deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-11 04:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/application-management/sideload-apps-in-windows.md
Chris J. Lin ef1c69b439
Release mcc ent (#1) 
* smb adds

* smb adds

* formatting

* private preview and support content

* edit removed and dep

* Fix blocking issues

* Acro-fix

* 24H2 CSP Updates

* Fix link

* fix link in dep page

* edit

* edit index file

* syntax-fix-24h2

* ltsc-edits

* ltsc-edits

* lichris-docs-1

* Acrolinx improvements

* refresh for maxado-8631996

* update link for maxado-8631993

* additional edits, acrolinx

* ltsc-tw

* contentsource-8914508

* contentsource-8914508

* Updates for 1 October release

* Set stale debug to false

* update gp link for 24h2

* additional changes

* Changes to updates, acrolinx changes

* fixes broken links

* Fixed alignment issues

* updates from Rafal

* fixed acrolinx

* so many link fixes

* added release notes and troubleshoot content

* updates

* Update security-compliance-toolkit-10.md

Added Windows 11 24H2

* Update get-support-for-security-baselines.md

Updated for Windows 11 24H2

* bump date

* bump date

* fix pde comment

* fixing broken link

* Fix broken redirections

* fix to rel link

* reset head, fix link

* add cli to deploy, add script to cli

* removing "mcce"

* edits to create page

* Update default and global release policies OS version and dates to latest release values

* emoved e from mcce and other changes

* updated example script

* added important notice to update page

* more update page changes

* clarified how proxy configuration is used

* anonymizing variables in example script

* revise example script

* acrolinx fixes to update page

* changes to other pages and content in overview page

* Update broken link

Update broken link

* Update windows-sandbox-configure-using-wsb-file.md

Update `HostFolder` value description in `MappedFolder`, specifying that the path could be absolute or relative, not only absolute as, instead, is for the `SandboxFolder` value.

* Remove bad link

Removed bad link. There is already a second link referring to content so no need to replace the link.

* docfx update for security book

* Correct TOC entry changing Windows 10 to Windows

* Update whats-new-do.md

- Vpn to VPN
- Minor improvements

* Updated date for freshness reporting

* Add EOS callout

Fix some obvious Acrolinx issues

* Fixed typo added clarity

* Update mcc-ent-deploy-to-windows.md

* Update .openpublishing.redirection.windows-deployment.json

* Update .openpublishing.redirection.windows-deployment.json

* Update policy-csp-localpoliciessecurityoptions.md

* Correct indentation and spacing

* Acrolinx: "Enteprise"

* Update mcc-ent-edu-overview.md

* refresh

* Remove redirection and final bits of store-for-business

store-for-business, AKA /microsoft-store/, is retired, and the content is archived in officearchive-pr. This archival was for ADO task 9268422.

* added support content and other changes

* fixed tabs

* fixed tabs

* Updated device reg policy and group information

* Update delivery-optimization-endpoints.md

Added a line item in MCC table for Outlook *res.cdn.office.net requirement

* freshness review

* Fix broken links

* Minor change

* content for faq

* changes to landing page

* more content to faqs

* pencil edit

* add copilot exps link

* edits and ren cli file temporarily

* ren file back and edit toc to lowercase

* edit

* edit

* edit

* Update windows-autopatch-configure-network.md

Adding a new network endpoint required for the service 'device.autopatch.microsoft.com' @tiaraquan

* Clarify some points and remove data that is confusing to customers.

* fix syntax

* Sentence correction

* Update windows/deployment/do/waas-delivery-optimization-faq.yml

Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com>

* Update windows/deployment/do/waas-delivery-optimization-faq.yml

Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com>

* moved shortcuts under policy settings article

---------

Co-authored-by: Alma Jenks <v-alje@microsoft.com>
Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Co-authored-by: Stacyrch140 <102548089+Stacyrch140@users.noreply.github.com>
Co-authored-by: Nidhi Doshi <77081571+doshnid@users.noreply.github.com>
Co-authored-by: Gary Moore <5432776+garycentric@users.noreply.github.com>
Co-authored-by: Vinay Pamnani (from Dev Box) <vinpa@microsoft.com>
Co-authored-by: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Co-authored-by: Aaron Czechowski <aczechowski@users.noreply.github.com>
Co-authored-by: Aditi Srivastava <133841950+aditisrivastava07@users.noreply.github.com>
Co-authored-by: Daniel H. Brown <32883970+DHB-MSFT@users.noreply.github.com>
Co-authored-by: David Strome <21028455+dstrome@users.noreply.github.com>
Co-authored-by: Padma Jayaraman <v-padmaj@microsoft.com>
Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Co-authored-by: Rebecca Agiewich <16087112+rjagiewich@users.noreply.github.com>
Co-authored-by: Rick Munck <33725928+jmunck@users.noreply.github.com>
Co-authored-by: Tanaka <Huios@users.noreply.github.com>
Co-authored-by: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Co-authored-by: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Co-authored-by: Davide Piccinini <davide.piccinini.95@gmail.com>
Co-authored-by: Phil Garcia <phil@thinkedge.com>
Co-authored-by: Learn Build Service GitHub App <Learn Build Service LearnBuild@microsoft.com>
Co-authored-by: tiaraquan <tiaraquan@microsoft.com>
Co-authored-by: Caitlin Hart <caithart@microsoft.com>
Co-authored-by: Harman Thind <63820404+hathin@users.noreply.github.com>
Co-authored-by: [cmknox] <[cmknox@gmail.com]>
Co-authored-by: Carmen Forsmann <cmforsmann@live.com>
2024-10-17 11:34:07 -07:00

