Windows 8.1: Common Myths Around Windows Modern Applications, Microsoft Accounts and Sideloading

The Windows Guy (PFE Milad Aslaner) is back with a new blog post around the biggest myths I see at the moment when talking with Microsoft Premier Customers around Windows Modern Apps in Windows 8.1. For those who remember I wrote something similar when we shipped Windows 8.

Myth #1: I need a Microsoft Account to use pre-installed Windows Modern Apps

Wrong! You can always decide to not use a Microsoft Account and still take advantage of the beautiful Windows Modern Apps which are pre-installed except the Mail, Contacts and Calendar Apps which require a Microsoft Account for authentication.

Myth #2: In order to update Windows Modern Apps I need to have a Microsoft Account

This is also not true. When we shipped Windows 8 you could already update any pre-installed Windows Modern App without using a Microsoft Account. The only downside was that the user had to manually go into the Windows Store and choose to update the Modern Apps. Now with Windows 8.1 you can automatically install updates from the store (without using a Microsoft account), and that can be done even when the Windows Store has been disabled through group policies.

Myth #3: If I allow Microsoft Accounts employees can download and run any App they like

Not exactly. AppLocker provides the ability for you to black- or whitelist Windows Modern Apps just like you can for legacy applications. This means that you choose if the user should be able to run for example Windows Modern Apps from gaming publishers.

Myth #4: We are unable to synchronize settings of Windows Modern Apps

With Windows 8.1 you are able to synchronize Windows Modern Apps settings through the Microsoft Account or you could also use User Experience Virtualization 2.0 (UE-V) as an enterprise solution.

Myth #5: Microsoft doesn’t provide enterprises the option to have their own Apps Store

Both; System Center Configuration Manager 2012 R2 as well as Windows Intune provide enterprises the option to have their own Enterprise Store. For Windows Intune you can get the Company Portal App and if you choose the ConfigMgr way you can use the Application Catalog for it.

Myth #6: Windows Modern Apps do not work probably with Authenticated Proxy

The issues we have seen with Windows Modern Apps under Windows 8 for Authenticated Proxy scenario have been fixed. Now even If you are running Modern Apps behind an authenticated proxy it should work.

Myth #7: I saw on a blog that I can do an AD federation to have corresponding Microsoft Accounts

This is not true. Microsoft Accounts are unique to the user and the enrollment is user-driven.

Myth #8: I’m able to move Windows Modern Apps to another file system location right?

Not correct. Windows Modern Apps have a default file location which should not be changed.

Myth #9: Are Windows Modern Apps really so secure?

Windows Modern Apps have a strong security architecture. Each App is running in its own AppContainer and they are only able to communicate with each other using Microsoft specified APIs. By default, Modern Apps have also no interaction with the legacy desktop. Those AppContainers are running at a low integrity level which is a great way to mitigate attack scenarios where malware engineers try to access for example the system root folder, driver locations or registry through Modern Apps.

Myth #10: Sideloading can only be done if I use System Center Configuration Manager 2012

In addition to SCCM 2012, you can also use Windows Intune or even PowerShell scripts distributed over Group Policies to perform Sideloading of Windows Modern Apps. The most flexible and recommended way would be over SCCM 2012 as it offers the manageability layer for enterprise scenarios.

Myth #11: Nothing has changed for Windows to Go and the Windows Store

Wrong! In Windows 8 the Windows Store was disabled for Windows to Go devices due to some challenges with regards to licensing. Now with Windows 8.1 we fixed that and this means that Windows to Go devices which have been upgraded to Windows 8.1 are able to access the Windows Store.

Myth #12: I do not have any event logs to see what’s going on with Windows Modern Apps

That’s also not correct. We have in fact a lot of very useful event logs. In Event Viewer just go to Application and Services Logs –> Microsoft –> Windows and you will find in Windows 8.1: Apps, Apps-API, AppXDeployment, AppXDeployment-Server and AppxPackagingOM.

I hope that this helps you to get a little bit of more insight around Windows Modern Apps.


Original content from Milad Aslaner. Posted by MSPFE editor Pam Lahoud.