Universal Windows Platform apps in the Enterprise
Why use Universal Windows Apps in the Enterprise?
Due to their nature, Classic Windows Apps (CWA) can be complicated and expensive to manage in the enterprise. It starts in the way a CWA installs. CWAs often elevate to install which means that during their installation they can write files to almost anywhere on the device and update shared areas of the registry. It is far too common that installing one app breaks one or more other apps as files are written and the registry changed. Even when the app installs safely the app can still break other apps or the system. I recently had a conversation about a “must have” app for an enterprise that was dramatically reducing the battery life of a 2-in-1 because the app set the system timer to be set to 1 millisecond which prevented the device from getting meaningful time at lower processor power states. This unfortunate situation was only uncovered as the enterprise tested this specific app on the target device. Because of the way CWAs are installed, and the capabilities they have while they run, enterprises must always perform testing not only on the app’s functionality but also on how the app may be impacting the system overall and other apps on the system. All this work is expensive and time consuming. Using Universal Windows Apps reduces the complexity and the expense of managing apps in the enterprise.
The Universal Windows Platform addresses some of the issues that make CWA complicated and expensive to manage with 3 elements at core of the platform. UWP apps are packaged, contained and verified.
Package
The UWP .appx package format accomplishes several goals. Among these is ensuring that everything an app needs to run is part of the app’s package. If an app uses a 3rd-party or cross-company component, the exact version of the component with which the app was developed and tested is in the app’s package. This increases the reliability of the app and prevents one app from updating a component that breaks another app or the system. Of course, since UWP apps are managed by Windows the OS can ensure that if there are apps on the system that are using the same component no space is wasted to multiple copies. We will dig into some of the optimizations we do here in an upcoming blog post. Windows installs UWP packages apps so there are no random registry writes that can break other apps and no need to elevate to install the app. Installing a UWP app will not break other apps or the device.
Contain
The UWP AppContainer prevents apps from making changes when running that could impact the system or other apps. This means that making a change like setting the system timer, and thus killing battery life for the device, is simply not possible with a UWP app. In addition, apps are restricted to their app specific storage area and only files and folders the user selects. This prevents both unintentional file collisions across apps and any access to files that the app is not authorized to access.
The AppContainer also restricts apps from interfering with other apps. Certainly apps need to work together and the Universal Windows Platforms provides many safe ways for apps to work together like App Services, App Extensions and launch for results.
Finally, there is some functionality in the platform that it is important for users to know the app will use. For example, when app needs access to common folders like Picture and Music or needs to use the camera or microphone. By default, the AppContainer blocks an app from this functionality. An app can gain access by declaring a capability which can be made known to the user even before they acquire the app. If an IT Admin does not agree that an accounting app needs to access a user’s music folder they can decline to acquire that accounting app.
With the AppContainer IT admins can be assured that UWP apps are not negatively impacting the system or other apps while running.
Verify
While we have built a platform that leads to better behaving apps just building the platform is not enough. Developers are often very motivated to provide the solution that they envision as the best option in a timely way. On occasion, developers have been known to find ways to circumvent platform functionality. To ensure that UWP apps are true to the platform, the Windows Store certification process verifies all UWP apps stay within the correct behavior. That is just a part of the store certification process as test covers several categories including performance, stability, and behavior. This app certification process happens for all apps in the general areas of Windows Store and for any enterprise line of business apps added directly to the enterprise’s Windows Store for Business private inventory.
We make a key component of the Windows Store certification process available as the Windows App Certification Kit. This enables developers and IT Admins run all the same automated tests for Line of Business apps that are not distributed through the Windows Store.
By using packaged, contained and verified Universal Windows Platform apps enterprises can reduce the amount of testing and verification required to update either the app or Windows itself which reduces the complication and expense of managing applications.
Kyle Marsh, Principal Program Manager, Windows Developer Platform