MSIX app attach Azure portal integration public preview

Microsoft

MSIX app attach is an application layering solution that allows you to dynamically attach an application (that is an MSIX package) to a user session. Separating the application from the operating system makes it easier to create a golden virtual machine image, and you get more control with providing the right application for the right user.

 

Previously, you had to use PowerShell scripts to enable MSIX app attach.  MSIX app attach capability is now available in public preview in the Azure portal and is integrated with Azure Resource Manager. This eliminates the need for custom scripts and makes it possible to publish your packaged applications to application groups with a few clicks.

 

Draft troubleshooting guide for MSIX app attach is available here.

Overview and requirements

 

Before you get started, make sure to fill out and submit this form to enable MSIX app attach in your subscription. If you don't have an approved request, MSIX app attach won't work. Approval of requests can take up to 24 hours during business days. You'll get an email when your request has been accepted and completed.

 

The following are the requirements to setup MSIX app attach in a Windows Virtual Desktop environment:

  • Host pool in Windows Virtual Desktop with at least one active session host
  • Host pool in the validation environment
  • MSIX packaged application expanded into an MSIX image
  • MSIX image is uploaded to file share
  • The file share is accessible for all session hosts in the host pool
  • When using a digital certificate that is not sourced from a CA please follow instructions here on each VM in the host pool 

 

This video walks through the MSIX app attach UI.

 

Deploy WVD (Windows Virtual Desktop) host pool

 

The steps for deploying a WVD host pool are outlined here. It is mandatory to provision the session host pool in the validation environment.

rds1.png

 

MSIX application

 

MSIX app attach requires an application packaged as MSIX. If you do not have an MSIX application you can use the MSIX Packaging tool to repackage a Win32 application to MISX application. Instructions are available here.

 

Prepare MSIX image

 

MSIX app attach needs MSIX application to be stored in a VHD(x). Steps on how to perform the expansion are available here.

 

If you do not have access to an MSIX application and MSIX images feel free to use these. They are provided without any guarantees and should not be used in production environments:

 

Application name

URL

Chrome as MSIX image

https://1drv.ms/u/s!Amut9BnVnw7mkOVMWy-sU8aiaStuxQ?e=AqwZ0D

Chrome in an MSIX package

https://1drv.ms/u/s!Amut9BnVnw7mkOVLPExhghP4iM8LRQ?e=wJHd9P

Microsoft Edge Dev v89 as MSIX image

https://1drv.ms/u/s!Amut9BnVnw7mkOVddlHiIoei4RdROQ?e=kwdvDq

Microsoft Edge Dev v89 as MSIX package

https://1drv.ms/u/s!Amut9BnVnw7mkOVczWWmEiUhv2IC3A?e=eBGL8B

Microsoft Edge Dev v87 as MSIX image

https://1drv.ms/u/s!Amut9BnVnw7mkOVbdz4gmTb7rqHoeg?e=6dEhj5

Microsoft Edge Dev v87 as MSIX image

https://1drv.ms/u/s!Amut9BnVnw7mkOVaArIPkiAg5XzusQ?e=ZthNbz

PowerBI as MSIX image

https://1drv.ms/u/s!Amut9BnVnw7mkOVkUdswoKXTk9dfUw?e=fGTHy5

 

Note: this has dependencies that need to be delivered in the master image Links available here https://1drv.ms/u/s!Amut9BnVnw7mkOQth1hkT-SRdP2__g?e=YHbice

PowerBI as MSIX package

https://1drv.ms/u/s!Amut9BnVnw7mkOVi5SXqDxAr6MBAKw?e=pm1c2q

WVDMigration as MSIX image (test different cert type)

https://1drv.ms/u/s!Amut9BnVnw7mkOIEPLX6PYOzx96nrg?e=9qEpJc

 

WVDMigrationBAD as MSIX image (bad packaging format)

https://1drv.ms/u/s!Amut9BnVnw7mkOF6izJaA6rMxih_fQ?e=VU6Wbp

Microsoft Edge Dev v87 as MSIX image (expired cert)

https://1drv.ms/u/s!Amut9BnVnw7mkOJamDr-mrs3rOoeCg?e=43JT7E

 

Notepad++ as MSIX image (missing cert test)

https://1drv.ms/u/s!Amut9BnVnw7mkOF-o-E-bhp_btLgJw?e=6DO9ea

 

If you are using your own application, you will need to install the certificate used to sign the MSIX package.

