Building installers on Windows used to be complicated. It all depended on which installation tool were you using and how was your code being distributed. Could you wrap an executable around a Zip file, or use the venerable XCOPY? Things got simpler when Microsoft introduced the Windows Installer, and its standard MSI format.
The arrival of the Windows Store and a whole new app model in Windows 8 changed things. As a result, there were two ways of deploying code, and two different ways code could run. MSI apps remained the default for desktop, while the new APPX format was required for Windows Store apps. Windows Store apps also ran in a different context from desktop apps, with a new sandbox that reduced the risk of malware compromising systems.
The Project Centennial Desktop Bridge crossed the divide, bringing desktop apps into the Windows Store, giving them access to some of the newer UWP APIs and supporting a limited version of the APPX sandbox.
With the Windows Store now an important distribution channel, and with desktop apps able to take advantage of its capabilities, having two different installation models seems redundant. It appears that Microsoft agrees with that point of view, because it has released a new installer model that can work in both modes—and across all the available Windows platforms.
MSIX is the Microsoft installer for the modern world
MSIX, the new Microsoft Installer, is a logical extension of the Windows 8-era APPX package format. It’s also a replacement for the familiar MSI, with support for desktop applications and for on-premises catalogs and install customizations. Applications deploy into a container, taking advantage of application isolation features in recent Windows releases and applying them to not only UWP in APPX but also to Win32, WPF, and Windows Forms.
Microsoft sees the new installer, and its new way of packaging applications, as fundamental to enterprise application development. After all, MSI dates back to the Windows XP era, and it hasn’t changed much over that time. Microsoft did try to do something different with its App-V streaming service, and its virtualized file system isolation, but that requires significant server infrastructure, and can be difficult to use for remote users. In practice, both MSI and App-V packaging and distribution have been handled by IT departments, rather than application developers, resulting in a disjointed and complex distribution chain for new code.
With MSIX, Microsoft intends to change how organizations package and deploy internal and external software distributions. With MSI, applications that are deployed internally are often unpacked, tested, and have any customizations needed made before being repacked and delivered to users. There’s a risk here of files being missed, or of configuration errors being replicated across an entire fleet. You also need to repeat the whole process every time code is updated or when the underlying OS changes. It’s a process that’s increasingly incompatible with modern application development models, where CI/CD systems push updates regularly and where Windows 10’s delivery model means significant Windows updates every six months.
Packaging and deploying apps with MSIX
By using MSIX to package software, developers can create their initial application package as part of the build process, while IT teams can then add a customization package to the MSIX before signing the file for distribution via either Intune for desktop deployments or a private instance of the Microsoft Windows Store for UWP apps.
The MSIX installation model is better than both MSI and APPX. MSX gives you the one-click uninstall of APPX, and it also supports single instance storage of files. On multiuser PCs or where apps use common libraries, files are stored once and only once, ensuring that disk space usage is optimized. Downloads can also take advantage of block-level differential updates to reduce bandwidth requirements, which can help support remote users with limited connectivity. MSIX can also update non-Windows Store apps automatically, giving a Windows Store-like experience to all your code—either silently or via a user prompt.
Building a MSIX installer is relatively simple. The installation is declarative, controlled by a manifest file. Once deployed, everything else is handled by Windows: installing the files, managing updates, and removing files when an app is uninstalled. Windows also ensures application integrity, offering tamper protection and using app package signing to ensure updates and installs are delivered from trusted sources. Along with the manifest, the MSIX installer includes signature and code integrity data, as well as a block map used to manage differential installs and to prevent application tampering.
MSIX can also handle delivering different assets to different devices and to different OS installs. For example, you can use it to deliver assets for high-DPI devices in the same file as for low-DPI. The correct assets are deployed on the correct device at install. Similarly, internationalization content can be delivered based on OS language detection.
MSIX makes it easier to run code in containers
Perhaps the most important aspect of MSIX is its support for containerized installs. Currently, Win32 apps have full trust on your PCs, giving them access to sensitive files and the entire registry. Windows Defender Application Guard for Win 32 and Windows Store apps uses a container and an isolated kernel to ensure greater security, with considerably less risk of one application interfering with another. Desktop Bridge code uses another container model to virtualize many of the interactions raw Win32 code has, as do UWP apps running outside Windows Defender Application Guard.
With a new, combined, container model for both Desktop Bridge and UWP apps, MSIX gives both app types the same level of isolation. Application containerization is an important aspect of the modern OS deployment and security models, and making it part of the deployment and packaging tool should increase the number of apps that support it.
Where to get the MSIX tool
While Microsoft is building MSIX into its own development tools, it’s also working with existing installer vendors to add support in their tools. The MSIX SDK is also available on GitHub. And vendors like Advanced Installer are shipping it in their latest releases. So, you can start testing MSIX installers for your code now. The MSIX Packaging Tool for IT Pros is also available, and you can use it to migrate existing MSI installations to MSIX, as well as building customization packages for your sites and users.
Windows has changed considerably since MSI was first released, and MSIX finally gives it a modern installer that works across all its development SDKs. That would be enough to get developers rushing to the new tooling, but Microsoft is also promising cross-platform support to go with its cross-platform development tools.
Having one installer model for Windows, for iOS, for Android, and for Linux is an ambitious project, but if Microsoft can deliver, it’ll make managing and deploying enterprise and consumer code a lot simpler.