Category filter

Distribute enterprise apps to Windows devices

This article deals with the distribution of enterprise apps on Windows devices.

Enterprise apps are custom apps developed by an organization or a third party to be used within the organization. These apps are also known as internal or in-house apps.

Since these apps contain proprietary business information, many organizations do not host these apps on public distribution channels (Microsoft Store for Windows devices). In such cases, they rely on enterprise app stores that can seamlessly deploy their internal apps within the organization.

Hexnode delivers its own enterprise app store to securely distribute apps, whether store or internal, to the organization’s devices. In the case of Windows devices, administrators can deploy enterprise (MSI/MSIX/EXE) apps to the managed devices without compromising data security.

Notes:

  • Any file formats other than MSI, MSIX, and EXE need to be converted to either of these formats before distribution via Hexnode.
  • MSI/MSIX app installation is supported only on devices enrolled via Hexnode Installer as it requires the latest version of the Hexnode UEM app to be installed on them.

Add enterprise apps to Hexnode app inventory

An enterprise app must first be uploaded to the Hexnode app inventory before its distribution.

  1. Log in to your Hexnode portal.
  2. Navigate to Apps.
  3. Select +Add Apps > Enterprise App.
  4. Choose the platform as Windows.
  5. Provide the App Name.
  6. You can either upload with:
    • MSI file: Click on Choose the MSI File and select a file from the system.
    • Or

    • MSIX file: Click on Choose the MSIX File and select a file from the system.
    • Or

    • EXE file: Click on Choose the EXE File and select a file from the system.
    • Or

    • From Manifest URL: Enter the URL to the app and its version. Note that only apps with the .msi extension are supported for installation.
    Notes:

    • Upon successfully uploading an MSI file to the Hexnode app inventory, the App version and Installer identifier will be extracted automatically from the package.
      Upon uploading the MSI file, the status shows 'Extracting' as the app version and app identifier are being retrieved
    • Using From Manifest URL will parse the app identifier and version after the MSI app is installed on the device.

  7. Select an app category or input a new category by clicking on the + button.
  8. Provide a description for the application and click Add to upload the file.
  9. SHA-256 Checksum: Hexnode uses the SHA-256 checksum to ensure that the apps are not corrupted while uploading them to the portal and deploying them to devices. Provide the SHA-256 checksum(hash) of the file to verify the file integrity before distribution. If left blank, Hexnode UEM will skip the file verification.
  10. If it’s an MSI file, specify the device location where the MSI file should be installed. For example, C:\Program Files.
    Notes:

    • Deployment of apps added to the Hexnode app inventory via From Manifest URL without the SHA-256 Checksum will fail on devices without the Hexnode agent app installed.
    • Only Windows 11 support MSI app installation on devices without the Hexnode agent app.
    • The location for app installation depends on the MSI build unless the installation path is specified here.
    • The install location for some applications may be app-specific. As a result, specifying a different installation path will have no effect.
    • If the app has been previously installed, and later uninstalled from the device, the app will reinstall at the initial location even if a different installation path is provided.

  11. While uploading the MSI/MSIX/EXE file, you can check the Notify admin via email once app upload succeeds/fails option to receive the email notifications on the app upload status.
  12. Click Add to upload the file.

Managing multiple versions of MSI apps

For MSI apps, you can upload different versions of the same app and choose the version to be used for installation.

To add a different version of an app:

  1. Go to the Apps tab and click on the app for which you want to add a new version.
  2. In the App details dialog box, click the gear icon at the top right and select Edit.
  3. You can add a new version using either of the following methods:
    1. Upload via MSI File: Upload the new MSI file.
    2. Upload via Manifest URL: Enter the URL of the app and its version.
  4. You can also edit app details such as App Name, Category, Description, and enable/disable Notify admin via email for upload succeeds/fails notifications.
  5. There is a gear icon at the top right, where you can choose to view the Version History or delete the app from the Hexnode app inventory. Note that deleting the app will delete all its versions and remove it from any associated groups and policies.
  6. Click Save to apply the changes.

