The Windows Guy (PFE Milad Aslaner) is back with a new blog post around the biggest myths I see at the moment when talking with Microsoft Premier Customers around Windows Modern Apps in Windows 8.1. For those who remember I wrote something similar when we shipped Windows 8.
Wrong! You can always decide to not use a Microsoft Account and still take advantage of the beautiful Windows Modern Apps which are pre-installed except the Mail, Contacts and Calendar Apps which require a Microsoft Account for authentication.
This is also not true. When we shipped Windows 8 you could already update any pre-installed Windows Modern App without using a Microsoft Account. The only downside was that the user had to manually go into the Windows Store and choose to update the Modern Apps. Now with Windows 8.1 you can automatically install updates from the store (without using a Microsoft account), and that can be done even when the Windows Store has been disabled through group policies.
Not exactly. AppLocker provides the ability for you to black- or whitelist Windows Modern Apps just like you can for legacy applications. This means that you choose if the user should be able to run for example Windows Modern Apps from gaming publishers.
With Windows 8.1 you are able to synchronize Windows Modern Apps settings through the Microsoft Account or you could also use User Experience Virtualization 2.0 (UE-V) as an enterprise solution.
Both; System Center Configuration Manager 2012 R2 as well as Windows Intune provide enterprises the option to have their own Enterprise Store. For Windows Intune you can get the Company Portal App and if you choose the ConfigMgr way you can use the Application Catalog for it.
The issues we have seen with Windows Modern Apps under Windows 8 for Authenticated Proxy scenario have been fixed. Now even If you are running Modern Apps behind an authenticated proxy it should work.
This is not true. Microsoft Accounts are unique to the user and the enrollment is user-driven.
Not correct. Windows Modern Apps have a default file location which should not be changed.
Windows Modern Apps have a strong security architecture. Each App is running in its own AppContainer and they are only able to communicate with each other using Microsoft specified APIs. By default, Modern Apps have also no interaction with the legacy desktop. Those AppContainers are running at a low integrity level which is a great way to mitigate attack scenarios where malware engineers try to access for example the system root folder, driver locations or registry through Modern Apps.
In addition to SCCM 2012, you can also use Windows Intune or even PowerShell scripts distributed over Group Policies to perform Sideloading of Windows Modern Apps. The most flexible and recommended way would be over SCCM 2012 as it offers the manageability layer for enterprise scenarios.
Wrong! In Windows 8 the Windows Store was disabled for Windows to Go devices due to some challenges with regards to licensing. Now with Windows 8.1 we fixed that and this means that Windows to Go devices which have been upgraded to Windows 8.1 are able to access the Windows Store.
That’s also not correct. We have in fact a lot of very useful event logs. In Event Viewer just go to Application and Services Logs –> Microsoft –> Windows and you will find in Windows 8.1: Apps, Apps-API, AppXDeployment, AppXDeployment-Server and AppxPackagingOM.
I hope that this helps you to get a little bit of more insight around Windows Modern Apps.
Original content from Milad Aslaner. Posted by MSPFE editor Pam Lahoud.
Hi, thanks for your post. Very helpful. Can you please provide me with more détails regarding Myth #2 : when I go to the Windows Store to update apps, I am prompted for a Microsoft account. And I don't want to sign up because I am setting up the machine for another user.
Thanks in advance for your reply,
Thanks .... I lovely topic....