Deploy a LOB “Modern” Windows 8 Application: Part 1

The introduction of Windows 8 brought a whole new type of application. This application was first known as “metro”, and now “modern”. These applications are designed for tablets and touchscreens.

This will be a two-part series on these new apps. This part will be an introduction to these new apps, the difference between desktop and modern apps, and sideloading apps vs. using AD.

Introduction to Modern Apps

When an application comes with both a modern and desktop interface, it is actually two versions of the software running on your computer. Take Internet Explorer, for example. If you open it from the Start Menu, this launches the modern version, while launching it from the desktop launches the desktop version. If you bookmark a website in the modern version, it does not show up in the desktop version.

In order for applications to use the modern interface, they must be written for the modern interface. You cannot take a desktop application and turn it into a modern application without rewriting it. To write your own modern application, you can use Visual Studio Express 2012 for Windows 8, available here: We will create a sample application in part 2 of this series.

Modern apps, by default, are installed per user. The only way to install them for the machine is to inject them into the Windows 8 WIM using a DISM command (more on this in part two). Also, for modern apps in the Windows Store, such as Skype or Netflix, you must have your Microsoft Live ID attached to your account. If you are not bound to an AD, you can also use this account to log into your computer. For AD-bound computers, you tie log in with your AD account and then tie your Live ID to the account.

Apps from the Windows Store can be deployed using Configuration Manager 2012 SP1. They are not, however, deployed in the same way that desktop apps are deployed. Administrators never actually download files to their environment. You pretty much put a link in Software Center to the app in the Windows Store. When your end user selects the app from Software Center, it takes them to the Windows Store where the app downloads. A Live ID must also be tied to the user, or the application will not download. These apps can be “Required”, so that they will install automatically (as long as a Live ID is tied to the user). I will show this process in more detail in part two of the series.

LOB (line-of-business) apps that are created in house are deployed using CM 2012 in a similar fashion to normal apps. They have a source directory, get copied to distribution points, and are installed via Software Center.


Modern apps are intended to run on tablets or touchscreen interfaces. They are specifically designed for touch with larger buttons, more spacing between items, and swipes. They can run on normal desktops and laptops, but they are optimized for touchscreens.

Modern apps are written in Java script or HTML5. That is why desktop apps cannot simply be converted into modern apps. Developers must specially write their apps for the modern interface.

Modern apps also store all settings within the app, meaning that they cannot be extracted and deployed to multiple settings. Modern apps can also not be extracted from a computer where the app is installed and deployed to other computers, as this breaks the Microsoft EULA. They only way to get them is from the Windows Store, or to develop your own in house.

Sideloading vs. AD

For in-house apps, you have two options for making Modern applications work. If you have an AD, you must make one group policy change. Change the “Allow all trusted apps to install” setting to enabled (Computer Configuration > Administrative Templates > Windows Components > App Package Deployment). This will allow you to load apps.

For those without an AD, you must use sideloading. For sideloading to work, you either need to have Software Assurance, or purchase sideloading keys from Microsoft. If you have Software Assurance, you can get your key from your volume license site. To purchase keys, contact your Microsoft reseller. They are normally $3,000 for 100 keys. If you have CM 2012, you can deploy the sideloading key from the “Software Library” node of the console:

If you do not have CM 2012, you can install the key with these commands from the command prompt:

slmgr /ipk <25-digit key>
slmgr /ato ec67814b-30e6-4a50-bf7b-d55daf729d1e

Type the last command EXACTLY as shown. This step activates the key.

Come back next week to learn how to create an app, sign it, and deploy it. I will be focusing on deployment using CM 2012 SP1, as well as the PowerShell commands for manual deployment. Before next week, please install Visual Studio 2012 Express for Windows 8 (link above) and Windows Software Development Kit for Windows 8 ( We will need Visual Studio to create the app, and the SDK for creating a certificate and signing the app.


Picture of Matt Tinney

Matt Tinney

Professional IT executive & business leader having decades of experience with Microsoft technologies delivering modern-day cloud & security solutions.

Contact Us

On Key

More Posts

E-Commerce Security - Solutions for Online Retailers

E-commerce Security – Solutions for Online Retailers

Today’s hyper-charged e-commerce landscape demands top-notch cybersecurity measures. Cybersecurity for this bustling sector isn’t just about ticking a technical box; it’s the cornerstone of building trust. As businesses and consumers flock to the online space, the

Read More »
WME Cybersecurity Briefings No. 017
Cyber Security

WME Security Briefing 08 July 2024

SnailLoad: A New Stealthy Threat to Web Privacy Overview: Researchers discover a concerning new side-channel attack technique: SnailLoad. It exploits inherent weaknesses in the internet to potentially monitor a user’s web activity without requiring any direct access to

Read More »
WME Cybersecurity Briefings No. 016
Cyber Security

WME Security Briefing 27 June 2024

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor Overview An unknown Golang-based backdoor GoRed is being employed by the cybercrime gang ExCobalt. This group has roots dating back to at least 2016 and possibly originates

Read More »
Top 7 Office 365 Backup Solutions
Cloud Computing

Top 7 Office 365 Backup Solutions

Let’s explore the top 7 Microsoft 365 (Office 365) backup and recovery solutions. These solutions feature, among others, automated backups, detailed reporting, and efficient deduplication. We will guide you through their pros and cons and what

Read More »
WME Cybersecurity Briefings No. 015
Cyber Security

WME Security Briefing 24 June 2024

Google’s Privacy Sandbox Faces Scrutiny Over User Tracking Allegations Overview Google’s Privacy Sandbox was initially designed to replace third-party cookies in Chrome. It was a more privacy-conscious solution, but the Austrian privacy group Noyb is now

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.