Version History

If you want to view the version history of an app (all added versions and their details):

  1. Go to the Apps tab and click on the app for which you want to check the version history.
  2. In the App details dialog box, click the gear icon at the top right and select Version History.
  3. Here, you can see the versions of the app that have been uploaded along with their details.
  4. The most recent version uploaded to the Hexnode app inventory is automatically marked as the Latest version.
  5. On the Version History page, you will see three icons to the right of each version:

    Different versions of the Windows MSI enterprise app for distribution are displayed

    1. Download Icon: To download the file.
    2. Edit Icon: To customize the validation criteria for each version of the MSI app.
    3. Delete Icon: To delete an app version. Upon clicking the delete icon, you’ll be prompted to select how policies, groups, and catalogs should be affected:
      • Remove the app from associated policies, groups, and catalogs
        • The app will be removed from associated Required Apps policies, App Groups, and App Catalogs.
          Note:


          If the “Remove apps from the device on policy removal” option is enabled in the Required Apps policy, the app will also be removed from all target devices.

      • Update policies/groups/catalogs with the latest app version
        • The app version will be updated to the latest available version on the associated Required Apps policies, App Groups, and App Catalogs.

Success Criteria

Disclaimer:

  • The success criteria being configured in Hexnode to determine the app installation status are entirely at the administrator’s discretion. If incorrect values or conditions are set, it could result in issues detecting the app deployment status.
  • The installation behavior depends also on the app package. It’s recommended to validate the app deployment behaviour before executing the action in bulk.


Success Criteria

The Required Apps policy in Hexnode ensures that a specified application remains installed on the device. It periodically checks for the app’s existence on the device and re-initiates installation if found missing.

In the case of MSI apps, it all depends on the app identifier/version, both included in the MSI file and of the installed app, that determines whether the policy association is successful. The policy deploys the app once again when a discrepancy is identified between these values, even if the app is installed (but holds a different identifier/version). A faulty MSI file might install the app to have an identifier/version different from those extracted during MSI file upload.

Defining a success criterion for installation allows administrators to validate specific app parameters post installation to alert them to any inconsistencies. A success criterion specifies a set of parameters, like app identifiers, registry path, and app path, used to verify an app’s installation on a device. The criterion, if satisfied, concludes that the app is installed despite any discrepancies in the MSI file. The administrators can verify it directly from the console.

Defining Success Criteria for MSI files

For MSI files, a validation criterion can be defined to notify administrators of a successful app installation using the following steps:

  1. Log in to your Hexnode portal.
  2. Navigate to Apps.
  3. Select the desired MSI file.
  4. At the bottom, you will find the following parameters to edit:
    1. App Identifiers: Add one or multiple app/installer identifiers (product codes), separated by a semicolon (;). Once the MSI file is installed, Hexnode verifies if the installed application contains the specified app identifier. In case of a mismatch, the success criterion will fail.

      For example:

      The App Identifier may be a string of numbers, or a name provided by the app publisher, such as {3456C7D8-2345-6789-ABCD-EFG12345678} or Mozilla Firefox.

      Note:


      The App Identifier can be fetched using any of the following two ways. First, install the specified app manually on a Windows device.

      1. If the chosen Windows device is enrolled in Hexnode, navigate to Manage > Devices > select the specific device. In the Applications tab, search for the specific app and you can find the corresponding App Identifier there.
      2. When an app is installed at the system level, its app identifier resides in the HKLM registry. Conversely, when an app is installed at the user level, its app identifier can be found in the HKCU registry. The app identifier can be fetched from the registry editor using the following methods:
        1. If both the system and app are 64 bits, then search for SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall in the registry editor on the Windows device.
        2. If the system is 64-bit and the app is 32-bit, then search for SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall in the registry editor on the Windows device.
        3. If the system is a 32-bit system, then search for SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
          in the registry editor on the Windows device.

    2. Registry Path: This option allows you to define the path of a registry key to be checked on the target device. This can be any registry key created when the app is successfully installed. If the key does not match, the success criteria will fail.

      There are two components to configure in this option:

      1. Registry Root: This is the top-level directory in the Windows Registry, such as HKLM (HKEY_LOCAL_MACHINE), HKCU (HKEY_CURRENT_USER), HKCR (HKEY_CLASSES_ROOT), HKCC (HKEY_CURRENT_CONFIG), and HKU (HKEY_USERS).
      2. Subkey: This is the specific path within the registry root, such as \SOFTWARE\MyCompany\MyApplication.

      For example:

      In the case of Firefox, the registry key related to the app is ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox’.

      From the registry root dropdown, choose HKLM and enter the subkey ‘SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox‘.

  5. Install Path: This option can be used to confirm the app’s installation on the device by checking for a specific file present on the target device. The file’s location is indicated in the Path field, which should contain the path of any file created upon successful app installation.

    For example:

    In the case of Mozilla Firefox, the path of the file is most likely to be in the following format:

    C:\Program Files\Mozilla Firefox\firefox.exe

Later, the administrators can select one of these parameters to assign it as the success criteria when deploying an MSI file to the devices.

