Skip to main content

Azure Virtual Desktop MSIX App Attach - Pt1

Recently I delivered a session on Azure Virtual Desktop App Attach. It's quite fascinating. If we look at the solution carefully we will realize with the MSIX app attached AVD will become almost a management-less solution. in this we are separating the apps from the base operating system.

With MSIX app attach,

  • You don’t need to maintain gold images
  • You can attach the same package to multiple hosts
  • Could save more on storage and maintaining storage and updates
  • Etc

So, before we get into how to do this

You need to know what MSIX, and App attach is means

  • MSIX – MSIX is the next generation format of application packages, previously we have MSI and now MSIX, what’s different with MSIX is, the application is running in a containers
  • App attach - App attach is the method of delivery for MSIX packages to the AVD


  1. App packaging environment
  2. MSIX packaging tool
  3. Working Azure Virtual desktop solution integrated with Active Directory Domain Services.
  4. Storage Accounts to host the packages in the cloud
  5. A Certificate (Prefer if you can have a publicly signed certificate)

Preparing the packaging environment

If you are using Hyper-V, you can use hyper v quick create to use Microsoft’s pre-setup template for app packaging

If you use that option, you will get VM as shown above, this VM will only have the required tools and the basic. Specially the “MSIX Packaging Tool”

Let begin. :D

Login to the App packaging VM and open “MSIX Packaging Tool” and select Create

And follow the instructions as below

Now select the installer.

And down the bottom selects your PFX file to sign the package. This is mandatory to sign the package and what you need to keep in mind is your cert needs to be code signing enabled as below if not package signing will failed

Fill in the package details as you need

Once you hit next, wizard will automatically launch the installer, what will happen at the same time tool will create a snapshot of the system and start capturing all the changes after that point until we confirm the application installation is completed. Just install the application as normal hear I’m installing visual studio code

Once the setup is completed, the tool will automatically identify its been completed and prompt you with below

If you are done with packaging hit next, and as I mentioned packing tool will look for all the changes within the window

Select “Yes Move on” and it will prepare our MSIX Package.

I have skipped few screenshots, just to keep things short once done you need to select the destination

If the packaging is successful, it will provide the below notification confirming the packing

In the next articles. let’s deep dive into how to convert this MSIX and use it in our AVD Environment.



Popular posts from this blog

Deploying an Automation Account with a Runbook and Schedule Using Bicep

Introduction Automation is a key component in many organizations' cloud strategy. Azure Automation allows you to automate the creation, deployment, and management of resources in your Azure environment. In this post, we will walk through the process of deploying an Automation Account with a Runbook and Schedule using Bicep, a new domain-specific language for deploying Azure resources. Intention My intention at the  end is to run a PowerShell  script to start and shutdown Azure VMs based on tag values. PowerShell  script that I have used is from below l ink.  And two  of me   collogue s ( Michael Turnley   and Saudh Mohomad helped to modify the  PowerShell  script. Prerequisites Before we begin, you will need the following: An Azure subscription The Azure CLI installed on your machine. The Azure Bicep extension for the Azure CLI Creating the Automation Account The first step in deploying an Automation Account with a Runbook and Schedule is to create the Aut

Migrating Azure DevOps Variable Groups

Howdy Folks, I was working on an application modernization project. And there was a requirement to migrate application deployments from one project to another in Azure DevOps. deployment pipelines were heavily dependent on variable groups. So, we wanted to migrate these variables group to the new project. Couldn't find any solutions in internet for this, so came up with the below scripts. You can grab the scripts from the below GitHub URL. DaniduWeerasinghe911/Migrate-Azure-DevOps-Variable-Groups: This Repo Include PowerShell Scripts relating to Migrating Azure DevOps Variable Groups ( Azure DevOps Variable Groups Azure DevOps Variable Groups are a way to store and manage sets of variables that can be used across multiple pipelines in Azure DevOps. These variables can include secrets, connection strings, and other sensitive information that is needed for builds and releases. Variable Groups provide a centralized way to manage these variables and ensure that they are cons

Securing Azure Services with Fetian FIDO

Hey Folks  Here again with another security topic with Fetian Fido. And once again Fetian devices proved their excellent quality and stability. For this I choose Fetian K33 -  AllinPass FIDO Security Key – FEITIAN ( and  K39 -  Single-button FIDO Security Keys | FEITIAN ( Use case  In an organization following changes needs to be implemented.  1. Update the password policy 2. Update the user session time out to 30 minutes Once these changes being implemented, the following issues need to be addressed 1. Users' complaint new passwords need to be so long 2. Users complain sessions time out makes them work so much slower with the longer passwords 3. Etc... Solution  One of my friends reached out to me to help solve this problem. All I could think of was using passwordless auth with FIDO devices. We have decided to use Fido2 keys for better security and flexibility for the users. The FIDO (Fast IDentity Online) Alliance helps to promote open authentication stand