditi Srivastava 2023-12-26 10:05:26 +05:30 committed by GitHub
commit dac487da7e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 144 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.openpublishing.redirection.json
View File

@ -2052,7 +2052,7 @@
},
{
"source_path": "windows/deploy/sideload-apps-in-windows-10.md",
"redirect_url": "/windows/application-management/sideload-apps-in-windows-10",
"redirect_url": "/windows/application-management/sideload-apps-in-windows",
"redirect_document_id": false
},
{

5
.openpublishing.redirection.windows-application-management.json
View File

@ -24,6 +24,11 @@
"source_path": "windows/application-management/apps-in-windows-10.md",
"redirect_url": "/windows/application-management/overview-windows-apps",
"redirect_document_id": false
},
{
"source_path": "windows/application-management/sideload-apps-in-windows-10.md",
"redirect_url": "/windows/application-management/sideload-apps-in-windows",
"redirect_document_id": false
}
]
}

104
windows/application-management/sideload-apps-in-windows-10.md
View File

@ -1,104 +0,0 @@
---
title: Sideload line of business apps
description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems. When you sideload an app, you deploy a signed app package to a device.
author: aczechowski
ms.author: aaroncz
manager: aaroncz
ms.date: 12/07/2017
ms.topic: how-to
ms.prod: windows-client
ms.technology: itpro-apps
ms.localizationpriority: medium
ms.collection: tier2
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
---
# Sideload line of business (LOB) apps
> [!NOTE]
> Starting with Windows 10 2004, sideloading is enabled by default. You can deploy a signed package onto a device without a special configuration.
Sideloading apps is when you install apps that aren't from an official source, such as the Microsoft store. Your organization may create its own apps, including line-of-business (LOB) apps. Many organizations create their own apps to solve problems unique to their business.
When you sideload an app, you deploy a signed app package to a device. You maintain the signing, hosting, and deployment of these apps. Sideloading was also available with Windows 8 and Windows 8.1
Starting with Windows 10, sideloading is different than earlier versions of Windows:
- You can unlock a device for sideloading using an enterprise policy, or through the **Settings** app.
- License keys aren't required.
- Devices don't have to be joined to a domain.
To allow these apps to run on your Windows devices, you might have to enable sideloading on your devices.
This article shows you how to:
- **Turn on sideloading**: You can deploy using Group Policy or a mobile device management (MDM) provider. Or, you can use the **Settings** app to turn on sideloading.
- **Install the app certificate**: Import the security certificate to the local device. This certificate tells the local device to trust the app.
- **Install the app**: Use Windows PowerShell to install the app package.
## Prerequisites
- Windows devices that are unlocked for sideloading (unlock policy enabled). Meaning, sideloading isn't blocked by a policy.
- A trusted certificate that's assigned to your app.
- An app package that's signed with your certificate.
## Step 1: Turn on sideloading
You can sideload apps on managed or unmanaged devices.
Managed devices are typically owned by your organization. They're managed by Group Policy (on-premises), or a Mobile Device Management (MDM) provider, such as Microsoft Intune (cloud). Bring your own devices (BYOD) and personal devices can also be managed by your organization. On managed devices, you can create a policy that turns on sideloading, and then deploy this policy to your Windows devices.
Unmanaged devices are devices that aren't managed by your organization. These devices are typically personal devices owned by users. Users can turn on sideloading using the Settings app.
> [!IMPORTANT]
> To install an app on Windows client, you can:
>
> - [Install Windows apps from a web page](/windows/msix/app-installer/installing-windows10-apps-web).
> - Users can double-click any `.msix` or `.appx` package.
### User interface
If you're working on your own device, or if devices are unmanaged, use the Settings app:
1. Open the **Settings** app > **Update & Security** > **For developers**.
2. Select **Sideload apps**.
For more information, see [Enable your device for development](/windows/apps/get-started/enable-your-device-for-development) and [Developer Mode features and debugging](/windows/apps/get-started/developer-mode-features-and-debugging).
### Group Policy
If you use Group Policy, use the `Computer Configuration\Administrative Templates\Windows Components\App Package Deployment` policies to enable or prevent sideloading apps:
- `Allows development of Windows Store apps and installing them from an integrated development environment (IDE)`
- `Allow all trusted apps to install`
By default, the OS might set these policies to **Not configured**, which means app sideloading is turned off. If you set these policies to **Enabled**, then users can sideload apps.
### MDM
Using Microsoft Intune, you can also enable sideloading apps on managed devices. For more information, see:
- [Sign line-of-business apps so they can be deployed to Windows devices with Intune](/mem/intune/apps/app-sideload-windows)
- [App Store device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#app-store)
## Step 2: Import the security certificate
This step installs the app certificate to the local device. Installing the certificate creates the trust between the app and the device.
1. Open the security certificate for the `.msix` package, and select **Install Certificate**.
2. On the **Certificate Import Wizard**, select **Local Machine**.
3. Import the certificate to the **Trusted Root Certification Authorities** folder.
-OR-
You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package, see runtime instructions on [Create a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package).
## Step 3: Install the app
From the folder with the `.msix` package, run the Windows PowerShell `Add-AppxPackage` command to install the `.msix` package.
For more information on this command, see [Add-AppxPackage](/powershell/module/appx/add-appxpackage).