Note:


Define the necessary success criterion for the MSI app while uploading the file. You can also edit them from the Apps tab, if necessary. The success criteria can be chosen during app deployment only if it is already defined in the Apps tab.



If no success criterion is specified, the extracted Installer identifier (while uploading) will be used as the default success criterion after defining it as the App identifier parameter.

Deploy the apps to target devices

The apps added to the app inventory can be distributed to the devices using the remote action or Required Apps policy.

Install apps via Actions

Method 1

  1. Navigate to Manage > Devices.
  2. Click on the device.
  3. On the device summary page, click Actions > Install Application.
  4. Select the app.
  5. Click Configure to specify the installation settings.
  6. Click Install.

Install apps via Policy

  1. Navigate to Policies.
  2. Create a new policy with the New Policy button or select an existing policy.
  3. From Windows > App Management, select Required Apps.
  4. Click on Configure and +Add button to either add an app or a group of apps from the app inventory.
  5. Select the required app(s) and click on Done.
  6. Configure the installation settings and click Save.
  7. Next, associate the policy with the target devices by navigating to the Policy Targets tab.
  8. Select the required Devices/Device Groups/Users/User Groups/Domains to which the policy is to be associated.
  9. Click on Save.

For MSI apps deployed via the Required Apps policy, deleting the deployed version from the Hexnode app inventory removes it from both the device and the policy. Note that the associated policy gets replaced with the latest available app version.

Installation settings

For MSI apps, Hexnode enables you to configure various app installation settings during deployment via the Required Apps policy and the Install Application remote action.

  • Enable logging: This setting helps specify the MSI app’s default logging mode. Ticking this option enables the logging service, and the Windows Installer records the errors and events into logs on the specified log path of the device. The diagnostic data contained in the logs helps the user to troubleshoot in case the installation fails.
  • Log path: Specify a custom path for the output log file. You can provide the complete path of a folder along with the desired file name and format. C:\Hexnode\Logs\MSI Logs\.log is set as the default log path.
    Notes:

    • If the provided log path does not exist on the device, Hexnode will create a folder at the specified path and generate the output file there.
    • If the provided log path is invalid (say, the drive doesn’t exist on the device, or the admin entering invalid data in the input field), the app installation will fail.

  • Force device restart after app installation: Upon successful installation, the system restarts automatically when this option is selected.
    Notes:


    While the device is in kiosk mode, you must add the Hexnode UEM App (present in C:\Hexnode\Hexnode UEM\Current\HexnodeUEM.exe) as the kiosk application to enforce this setting.

  • Installation Timeout: If the app installation process does not complete within the specified time duration, it will be forcefully terminated. The minimum and maximum time duration is 10 and 60 minutes respectively.
    Notes:


    The configured timeout period considers only the app installation process that begins after the MSI installer file has been deployed from the Hexnode UEM server.

  • Add command-line parameters: You can specify additional parameters by ticking this option while distributing the MSI app to the device. These command-line parameters help you modify the installation process and other related operations on the device.
  • Change app version: Select the app version you wish to install on your device. All uploaded versions of the app are displayed with their respective version numbers.The version marked as Latest is the most recent version.
    Notes:


    If you have selected Latest version, a newly added version in the Hexnode app inventory will be automatically changed on the Required Apps policy, ultimately updating the app on the device.

  • Success Criteria: You can choose one of the validation criteria defined during the MSI file upload to the Hexnode app inventory. The installed application must meet the selected criterion for the installation action to be successful. The three available options are:
    1. App exists: This option uses the App identifiers parameter as the success criterion.
    2. Path exists: This option uses the Install path as the success criterion. It can be edited or updated directly from the Installation Settings.
    3. Registry exists: This option uses the Registry path as the success criterion.

    Note:


    Administrators cannot define success criteria during app deployment. To set success criteria, navigate to the Apps tab, select the desired application, and define or edit the necessary parameters as mentioned earlier.


    After app deployment, administrators can verify the success criteria status from the Action History tab of the device in the Hexnode portal. Select the app status corresponding to the initiated action to view detailed information.
Notes:

  • During the app distribution via Install Application action or Required Apps policy, the app installation proceeds silently on the device. It may take a couple of minutes, depending on the app size and network connectivity.
  • The installed apps will be accessible to all users on the device. All users will be able to use and even uninstall the apps if necessary.

Configure App Installation Settings for enterprise applications

Troubleshooting tips

  • Deploying and Managing Apps