1password Msi



As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between. The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future. 1Password Advanced Protection Your business already has its own access and security policies, and now you can enforce them in 1Password with Advanced Protection. Set Master Password requirements, enforce two-factor authentication, create firewall rules, require up-to-date apps, and monitor sign-in attempts. Learn more about Advanced Protection.

-->

You can use the MSIX Packaging Tool to create an MSIX application package from any of the following options:

  • MSI
  • EXE
  • ClickOnce
  • App-V
  • Script
  • Manual installation

This doc will walk you through how to take any existing assets you have, and convert them to MSIX.

Before you start conversion, we recommend ensuring that you understand your installer, and whether it will convert.

We also recommend following the best practices to configure your environment and the MSIX Packaging Tool for conversion.

Note

The MSIX Packaging Tool currently supports App-V 5.1. If you have a package with App-V 4.x, we recommend that you use the source installer to convert to MSIX.

When the tool is first launched, you will be prompted to provide consent to sending telemetry data. It's important to note that the diagnostic data you share only comes from the app and is never used to identify or contact you.

Creating an application package is the most commonly used option. This is where you will create an MSIX package from an installer, or by manual installation of the application payload.

Packaging method

Select an option your conversion machine:

  • If you are already working in a clean environment, select Create package on this computer

  • If you want to connect to an existing virtual or remote machine, select Create package on a remote machine

    • You will need to set up your remote machine before you are able to convert on it
  • If you have a local virtual machine on your machine you want to convert on, select Create package on a local virtual machine

    • Please note that we only support Hyper-V virtual machines, if you want to use another virtualization product you can connect using the remote machine option.
  • Click Next

Prepare computer

Next, the Prepare computer page provides options to prepare the computer for packaging.

The MSIX Packaging Tool Driver is required and the tool will automatically try to enable it if it is not enabled. The tool will first check with DISM to see if the driver is installed. If you run into an issue, try checking our troubleshooting documentation, then filing a Feedback Hub issue if the problem persists.

Note

Msi

The MSIX Packaging Tool Driver monitors the system to capture the changes that an installer is making on the system which allows MSIX Packaging Tool to create a package based on those changes.

Windows Update is Active We will temporarily disable Windows Update for the duration of packaging so that we don't collect any extraneous data.

  • The Pending reboot checkbox is disabled by default. You'll need to manually restart the machine and then launch the tool again if you are prompted that pending operations need a reboot. This not required, only recommended.

  • [Optional] Check the box for Windows Search is Active and select Disable selected if you choose to disable the search service.

    • This is not required, only recommended.
    • Once disabled, the tool will update the status field to Disabled.
  • [Optional] Check the box for SMS Host is Active and select Disable selected if you choose to disable the host service.

    • This is not required, only recommended.
    • Once disabled, the tool will update the status field to Disabled.

When you're done preparing the machine, click Next.

Choose the installer you want to package

The first thing you will want to do is understand what will happen with the installer you wish to convert. With any of these installers, you can specify them here to simplify your workflow, or you can manually run it at the time of installation later in the workflow.

1password

MSI installers

If you are converting a .msi installer, you can simply browse for it, and specify the .msi. If you have an accompanying .mst or .msp file, you can specify that in the installer arguments field. One of the benefits of specifying your .msi here is that we can pull all of the package information from it, saving you time on the next step of conversion.

App-V installers

If you are converting using an App-V, this is a really simple process for you. All you need to do is specify an App-V file, and you get fast tracked to the create an MSIX page. This is because the manifest of the package simply needs to get translated to an MSIX package, and then it just works as an MSIX. The caveat here is that the tool only supports App-V 5.1 - if your App-V is version 4.x, we recommend that you take the source installer and then convert it directly to MSIX.

EXE installers

If you are converting a .exe installer, you can specify the installer at this point. Due to the lack of format consistency with an exe, you will need to manually enter the package information for your installer.

ClickOnce installers

If you are converting a ClickOnce installer, you can specify the installer at this point. Like an .exe, you will need to manually enter the package information for your installer.

Scripts

If you are using a script to install your application, you can specify the command line here. Alternatively, you can leave this field blank and run the script manually during the installation phase.

Manual installation

If you wish to manually run your installer, or perform the actions of the installer manually, you can leave the installer field blank, and during the installation phase, perform the actions required for your installer.

