Dec 14 2020 10:05 AM - edited Feb 23 2021 09:39 AM
MSIX app attach is an application layering solution that allows you to dynamically attach an application (that is an MSIX package) to a user session. Separating the application from the operating system makes it easier to create a golden virtual machine image, and you get more control with providing the right application for the right user.
Previously, you had to use PowerShell scripts to enable MSIX app attach. MSIX app attach capability is now available in public preview in the Azure portal and is integrated with Azure Resource Manager. This eliminates the need for custom scripts and makes it possible to publish your packaged applications to application groups with a few clicks.
Draft troubleshooting guide for MSIX app attach is available here.
Before you get started, make sure to fill out and submit this form to enable MSIX app attach in your subscription. If you don't have an approved request, MSIX app attach won't work. Approval of requests can take up to 24 hours during business days. You'll get an email when your request has been accepted and completed.
The following are the requirements to setup MSIX app attach in a Windows Virtual Desktop environment:
This video walks through the MSIX app attach UI.
The steps for deploying a WVD host pool are outlined here. It is mandatory to provision the session host pool in the validation environment.
MSIX app attach requires an application packaged as MSIX. If you do not have an MSIX application you can use the MSIX Packaging tool to repackage a Win32 application to MISX application. Instructions are available here.
MSIX app attach needs MSIX application to be stored in a VHD(x). Steps on how to perform the expansion are available here.
If you do not have access to an MSIX application and MSIX images feel free to use these. They are provided without any guarantees and should not be used in production environments:
Application name |
URL |
Chrome as MSIX image |
|
Chrome in an MSIX package |
|
Microsoft Edge Dev v89 as MSIX image |
|
Microsoft Edge Dev v89 as MSIX package |
|
Microsoft Edge Dev v87 as MSIX image |
|
Microsoft Edge Dev v87 as MSIX image |
|
PowerBI as MSIX image |
https://1drv.ms/u/s!Amut9BnVnw7mkOVkUdswoKXTk9dfUw?e=fGTHy5
Note: this has dependencies that need to be delivered in the master image Links available here https://1drv.ms/u/s!Amut9BnVnw7mkOQth1hkT-SRdP2__g?e=YHbice |
PowerBI as MSIX package |
|
WVDMigration as MSIX image (test different cert type) |
https://1drv.ms/u/s!Amut9BnVnw7mkOIEPLX6PYOzx96nrg?e=9qEpJc
|
WVDMigrationBAD as MSIX image (bad packaging format) |
|
Microsoft Edge Dev v87 as MSIX image (expired cert) |
https://1drv.ms/u/s!Amut9BnVnw7mkOJamDr-mrs3rOoeCg?e=43JT7E
|
Notepad++ as MSIX image (missing cert test) |
https://1drv.ms/u/s!Amut9BnVnw7mkOF-o-E-bhp_btLgJw?e=6DO9ea
|
If you are using the provided MSIX applications, there are two certs:
All session hosts need access to the file share with MSIX app attach packages. This Tech Community blog covers the process.
Open a browser, preferably in incognito mode, and load the following link: https://preview.portal.azure.com/?feature.msixapplications=true#home
In the search bar type Windows Virtual Desktop and click on the service.
Select a host pool where MSIX applications are to be delivered.
Select MSIX packages.
This will open the data grid with all MSIX packages currently added to the host pool.
Click + Add. This will open the Add MSIX package blade.
MSIX image path – this is UNC path pointing to the MSIX image on the file share. For example, \\storageaccount.file.core.windows.net\msixshare\appfolder\MSIXimage.vhd.
MSIX package – if a valid, resolvable, and accessible path is provided this drop-down will be populated by all the MSIX packages in the MSIX image.
Package applications – list of MSIX applications available in an MSIX package.
Display name – Optional display name to be presented in the interface.
Version – MSIX package version automatically delivered from parsing the package.
Registration type
On-demand – this is the recommended type of registration. It postpones the full registration of the MSIX application until and the user starts the application.
Log on blocking – this type of registration is executing during session logon hence adding time to session logon completion.
State – MSIX package has two states (Active and Inactive). When a package is active users can interact with it. Inactive packages are ignored by WVD and not delivered to users.
Click Save.
In the WVD resource provider navigate to the Application groups blade.
Select an application group.
Note: During MSIX app attach preview MSIX app attach remote apps may disappear from the user feed. The remote MSIX apps can disappear from the user feed because host pools in the evaluation environment may get served by an RD Broker in a production environment (this happens when the RD broker optimizes to improve the end-user experience). Because the RD Broker in the production environment doesn't understand the date of the MSIX app attach remote apps, it won't display them.
Select the Applications blade. The Applications grid will display all currently added applications.
Click + Add to open the Add application blade.
Application source
MSIX package – display list of packages added to the host pool.
