Distributing apps for Windows 10 Desktop devices

Before you distribute in-house or third-party apps for Windows 10 Desktop devices, ensure that:

  • Apps are signed with a publicly trusted certificate issued by a CA.
  • The devices are sideload enabled.

Certificates

We strongly recommend that in-house or third-party apps for Windows devices (8.1) are signed with a publicly trusted certificate issued by a Certificate Authority (CA). The CA’s root certificate must be supported by the Windows OS. Signing with a publicly trusted certificate eliminates any additional steps by the device user.

We do not recommend signing apps with a self-signed certificate, as this will require the device user to perform additional steps before you can distribute the apps.

Sideloading keys

This feature is supported for Windows Phone 8.1 only.

Typically, apps for Windows devices are signed and available only through the Windows Store. However, in-house and third-party apps can be made available through a process called sideloading. Each Window device must be sideload-enabled. You sideload-enable a device with sideload activation keys that you get directly from Microsoft.

For information about sideloading product activation keys, see

https://licensingapps.microsoft.com/product-activation-results?Category=Applications

For information about sideload enabling devices see
http://technet.microsoft.com/en-us/library/hh852635.aspx

The previous URLs are not controlled by and cannot be guaranteed to work or point to the correct page. They are provided here as a guide.

Pushing sideload activation keys

You can now push sideload activation keys to Windows devices (8.1) from Ivanti EPMM Version 7.1. Sideload activation keys are required to sideload enable a Windows devices (8.1). This in turn allows you to sideload apps to the device.

Before you Begin

You must get the sideload activation key directly from Microsoft.

Configuration tasks

  1. Adding the sideloading activation keys to Ivanti EPMM.
  2. Applying the sideloading activation keys configuration to a label.

Adding the sideloading activation key to Ivanti EPMM

To add the sideloading activation keys to Ivanti EPMM:

  1. In the Ivanti EPMM Admin Portal, go to Policies & Configs > Configurations.
  2. Click Add New > Windows > Sideloading Key.

  3. Use the following guidelines to fill the form:

    Field

    Description

    Name

    Enter a name for the configuration.

    Description

    Enter a description.

    Sideloading key

    Enter or copy and paste the sideloading key you received from Microsoft.
  4. Click Save.

Applying the sideloading key configuration to a label

To apply the sideloading key configuration to a label:

  1. In the Ivanti EPMM Admin Portal, go to Policies & Configs > Configurations.
  2. Select the sideloading key configuration.
  3. Click Actions > Apply to Label.
  4. In the Apply to Label dialog box, select the label.
  5. Click Apply. The sideloading key is pushed to the devices in the label when the device checks in with Ivanti EPMM.

Pushing the AET to Windows 8.1 Phone devices

If you are uploading third-party apps for distribution through Ivanti EPMM, you must also upload the AET (.aetx file) associated with the Symantec Enterprise Certificate used to sign the app. See Pushing the AET to Windows 8.1 Phone devices.

Follow these steps to push the token to Windows 8.1 Phone devices:

  1. In the Ivanti EPMM Admin Portal, go to Policies & Configs > Configurations.
  2. Click Add New > Windows > Enrollment Token (AET) (Windows Phone Only) to open the New Application Enrollment Token dialog box.
  3. Enter a Name and Description for the AET.

  4. Click Browse to locate and select the AET file.

    This is a .aetx file.

  5. Click Save.
  6. In the Configurations page, select the AET.

  7. Click Actions > Apply to Label and select the appropriate label.

    The AET is pushed to the devices to which the label is applied.