If you are trying to generate a conversion template file, you will be unable to do so without specifying an installer.

If you have any installer arguments, you can enter the desired argument in the provided field. This field accepts any string.

Signing preference

Under Signing preference, select a signing option. You can also set this as a default in your settings, which will save you some steps each time you convert.

  • Sign with Device Guard signing This option allows you to sign in to your Microsoft Active Directory account that you have configured to use with Device Guard signing, which is a signing service that Microsoft provides where you don't need to provide your own certificate. Learn more about how to set up your account and about Device Guard signing here.
  • Sign with a certificate(.pfx) Browse to and select your .pfx certificate file. If the certificate is password protected, type the password in the password box.
  • Specify a .cer file (does not sign) This option allows you to specify a .cer file. This is useful when you don't want to sign the package, but you want to ensure that the publisher information matches the subject of the certificate that will be used for signing.
  • Do not sign package Select this option if you will be signing your package at a later time. NOTE: You cannot install an MSIX package if it is not signed
  • When signing, we highly recommend adding a timestamp to your certificate so that the validity of your certificate can outlast its expiration date. The accepted format is an RFC 3161 time stamp server URL.

Note

Signing an MSIX package format application with a SHA1 certificate is not supported.

Click Next to proceed.

Package information

After you choose to package your application on an existing virtual machine, you must provide information about to the app. The tool will try to auto-fill these fields based on the information available from the installer. You will always have a choice to update the entries as needed. If the field as an asterisk*, it's required. Inline help is provided if the entry is not valid.

  • Package name:
    • Required and corresponds to package identity Name in the manifest to describe the contents of the package.
    • Is not shown to the end user.
    • Is case-sensitive and cannot have a space.
    • Can accept string between 3 and 50 characters in length that consists of alpha-numeric, period, and dash characters.
    • Cannot end with a period and be one of these: 'CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', and 'LPT9.'
  • Package display name:
    • Required and corresponds to package in the manifest to display a friendly package name to the user, in start menu and settings pages.
    • Field accepts A string between 1 and 256 characters in length and is localizable.
  • Publisher name:
    • Required and corresponds to package that describes the publisher information.
    • The Publisher attribute must match the publisher subject information of the certificate used to sign a package.
    • This field accepts a string between 1 and 8192 characters in length that fits the regular expression of a distinguished name : '(CN | L | O | OU | E | C | S | STREET | T | G | I | SN | DC | SERIALNUMBER | Description | PostalCode | POBox | Phone | X21Address | dnQualifier | (OID.(0 | [1-9][0-9])(.(0 | [1-9][0-9]))+))=(([^,+='<>#;])+ | '.')(, ((CN | L | O | OU | E | C | S | STREET | T | G | I | SN | DC | SERIALNUMBER | Description | PostalCode | POBox | Phone | X21Address | dnQualifier | (OID.(0 | [1-9][0-9])(.(0 | [1-9][0-9]))+))=(([^,+='<>#;])+ | '.')))*'.
  • Publisher display name:
    • Required and corresponds to package in the manifest to display a friendly publisher name to the user, in App installer and settings pages.
    • Field accepts A string between 1 and 256 characters in length and is localizable.
  • Version:
    • Required and corresponds to the package in the manifest to describe the version number of the package.
    • This field accepts a version string in quad notation: 'Major.Minor.Build.Revision'.
  • Description:
    • This field is optional.
  • Install location:
    • This is the location that the installer is going to copy the application payload to (usually Programs Files folder).
    • This field is optional but recommended when the app payload is being installed outside of the Program Files folders.
    • Browse to and select a folder path.
    • Make sure this file matches the installer's install location while you go through the application install operation.
  • Add support for MSIX Core to this package.
    • When selected, this checkbox will then reveal a drop down that will aloow you to select a Windows version for MSIX Core support for the package you are generating.

Installation

  • This is the installation phase where the tool is monitoring and capturing the application install operations.
  • The tool will launch the installer in the environment that was specified previously and you'll need to go through the installer wizard to install the application.
    • Make sure the installation path matches what was defined earlier in the package information page.
    • You might need to create a shortcut in desktop for the newly installed application.
    • Once you're done with the application installation wizard, make sure you finish or close on the installation wizard.
    • If you need to run multiple installers you can do that manually at this point.
    • If the app needs other pre-requisites, you need to install them now.
    • If the application needs .Net 3.5/20, add the optional feature to Windows.
  • If you did not specify an installer previously, here is where you can manually run your installer or script.
  • If your installer requires a restart, you can perform a manual restart, or use the 'restart' button to perform the restart, and you will return to this point in the conversion process after the restart.
  • When you've completed installing the application, click Next.