Display name – Optional display name to be presented in the Applications interface.
Description – Short description.
Note the options below are only applicable to remote application groups.
Click Save.
Select app group.
Select Assignments
To assign individual users or user groups to the app group, select +Add Azure AD users or user groups.
Select the users you want to have access to the apps. You can select single or multiple users and user groups.
Select Save.
It will take five minutes before the user can access the application.
Select MSIX packages.
This will open the data grid with all MSIX packages currently added to the host pool.
Select one or multiple that need to have their state change and click the Change state button.
Select MSIX packages.
This will open the data grid with all MSIX packages currently added to the host pool.
Click on Package name in the MSIX packages grid this will open the blade to update the package.
Toggle the State via the Inactive/Active button as desired and click Save.
Select MSIX packages.
This will open the data grid with all MSIX packages currently added to the host pool.
Click on Package name in the MSIX packages grid this will open the blade to update the package.
Toggle the Registration type via the On-demand/Log on blocking button as desired and click Save.
Select MSIX packages.
This will open the data grid with all MSIX packages currently added to the host pool.
Select one or multiple that need to be removed click the Remove button.
Navigate to the host pool and select Application groups.
Select the application group from which the MSIX application is to be removed.
From the application group blade select Applications.
Select the desired application and click Remove.
Dec 15 2020 12:33 PM
@Stefan Georgiev I have tried to add a package and after filling out the display name and clicking next, I am getting error as below
ActivityId: 35e6e4ff-4d9e-4168-8114-8a14888b97a1 Error: This functionality is not supported. It will be included in a future release.
Am I missing something.
Dec 15 2020 02:31 PM
@Stefan Georgiev I am getting the same error as @rejincm
Dec 15 2020 03:25 PM - edited Dec 15 2020 03:27 PM
@Stefan Georgiev, We are also getting the same error, and we have got confirmation from you that access to MSIX app attach access in WVD granted. Guessing it is a bigger issue as others are seeing also. Thanks
Dec 15 2020 05:10 PM
@Stefan Georgiev I could not add any MSIX package or image. Tried to add network fileshare path, Azure file share path, file URL, etc. Keep getting the error:
Dec 16 2020 09:30 AM - edited Dec 16 2020 12:35 PM
I got the "No MSIX packages could be retrieved from the image path" error. Error type is "aap contains untrusted signature". I am trying to use the chome msix package provided. I can't do anything with the CRT certificate on github, it says invalid. Please advice @Stefan Georgiev Thank you.
Dec 16 2020 01:47 PM
Dec 16 2020 01:48 PM
Dec 17 2020 03:12 AM
@tch0704 The path needs to be entered in UNC format i.e. \\server\share\folder\file.vhd
Dec 17 2020 03:14 AM - edited Dec 18 2020 01:11 AM
You can go back up a level at https://github.com/stgeorgi/msixappattach/find/master . Then install into Local Computer > Trusted People
Dec 17 2020 12:24 PM
Dec 17 2020 01:26 PM
@rejincm Same error and also Powershell doesn't work, with the same error message.
Dec 18 2020 01:21 AM
@rejincm We are hitting an error with the Azure whitelisting process that is blocking your sub, We are trying to do a fix tomorrow (well already today 12/18).
Dec 18 2020 01:23 AM
@chadhamilton37 there is a bug we found in the whitelisting process. There is a fix and we are trying to deploy it...however we are racing against time as there is a change freeze starting 12/18 12:00. If you have a different sub I now how to enable the feature and circumvent the bug.
Dec 18 2020 01:25 AM
@Robert_Hurd in short yes. All subs enabled between 12/14 and 12/15 are hitting a bug with the Azure whitelisting (feature flag process). The somewhat good news is that we have a fix that we are trying to deploy tomorrow. But, we are running against a change freeze deadline that starts tomorrow. So if you have a different sub we can enable that one an expedite your access to the feature.
Dec 18 2020 01:26 AM
@tch0704 we do not support HTTP/S paths must be an SMB resolvable path
Dec 18 2020 01:28 AM
@Robert Folkers Hi Robert, the underlying problem is in the way feature flags are handled in Azure. Fastest fix is to get a different sub enabled (we figured out how not to hit the bug), if you do not have a different sub you may like the fact we a re trying to kick of a deployment tomorrow that is going to fix the issue.
Dec 18 2020 01:31 AM
@Edmond Chou the error you are describing is due to the session host in your host pool not having the certificate added to trusted people. That is the same certificate that has been used to package the application.
Dec 18 2020 01:36 AM
Dec 18 2020 01:46 AM
@chadhamilton37 we are working to fix the bug. deployment for the fix is planned for 12/18 but there is no guarantee we can make it. The 100% fix is to enable a different sub under you Azure AD tenant.