137
windows/application-management/sideload-apps-in-windows.md Normal file
View File

@ -0,0 +1,137 @@
---
title: Sideload line of business apps
description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems. When you sideload an app, you deploy a signed app package to a device.
author: aczechowski
ms.author: aaroncz
manager: aaroncz
ms.date: 12/22/2023
ms.topic: how-to
ms.prod: windows-client
ms.technology: itpro-apps
ms.localizationpriority: medium
ms.collection: tier2
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
---
# Sideload line of business (LOB) apps
Sideloading apps is when you install apps that aren't from an official source, such as the Microsoft Store. Your organization can create its own apps, including line-of-business (LOB) apps. When you sideload an app, you deploy a signed app package to a device. You maintain the signing, hosting, and deployment of these apps.
To allow these apps to run on your Windows devices, you might have to enable sideloading.
> [!IMPORTANT]
> When you enable sideloading, you allow installing and running apps from outside the Microsoft Store. This action might increase security risks to the device and your data. Sideloaded apps need to be signed with a certificate that the device trusts.
## Prerequisites
- Windows devices with sideloading enabled. You can enable it with a group policy or a mobile device management (MDM) provider like Microsoft Intune. You can also use the **Settings** app to manually turn on sideloading.
- A trusted certificate that you assign to your app. Import the security certificate to the local device. This certificate allows the device to trust the app.
- An app package that you sign with the same certificate.
> [!TIP]
> Unlike in earlier versions, with Windows 10/11:
>
> - License keys aren't required.
> - Devices don't have to be joined to a domain.
## Step 1: Turn on sideloading
You can sideload apps on managed or unmanaged devices.
A *managed device* typically means your organization owns it and applies policies based on business requirements. You manage it with on-premises group policy or a mobile device management (MDM) provider like Microsoft Intune. On managed devices, you can create a policy that turns on sideloading, and then assign this policy to targeted devices.
An *unmanaged device* means your organization doesn't manage it. These devices are typically personal devices that users own. Users can manually turn on sideloading with the **Settings** app.
### User interface
If you're working on your own device, or if devices are unmanaged, use the Settings app. The experience differs between Windows 11 and Windows 10.
> [!NOTE]
> If sideloading is blocked by an organizational policy, then users can't even manually enable sideloading.
#### Windows 11 setting
1. Open the **Settings** app.
1. Go to **System** and select **For developers**.
1. Turn on the **Developer mode** setting.
1. Review the notice, and select **Yes** to continue.
> [!TIP]
> If you don't see the setting in this location on your version of Windows, use the *Find a setting* option. Search for *developer mode* to quickly jump to its location.
#### Windows 10 setting
1. Open the **Settings** app.
1. Go to **Update & Security** and select **For developers**.
1. Turn on the option to **Sideload apps**.
1. Review the notice, and select **Yes** to continue.
### Group policy
If you use group policy, use the following policies to enable or prevent sideloading apps:
Path: **Computer Configuration\Administrative Templates\Windows Components\App Package Deployment**
- **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)**
- **Allow all trusted apps to install**
By default, the OS might set these policies to **Not configured**, which means app sideloading is turned off. If you set these policies to **Enabled**, then users can sideload apps.
### MDM
When you use Microsoft Intune, you can enable sideloading apps on managed devices. For more information, see the following articles:
- [Sign line-of-business apps so they can be deployed to Windows devices with Intune](/mem/intune/apps/app-sideload-windows)
- [App Store device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#app-store)
Other MDM servers can implement similar behaviors using the [ApplicationManagement](/windows/client-management/mdm/policy-csp-applicationmanagement) policy CSP.
## Step 2: Import the security certificate
This step installs the app certificate to the local device. Installing the certificate creates the trust between the app and the device.
1. Open the **Properties** for the app package.
1. Go to the **Digital Signatures** tab.
1. Select the certificate, and select **Details** to open the digital signature details window.
1. Select **View Certificate** to open the certificate window.
1. Select **Install Certificate** to launch the certificate import wizard.
1. On the **Certificate Import Wizard**, select **Local Machine**. This action might require an administrator to elevate.
1. Continue the process to import the certificate into the **Trusted Root Certification Authorities** store.
> [!NOTE]
> There are other methods to install and manage certificates on devices. For example, with group policy or a provisioning package.
## Step 3: Install the app
After you enable sideloading and import the certificate, there are multiple methods you can use to install the app on devices.
- Manually open the `.msix` or `.appx` package in Windows Explorer.
- Distribute an [MSIX app](/windows/msix/overview) over the network with a web-based app installer. For more information, see [Install Windows apps from a web page](/windows/msix/app-installer/installing-windows10-apps-web).
- Use the Windows PowerShell `Add-AppxPackage` cmdlet. For more information, see [Add-AppxPackage](/powershell/module/appx/add-appxpackage).
## Next steps
Learn about the [private app repository in Windows 11](private-app-repository-mdm-company-portal-windows-11.md) with the Company Portal and Microsoft Intune.
For more information on sideloading, see the following articles on Windows app development:
- [Enable your device for development](/windows/apps/get-started/enable-your-device-for-development)
- [Developer Mode features and debugging](/windows/apps/get-started/developer-mode-features-and-debugging)

2
windows/application-management/toc.yml
View File

@ -8,7 +8,7 @@ items:
- name: Add or hide Windows features
href: add-apps-and-features.md
- name: Sideload line of business (LOB) apps
href: sideload-apps-in-windows-10.md
href: sideload-apps-in-windows.md
- name: Private app repo on Windows 11
href: private-app-repository-mdm-company-portal-windows-11.md
- name: Remove background task resource restrictions