Manage first launch tasks

This page shows application executables that the tool captured. We recommended launching the application at least once to capture any first launch tasks.

You can launch the executable by selecting it, and then clicking run. You can also remove any unnecessary entry points by selecting it, and then clicking remove.

If there are multiple applications, check the box that corresponds to the main entry point. If you don't see the application .exe here, manually browse to and run it. Then, refresh list.

Click Next You'll be prompted with a pop up asking for confirmation that you're finished with application installation and managing first launch tasks.

1password Install Windows

  • If you're done, click Yes, move on.
  • If you're not done, click No, I'm not done. You'll be taken back to the last page to where you can launch applications, install or copy other files, and dlls/executables.

Services report

1password Million

Starting in the 1.2019.1220.0 version of the MSIX Packaging Tool, you can convert an installer with services, and so we've added a Services report page. If no services were detected, you will still see this page, but it will be empty with a message that no services were detected at the top of the page.

The Services report page lists services that were detected in your installer during conversion. Services that have all the information they need and are supported will be shown in the Included table. Services that need additional information, need a fix, or aren’t supported will be shown in the Excluded table.

To fix a service or see additional data about the service, double-click the service entry in the table to view a pop-up with more information about the service. You can edit some of this information if you need to.

  • Key name: The name of the service. This is not editable.
  • Description: The description of the service entry.
  • Display name: The display name of the service.
  • Image path: Location of the service executable. This is not editable.
  • Start account: The start account for the service.
  • Startup type: Type of startup for the service. Supports Automatic, Manual, and Disabled.
  • Arguments: Arguments to be run when the service starts.
  • Dependencies: Dependencies for the service.

After a service has been fixed, you can move it to the Included table or you can choose to leave it in the Excluded table if you don’t want it in your final package. For additional information, check out the services documentation.

Create package

  • Provide a location to save the MSIX package.
  • By default, packages are saved in local app data folder.
  • You can define the default save location in Settings menu.
  • If you are generating a conversion template file, you can also specify a different save location for that template file if you don't want it in the same location as the MSIX package.
  • If you'd like to continue to edit the content and properties of the package before saving the MSIX package, you can select Package editor and be taken to package editor.
  • Click Create to create the MSIX package.

You'll be presented with a pop up when the package is created. This pop up will include the save location, linked to the file location of the newly created package. It also includes a link to the location of the log files for the MSIX Packaging Tool. You can close this pop up and get redirected to the welcome page. You can also select Package editor to see and modify the package content and properties.

-->

Microsoft Intune supports a variety of app types and deployment scenarios on Windows 10 devices. After you've added an app to Intune, you can assign the app to users and devices. This article provides more details on the supported Windows 10 scenarios, and also covers key details to note when you're deploying apps to Windows. For information about deploying an app, also known as assigning an app, see Assign an app to a group.

Line-of-business (LOB) apps and Microsoft Store for Business apps are the app types supported on Windows 10 devices. The file extensions for Windows apps include .msi, .appx, and .appxbundle.

1password Forum

Note

To deploy modern apps, you need at least:

  • For Windows 10 1803, May 23, 2018—KB4100403 (OS Build 17134.81).
  • For Windows 10 1709, June 21, 2018—KB4284822 (OS Build 16299.522).

Only Windows 10 1803 and later support installing apps when there is no primary user associated.

LOB app deployment isn't supported on devices running Windows 10 Home editions.

1password Microsoft Edge

Supported Windows 10 app types

Specific app types are supported based on the version of Windows 10 that your users are running. The following table provides the app type and Windows 10 supportability.

