Deploy a LOB “Modern” Windows 8 Application: Part 1

The introduction of Windows 8 brought a whole new type of application. This application was first known as “metro”, and now “modern”. These applications are designed for tablets and touchscreens.

This will be a two-part series on these new apps. This part will be an introduction to these new apps, the difference between desktop and modern apps, and sideloading apps vs. using AD.

Introduction to Modern Apps

When an application comes with both a modern and desktop interface, it is actually two versions of the software running on your computer. Take Internet Explorer, for example. If you open it from the Start Menu, this launches the modern version, while launching it from the desktop launches the desktop version. If you bookmark a website in the modern version, it does not show up in the desktop version.

In order for applications to use the modern interface, they must be written for the modern interface. You cannot take a desktop application and turn it into a modern application without rewriting it. To write your own modern application, you can use Visual Studio Express 2012 for Windows 8, available here: We will create a sample application in part 2 of this series.

Modern apps, by default, are installed per user. The only way to install them for the machine is to inject them into the Windows 8 WIM using a DISM command (more on this in part two). Also, for modern apps in the Windows Store, such as Skype or Netflix, you must have your Microsoft Live ID attached to your account. If you are not bound to an AD, you can also use this account to log into your computer. For AD-bound computers, you tie log in with your AD account and then tie your Live ID to the account.

Apps from the Windows Store can be deployed using Configuration Manager 2012 SP1. They are not, however, deployed in the same way that desktop apps are deployed. Administrators never actually download files to their environment. You pretty much put a link in Software Center to the app in the Windows Store. When your end user selects the app from Software Center, it takes them to the Windows Store where the app downloads. A Live ID must also be tied to the user, or the application will not download. These apps can be “Required”, so that they will install automatically (as long as a Live ID is tied to the user). I will show this process in more detail in part two of the series.

LOB (line-of-business) apps that are created in house are deployed using CM 2012 in a similar fashion to normal apps. They have a source directory, get copied to distribution points, and are installed via Software Center.


Modern apps are intended to run on tablets or touchscreen interfaces. They are specifically designed for touch with larger buttons, more spacing between items, and swipes. They can run on normal desktops and laptops, but they are optimized for touchscreens.

Modern apps are written in Java script or HTML5. That is why desktop apps cannot simply be converted into modern apps. Developers must specially write their apps for the modern interface.

Modern apps also store all settings within the app, meaning that they cannot be extracted and deployed to multiple settings. Modern apps can also not be extracted from a computer where the app is installed and deployed to other computers, as this breaks the Microsoft EULA. They only way to get them is from the Windows Store, or to develop your own in house.

Sideloading vs. AD

For in-house apps, you have two options for making Modern applications work. If you have an AD, you must make one group policy change. Change the “Allow all trusted apps to install” setting to enabled (Computer Configuration > Administrative Templates > Windows Components > App Package Deployment). This will allow you to load apps.

For those without an AD, you must use sideloading. For sideloading to work, you either need to have Software Assurance, or purchase sideloading keys from Microsoft. If you have Software Assurance, you can get your key from your volume license site. To purchase keys, contact your Microsoft reseller. They are normally $3,000 for 100 keys. If you have CM 2012, you can deploy the sideloading key from the “Software Library” node of the console:

If you do not have CM 2012, you can install the key with these commands from the command prompt:

slmgr /ipk <25-digit key>
slmgr /ato ec67814b-30e6-4a50-bf7b-d55daf729d1e

Type the last command EXACTLY as shown. This step activates the key.

Come back next week to learn how to create an app, sign it, and deploy it. I will be focusing on deployment using CM 2012 SP1, as well as the PowerShell commands for manual deployment. Before next week, please install Visual Studio 2012 Express for Windows 8 (link above) and Windows Software Development Kit for Windows 8 ( We will need Visual Studio to create the app, and the SDK for creating a certificate and signing the app.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.