 

Install certificates

 

If you are using the provided MSIX applications, there are two certs:

 

Configure a file share

 

All session hosts need access to the file share with MSIX app attach packages.  This Tech Community blog covers the process.

 

Configure MSIX app attach via Azure portal

 

Open a browser, preferably in incognito mode, and load the following link: https://preview.portal.azure.com/?feature.msixapplications=true#home

In the search bar type Windows Virtual Desktop and click on the service.

 

rds.png

 

Select a host pool where MSIX applications are to be delivered.

 

rds2.png

 

Select MSIX packages.

This will open the data grid with all MSIX packages currently added to the host pool.

Click + Add. This will open the Add MSIX package blade.

 

rds3.png

 

MSIX image path – this is UNC path pointing to the MSIX image on the file share. For example, \\storageaccount.file.core.windows.net\msixshare\appfolder\MSIXimage.vhd.

MSIX package – if a valid, resolvable, and accessible path is provided this drop-down will be populated by all the MSIX packages in the MSIX image.

Package applications – list of MSIX applications available in an MSIX package.

Display name – Optional display name to be presented in the interface.

Version – MSIX package version automatically delivered from parsing the package.

Registration type

On-demand – this is the recommended type of registration. It postpones the full registration of the MSIX application until and the user starts the application.

 

Log on blocking – this type of registration is executing during session logon hence adding time to session logon completion.

State – MSIX package has two states (Active and Inactive). When a package is active users can interact with it. Inactive packages are ignored by WVD and not delivered to users.

Click Save.

 

Publish MSIX application to an application group

 

In the WVD resource provider navigate to the Application groups blade.

Select an application group.

 

Note: During MSIX app attach preview MSIX app attach remote apps may disappear from the user feed. The remote MSIX apps can disappear from the user feed because host pools in the evaluation environment may get served by an RD Broker in a production environment (this happens when the RD broker optimizes to improve the end-user experience). Because the RD Broker in the production environment doesn't understand the date of the MSIX app attach remote apps, it won't display them.

 

Select the Applications blade. The Applications grid will display all currently added applications.

rds4.png

Click + Add to open the Add application blade.

Application source

  • For desktop app groups the only source for applications is an MSIX package.

rds5.png

 

  • For remote app group, there are three sources of applications.
    • Start menu
    • App path
    • MSIX package

 

MSIX package – display list of packages added to the host pool.

 

 

rds6.png

 

Display name – Optional display name to be presented in the Applications interface.

Description – Short description.

Note the options below are only applicable to remote application groups.

  • Icon path
  • Icon index 
  • Show in web feed

Click Save.

 

Assign users to app group

 

Select app group.

Select Assignments

To assign individual users or user groups to the app group, select +Add Azure AD users or user groups.

Select the users you want to have access to the apps. You can select single or multiple users and user groups.

Select Save.

It will take five minutes before the user can access the application.

 

Change MSIX package state

 

Via the Applications grid

 

Select MSIX packages.

This will open the data grid with all MSIX packages currently added to the host pool.

Select one or multiple that need to have their state change and click the Change state button.

 

Via update package

 

Select MSIX packages.

This will open the data grid with all MSIX packages currently added to the host pool.

Click on Package name in the MSIX packages grid this will open the blade to update the package.

Toggle the State via the Inactive/Active button as desired and click Save.

 

Change MSIX package registration type

 

Select MSIX packages.

This will open the data grid with all MSIX packages currently added to the host pool.

Click on Package name in the MSIX packages grid this will open the blade to update the package.

Toggle the Registration type via the On-demand/Log on blocking button as desired and click Save.

 

Remove MSIX package

 

Select MSIX packages.

This will open the data grid with all MSIX packages currently added to the host pool.

Select one or multiple that need to be removed click the Remove button.

 

Removing MSIX application

 

Navigate to the host pool and select Application groups.

Select the application group from which the MSIX application is to be removed.

From the application group blade select Applications.

Select the desired application and click Remove.

240 Replies

@Edmond Chou 

Please Copy and add the Certificate to the Local Trusted Root of each WVD Session host machine where the MSIX App Attach should be published. This will resolve your issue

@Jantu123 

Something magical happend, somehow it started to work. Maybe also for you?

@StephanK @Stefan Georgiev 

I can confirm it is working now for me as well. :)

@Stefan Georgiev Don't know what is changed, but for me it is working right now. Have to say, i have the VHD on my Domain controller C: share, but it's loaded in the MSIX preview. I am going to test it also from the Azure Files shares. 

@ejbakker and @StephanK@Stefan Georgiev contacted me yesterday and informed that they did some magic on their side and fixed the bug and it should start working Today.

 

I can also confirm on my side that it is now fixed. 

I just confirmed it is working on our side as well. Thank you for your hard work on this everyone!
Hi all, it's working also for me!
I think that MS released functionality too early.

@StephanK during a deployment last week of the new year a switch was flipped that blocked MSIX app attach. We flipped it back and all impacted host pools are working.

I am still suffering from the error "This functionality is not supported. It will be included in a future release."

 

Subscription ID: 16ace453-d511-42d9-bac0-ee6b8658678e

 

Stefan has approved that twice, but it is still not working~ I checked this daily~

Can someone help check that

 

Thanks

 

@Stefan Georgiev 

App attach is now working. But how can we now assign the apps in the desktop sessions to individual users/groups in a differentiated way?

@grube33 

If you unpublish the apps from the Desktop App Group, and then create multiple RemoteApp Groups in the host pool. Then assign the specific apps and users to each of the RemoteApp groups, this will achieve the differentiation 

@Stefan Georgiev 

 

Hi, i have a couple of questions about MSIX app attach:

1. If i have multiple users logged in over multiple session host. Do both hosts get the single (notepad++) VHD attached? Normally VHD can only attach to one OS right?

2. What kind off applications don't work with app attach?

3. What happens when a share with the VHD('s) attached is disconnected?

I tried with the Google Chrome 68 package and everything is working!

I love it! Thanks @Stefan Georgiev!

 

But now I'm trying to add Chrome to an application group so I added it without any problem but what about the Icon Path?

 

My understanding is that the .vhd is mounted inside the C:\Program Files\WindowsApps folder so I checked and the chrome.exe file is in the C:\Program Files\WindowsApps\GoogleChrome_68.46.66.0_x64__74vyvr5aw93s6\VFS\ProgramFilesX64\Google\Chrome\Application\chrome.exe path.

 

I added this information inside the application group but unfortunately it seems not working.

 

Any guess?

Running great, Thanks !

@Marco Moioli I figured out exactly the same path for icon :) However, end result is the same, too i.e. App Attach works inside Desktop Application Group but not on RemoteApp Application Group. 

I picked up the following events in Session Host RemoteDesktopServices event log:

Event #SourceEventData
1Microsoft.RDInfra.RDAgent.Service.IconExtractorCount of images for resource name 0 located at index 0 in file C:\Program Files\WindowsApps\GoogleChrome_68.46.66.0_x64__74vyvr5aw93s6\VFS\ProgramFilesX64\Google\Chrome\Application\chrome.exe is 7
2Microsoft.RDInfra.RDAgent.Service.IconExtractorPng image encountered during extraction of icon from file C:\Program Files\WindowsApps\GoogleChrome_68.46.66.0_x64__74vyvr5aw93s6\VFS\ProgramFilesX64\Google\Chrome\Application\chrome.exe at index 0
3Microsoft.RDInfra.RDAgent.Service.IconExtractorPng image is valid
4Microsoft.RDInfra.RDAgent.Service.IconExtractorIcon structure is successfully constructed from index 0 of file C:\Program Files\WindowsApps\GoogleChrome_68.46.66.0_x64__74vyvr5aw93s6\VFS\ProgramFilesX64\Google\Chrome\Application\chrome.exe
5Microsoft.RDInfra.RDAgent.Service.IconExtractorIconExtractor has successfully extracted the raw icon from file C:\Program Files\WindowsApps\GoogleChrome_68.46.66.0_x64__74vyvr5aw93s6\VFS\ProgramFilesX64\Google\Chrome\Application\chrome.exe at index 0
6Microsoft.RDInfra.RDAgent.Service.IconExtractorIconExtractor has successfully extracted the PngIcon from file C:\Program Files\WindowsApps\GoogleChrome_68.46.66.0_x64__74vyvr5aw93s6\VFS\ProgramFilesX64\Google\Chrome\Application\chrome.exe at index 0
7Microsoft.RDInfra.Messaging.DefaultMessenger[] Dispatched message '{"MessageId":"3f552184-b195-4590-9ea3-f44685854460","Type":0,"Request":{"MethodName":"GetApplicationIconAsync","Arguments":{"IconPath":"C:\\Program Files\\WindowsApps\\GoogleChrome_68.46.66.0_x64__74vyvr5aw93s6\\VFS\\ProgramFilesX64\\Google\\Chrome\\Application\\chrome.exe","IconIndex":0},"Headers":{"x-ms-correlation-id":"4dea5568-26d0-4851-918d-8ac186bcb012","x-ms-activity-context":"False","ms-wvd-activity-hint":"ms-wvd-ag:d1433e3f-3834-46be-8e78-dac2fee40e8e","x-ms-lamport-ts":"534208473"}},"Response":null}'

 

Based on these events, error is not caused by missing icon. I even tried using 1 as icon index but it didn't work either. I guess, we'll have to wait for @Stefan Georgiev to lead us again.

For VSC Insiders, the icon path is C:\Program Files\WindowsApps\VSCodeInsider_1.0.0.0_x64__2ys8zad5r90am\VFS\UserProgramFiles\Microsoft VS Code Insiders\Code - Insiders.exe

@Mika Seitsonen Just to double check, did you notice this from the dokumentation:

 

When a user is assigned to remote app group and desktop app group from the same host pool the desktop app group will be displayed in the feed.”

 

Source: https://docs.microsoft.com/en-us/azure/virtual-desktop/app-attach-azure-portal#publish-msix-apps-to-...

 

I had this issue when I started testing which was fixed by ensuring that user was not assigned to both Remote  app and Desktop app group. After the change Remote app icons appeared.


Update: I can now also unfortunately confirm that the Remote app MSIX apps icons that were visible and working for me couple of days again disappeared. When testing With Desktop app group MSIX apps work fine. Wonder what changed again.

 

Update 2: Now both MSIX Desktop Applications & Remoteapps stopped working.

Based on error message there is issue with registration. Staging is now succesful, MSIX images are mounted when checked in disk management.

AppAttachServiceImpl - AppAttachRegisterAsync: Failed to get packages to register: Microsoft.RDInfra.Shared.Common.RestError.RestException: WVD_50002: ≤S-1-5-21-1582688470-541055633-2624462867-3101≥ not found. 

Checked again sub is white listed and you should not be getting the error message you are seeing unless your host pool is not in evaluation environment but is in production
1. No that is not true if you are mounting as readonly which we are :)
2. This is a complex topic - drivers of any kind, vpn client, anitvirus
3. Generally nothing unless a machine restart and tries to mount that VHD but the share is missing then you get host going unavailable.
hi Marco, for MSIX packages we only specify icon path if we want to over ride the default icon that is already in the package. If you need to change the icon in the package that is done during compile or repackage, if you want a custom icon then it cannot be on the C:\ drive of a host