1password Scim Bridge

App typeHomeProBusinessEnterpriseEducationS-ModeHoloLens1Surface HubWCOSMobile
.MSINoYesYesYesYesNoNoNoNoNo
.IntuneWinNoYesYesYesYes19H2+NoNoNoNo
Office C2RNoYesYesYesYesRS4+NoNoNoNo
LOB: APPX/MSIXYesYesYesYesYesYesYesYesYesYes
MSFB OfflineYesYesYesYesYesYesYesYesYesYes
MSFB OnlineYesYesYesYesYesYesRS4+NoYesYes
Web AppsYesYesYesYesYesYesYes2Yes2YesYes2
Store LinkYesYesYesYesYesYesYesYesYesYes
Microsoft EdgeNoYesYesYesYes19H2+3NoNoNoNo

1 To unlock app management, upgrade your HoloLens device to Holographic for Business.
2 Launch from the Company Portal only.
3 For Edge app to install successfully, devices must also be assigned an S-Mode policy.

Windows 10 LOB apps

You can sign and upload Windows 10 LOB apps to the Intune admin console. These can include modern apps, such as Universal Windows Platform (UWP) apps and Windows App Packages (AppX), as well as Win 32 apps, such as simple Microsoft Installer package files (MSI). The admin must manually upload and deploy updates of LOB apps. These updates are automatically installed on user devices that have installed the app. No user intervention is required, and the user has no control over the updates.

Microsoft Store for Business apps

Microsoft Store for Business apps are modern apps, purchased from the Microsoft Store for Business admin portal. They are then synced over to Microsoft Intune for management. The apps can either be online licensed or offline licensed. The Microsoft Store directly manages updates, with no additional action required by the admin. You can also prevent updates to specific apps by using a custom Uniform Resource Identifier (URI). For more information, see Enterprise app management - Prevent app from automatic updates. The user can also disable updates for all Microsoft Store for Business apps on the device.

Categorize Microsoft Store for Business apps

To categorize Microsoft Store for Business apps:

  1. Sign in to the Microsoft Endpoint Manager admin center.
  2. Select Apps > All apps.
  3. Select a Microsoft Store for Business app. Then select Properties > App Information > Category.
  4. Select a category.

Install apps on Windows 10 devices

Depending on the app type, you can install the app on a Windows 10 device in one of two ways:

  • User Context: When an app is deployed in user context, the managed app is installed for that user on the device when the user signs in to the device. Note that the app installation doesn't succeed until the user signs in to the device.
    • Modern LOB apps and Microsoft Store for Business apps (both online and offline) can be deployed in user context. The apps support both the Required and Available intents.
    • Win32 apps built as User Mode or Dual Mode can be deployed in user context, and support both the Required and Available intents.
  • Device Context: When an app is deployed in device context, the managed app is installed directly to the device by Intune.
    • Only modern LOB apps and offline licensed Microsoft Store for Business apps can be deployed in device context. These apps only support the Required intent.
    • Win32 apps built as Machine Mode or Dual Mode can be deployed in device context, and support only the Required intent.

Note

For Win32 apps built as Dual Mode apps, the admin must choose if the app will function as a User Mode or Machine Mode app for all assignments associated with that instance. The deployment context can't be changed per assignment.

Apps can only be installed in the device context when supported by the device and the Intune app type. Device context installs are supported on Windows 10 desktops and Teams devices, such as the Surface Hub. They aren't supported on devices running Windows Holographic for Business, such as the Microsoft HoloLens.

You can install the following app types in the device context and assign these apps to a device group:

  • Win32 apps
  • Offline licensed Microsoft Store for Business apps
  • LOB apps (MSI, APPX and MSIX)
  • Microsoft 365 Apps for enterprise

Windows LOB apps (specifically APPX and MSIX) and Microsoft Store for Business apps (Offline apps) that you've selected to install in device context must be assigned to a device group. The installation fails if one of these apps is deployed in the user context. The following status and error appears in the admin console:

  • Status: Failed.
  • Error: A user can't be targeted with a device context install.

Important

When used in combination with an Autopilot pre-provisioning scenario, there is no requirement for LOB apps and Microsoft Store for Business apps deployed in device context to target a device group. For more information, see Windows Autopilot pre-provisioning deployment.

Note

After you save an app assignment with a specific deployment, you can't change the context for that assignment, except for modern apps. For modern apps, you can change the context from user context to device context.

If there's a conflict in policies on a single user or device, the following priorities apply:

  • A device context policy is a higher priority than a user context policy.
  • An install policy is a higher priority than an uninstall policy.

For more information, see Include and exclude app assignments in Microsoft Intune. For more information about app types in Intune, see Add apps to Microsoft Intune.

Next steps