Private App Stores for Windows Phone and WinRT
Private distribution of applications is possible for both WinRT and Windows Phone 8, but the experience is very different for the two platforms.
Windows Phone 8
To get started with a Windows Phone 8 private app store, you need to acquire an “enterprise certificate” from Symantec. This has a base cost of $300 per year. With the certificate you can create an Application Enrollment Token or AET. The AET must be installed on each Windows Phone device that wishes to use private applications. A single phone can install multiple AETs.
Then you need to create a “company hub”, which acts as the actual store for the user. If you are using Windows Intune or System Center 2012 then you can use the Windows Phone 8 Company Portal App. Otherwise you have to build your own. To get you started, Microsoft is offering a sample company hub. The XAP file for this application can be directly installed on the phone.
The company hub can invoke the InstallationManager.AddPackageAsync to install the XAP packages for other company applications. There is a requirement that these applications be signed with the same certificate used for the company hub.
During installation the phone will contact Microsoft to verify that the company’s account is still valid. This could be used to prevent known malware from installing additional infected programs. Another, more likely scenario, is that it will prevent someone from creating a public app store that bypasses the one operated by Microsoft.
Windows 8 / WinRT
If you have Windows 8 Enterprise edition and are part of an Active Directory domain then there is no base cost. Since Windows 8 Enterprise edition can only be purchased via a subscription to a “Volume Licensing program such as Select Plus, Enterprise Agreement, and Enterprise Subscription Agreement”, most companies are not going to have access to it.
For everyone else, you are going to need an activation key. According to Rockford Lhotka, this is going to cost $30 per device. That may not seem too bad, until you take into account that it can only be purchased in batches of 100. So if you have 101 employee machines to provision you are looking at a $6,000 fee for the right to install applications.
On top of that you need a way to actually get the applications onto the machine. Rockford notes that there are four options for this,
- Sneaker-net with a USB key
- Run a PowerShell script from a network share
- Deploy via System Center (assuming you have this level of IT infrastructure)
- Deploy via InTune, Microsoft’s cloud service, where they even provide you with a ‘corporate marketplace’
If you go with InTune as your private app store, you are looking at a base price of 6 dollars per month per device. Assuming computers have a three year duty cycle, it will cost 24,600 USD for the ability to deploy to 100 machines. If you only need to deploy to ten computers the 3 year per-device fee jumps from 226 to 516 USD.
Rockford did miss an option. Since deployments are done via PowerShell scripts, they can be invoked via another application written in WPF or WinForms. This option is of course only available on x86 and x64 versions of Windows.
Stephanie Davis (nee Stewart) Dec 21, 2014