6.5 KiB
Raw Blame History

title, description, author, ms.author, manager, ms.date, ms.topic, ms.service, ms.subservice, ms.localizationpriority, ms.collection, appliesto
title description author ms.author manager ms.date ms.topic ms.service ms.subservice ms.localizationpriority ms.collection appliesto
Sideload line of business apps Learn how to sideload line-of-business (LOB) apps in Windows client operating systems. When you sideload an app, you deploy a signed app package to a device. aczechowski aaroncz aaroncz 09/27/2024 how-to windows-client itpro-apps medium tier2
<a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
<a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>

Sideload line of business (LOB) apps

Sideloading apps is when you install apps that aren't from an official source, such as the Microsoft Store. Your organization can create its own apps, including line-of-business (LOB) apps. When you sideload an app, you deploy a signed app package to a device. You maintain the signing, hosting, and deployment of these apps.

To allow these apps to run on your Windows devices, you might have to enable sideloading.

Important

When you enable sideloading, you allow installing and running apps from outside the Microsoft Store. This action might increase security risks to the device and your data. Sideloaded apps need to be signed with a certificate that the device trusts.

Prerequisites

  • Windows devices with sideloading enabled. You can enable it with a group policy or a mobile device management (MDM) provider like Microsoft Intune. You can also use the Settings app to manually turn on sideloading.

  • A trusted certificate that you assign to your app. Import the security certificate to the local device. This certificate allows the device to trust the app.

  • An app package that you sign with the same certificate.

Tip

Unlike in earlier versions, with Windows 10/11:

  • License keys aren't required.
  • Devices don't have to be joined to a domain.

Step 1: Turn on sideloading

You can sideload apps on managed or unmanaged devices.

A managed device typically means your organization owns it and applies policies based on business requirements. You manage it with on-premises group policy or a mobile device management (MDM) provider like Microsoft Intune. On managed devices, you can create a policy that turns on sideloading, and then assign this policy to targeted devices.

An unmanaged device means your organization doesn't manage it. These devices are typically personal devices that users own. Users can manually turn on sideloading with the Settings app.

User interface

If you're working on your own device, or if devices are unmanaged, use the Settings app. The experience differs between Windows 11 and Windows 10.

Note

If sideloading is blocked by an organizational policy, then users can't even manually enable sideloading.

Windows 11 setting

  1. Open the Settings app.

  2. Go to System and select For developers.

  3. Turn on the Developer mode setting.

  4. Review the notice, and select Yes to continue.

Tip

If you don't see the setting in this location on your version of Windows, use the Find a setting option. Search for developer mode to quickly jump to its location.

Windows 10 setting

  1. Open the Settings app.

  2. Go to Update & Security and select For developers.

  3. Turn on the option to Sideload apps.

  4. Review the notice, and select Yes to continue.

Group policy

If you use group policy, use the following policies to enable or prevent sideloading apps:

Path: Computer Configuration\Administrative Templates\Windows Components\App Package Deployment

  • Allows development of Windows Store apps and installing them from an integrated development environment (IDE)
  • Allow all trusted apps to install

By default, the OS might set these policies to Not configured, which means app sideloading is turned off. If you set these policies to Enabled, then users can sideload apps.

MDM

When you use Microsoft Intune, you can enable sideloading apps on managed devices. For more information, see the following articles:

Other MDM servers can implement similar behaviors using the ApplicationManagement policy CSP.

Step 2: Import the security certificate

This step installs the app certificate to the local device. Installing the certificate creates the trust between the app and the device.

  1. Open the Properties for the app package.

    1. Go to the Digital Signatures tab.

    2. Select the certificate, and select Details to open the digital signature details window.

    3. Select View Certificate to open the certificate window.

    4. Select Install Certificate to launch the certificate import wizard.

  2. On the Certificate Import Wizard, select Local Machine. This action might require an administrator to elevate.

  3. Continue the process to import the certificate into the Trusted Root Certification Authorities store.

Note

There are other methods to install and manage certificates on devices. For example, with group policy or a provisioning package.

Step 3: Install the app

After you enable sideloading and import the certificate, there are multiple methods you can use to install the app on devices.

Next steps

Learn about the private app repository in Windows 11 with the Company Portal and Microsoft Intune.

For more information on sideloading, see the following articles on Windows app development: