YOU’RE READING
MSIX Packaging Fundamentals
by Tim Mangan, Bogdan Mitrache & Kevin Kaminski
Download ebookAlso check MSI Packaging Training Book
Package Deployment Install Locations
By default, all MSIX packages are installed/extracted by the OS in the following folder:
%ProgramFiles%\WindowsApps
Although this may look like a normal windows folder, it is not. This is a namespace that represents the file system volume used to hold the contents of installed AppX/Msix packages. The namespace is a system location, inaccessible by default, from Windows Explorer. Although there are methods to get at the folders and files inside the namespace, you can’t just browse through this as a folder to get to the package files.
Inside that namespace, you will find subfolders for each app installed on the machine, including the OS built-in apps. The folder names here are not necessarily related to the MSIX filename, but are derived from fields within the package manifest files. All folders have their name following this pattern:
PublisherName.AppName_AppVersion_architecture_hash
Here’s an example of a folder name (Note: there are two underscore symbols "_" before the hash):
Microsoft.WindowsCalculator_10.1806.1821.0__x64__8wekyb3d8bbwe
The extracted MSIX package is inside the folder, just as you would see if you extract it with 7-Zip or other similar tools.
Only the OS can write in this location when installing your app. If your app is writing log files or other data inside the installation folder, it may crash or behave defectively. You need to either update your code to write outside of the package boundaries (and to %AppData% on OS 1903 and above) or fix it using the Package Support Framework for other OS versions and in the situations when you don’t have access to the code.
Appx Volumes
The installation path mentioned above is the default appx volume present on every Windows 11 machine using the WindowsApps namespace.
You can define multiple volumes, move apps between them, or completely move all apps from a volume (such as the default one) to a new one, on a different drive.
The appx volumes can be managed using these dedicated PowerShell commandlets:
> Add-AppxVolume > Remove-AppxVolume > Dismount-AppxVolume > Get-AppxVolume > Mount-AppxVolume
You can find more details on the MSIX PowerShell commandlets at Advanced Installer - MSIX Powershell cmdlets.
MSIX App Attach
The continuous evolution of digital workspace management has reached an exciting new chapter with recent enhancements to MSIX and, specifically, MSIX App Attach for Azure Virtual Desktop (AVD). These advancements offer substantial improvements, reflecting Microsoft's commitment to streamlining application management, reducing infrastructure complexity, and enhancing the administrator and end-user experience. Some of the notable improvements are:
App Attach
It's essential to understand the evolving toolkit of application delivery within Azure Virtual Desktop (AVD), as many environments rely on technologies like MSIX App Attach today for delivering line-of-business applications. Let’s look at the differences between "app attach" and "MSIX app attach" and how that changes the App Attach feature.
Key Differences and the Current Direction:
- Deprecation of MSIX App Attach:
- A critical point to emphasize is that Microsoft has announced the deprecation of MSIX App Attach, scheduled for June 1, 2025. Therefore, the focus is shifting entirely to the newer "app attach" functionality.
- This means that any current implementations of MSIX app attach should be migrated to the newer "app attach".
- Core Functionality:
- Both "app attach" and "MSIX app attach" share the fundamental goal of dynamically delivering applications to user sessions in AVD. This eliminates the need to install applications directly on session host VMs, streamlining image management and reducing overhead.
- They both allow for the separation of applications from the operating system. This makes it easier to update applications without updating the operating system.
- Although applications can be shared across pools, MSIX app attach packages had to be tied to a specific host pool when published. This has changed, allowing the sharing of applications across different pools.
- Users can run two versions of an application on the same host. This allows more flexibility and less user disruption when managing application upgrade scenarios.
- Evolution and Improvements:
- The newer "app attach" represents an evolution of the technology, incorporating improvements and addressing limitations of the older MSIX app attach. Microsoft is streamlining the process into the app attach feature.
- Additional application formats such as .appv, .appx, and .appxbundle are supported.
- The newer app attach is the way forward, and Microsoft is strongly advising that users migrate to this technology.
- Management and Assignment:
- Both technologies handle application assignment, which dictates which users have access to specific applications.
- One of the improvements with the new app attach, is improvements to the way that applications are assigned to users, and the granularity of control.
- With maintenance-free application updates, applications can be assigned, upgraded, or removed without requiring dedicated maintenance windows, minimizing user disruptions.
- App attach can send telemetry and data to log analytics about health.
- A migration script is available to facilitate the transition from the previous MSIX App Attach architecture to the enhanced architecture, easing the adoption process ahead of its deprecation in June 2025.
In essence:
- While "MSIX app attach" was a previous iteration, "app attach" is the current and future direction for dynamic application delivery in AVD.
- The focus is now on the newer app attach, and the older MSIX app attach technology is being deprecated.
Therefore, when working with AVD, it's important to consider the "app attach" functionality, as this technology may benefit management and user experience when deploying applications. Let's explore the nuances and practical implications of the shift from the MSIX app attach to the newer "app attach" within Azure Virtual Desktop (AVD).
Migration from MSIX App Attach
Configure a validation environment with at least one MSIX package delivered via app attach to a host pool.
Ensure the administrator has at least the Desktop Virtualization Contributor role in Azure to the subscription containing the host pool.
A local Windows 10 or Windows 11 device with PowerShell 5 or 7. Install the latest version of the Az PowerShell and Microsoft Graph PowerShell SDK. Specifically, you need the following PowerShell modules:
- Az.DesktopVirtualization
- Az.Accounts
- Az.Resources
- Microsoft.Graph.Authentication
Running the Migration Script
Connecting
The following PowerShell will download and unblock the script.
$url = "https://raw.githubusercontent.com/Azure/RDS-Templates/master/msix-app-attach/MigrationScript/Migrate-MsixPackagesToAppAttach.ps1"
$filename = $url.Split('/')[-1]
Invoke-WebRequest -Uri $url -OutFile $filename | Unblock-FileNext, import the required modules.
Install-Module -Name Az.DesktopVirtualization -Force -AllowClobber -Scope CurrentUser Install-Module -Name Az.Accounts -Force -AllowClobber -Scope CurrentUser Install-Module -Name Az.Resources -Force -AllowClobber -Scope CurrentUser Install-Module -Name Microsoft.Graph.Authentication -Force -AllowClobber -Scope CurrentUser Import-Module Az.DesktopVirtualization Import-Module Az.Accounts Import-Module Az.Resources Import-Module Microsoft.Graph.Authentication
Next, connect to your tenant with your administrator account.
Connect-AzAccount
A window will appear for you to select which account to authenticate with.
If you get errors related to MFA, you may need to supply the tenant and subscription for the command to work.
$tenantId = "e066ad3d-0c1e-4de2-9613-897c34b0600a" # Azure AD Tenant ID Replace with your Azure AD Tenant ID $subscriptionId = "0df052d8-f5c7-424f-b38e-1d7457588226" # Azure Subscription ID Replace with your Azure Subscription ID Connect-AzAccount -tenant $tenantId -SubscriptionId $subscriptionId
Next, connect to Microsoft Graph.
Connect-MgGraph -Scopes "Group.Read.All"
A web browser window will open to authenticate using your administrator account with Microsoft Graph.
Scripts can be found over here:
Migrating
To get all MSIX applications attached to a host pool, run the following.
$parameters = @{
HostPoolName = '<HostPoolName>'
ResourceGroupName = '<ResourceGroupName>'
}
Get-AzWvdMsixPackage @parameters | Select-Object DisplayName, NameConsider using the following to migrate applications from one host pool to another.
$parameters = @{
HostPoolName = '<HostPoolName>'
ResourceGroupName = '<ResourceGroupName>'
}
$msixPackages = Get-AzWvdMsixPackage @parameters
$hostPoolId = (Get-AzWvdHostPool @parameters).Id
$logFilePath = "C:\Temp\MsixToAppAttach.log"
$parameters = @{
IsActive = $true
DeactivateOrigin = $true
PermissionSource = 'DAG'
HostPoolsForNewPackage = $hostPoolId
PassThru = $true
LogInJSON = $true
LogFilePath = $LogFilePath
}
$msixPackages | .\Migrate-MsixPackagesToAppAttach.ps1 @parametersFind examples of migration scripts here.
YOU’RE READING
MSIX Packaging Fundamentals
by Tim Mangan, Bogdan Mitrache & Kevin Kaminski
Download ebookAlso check MSI Packaging Training Book