Windows Phone private application deployment

Question

I'm developing a Windows Phone application for Windows 8.1 and Windows 10 phones. The application is for internal usage only and is communicating with our system. It needs to be private so I don't want to upload it to the Store. I tried uploading it as a hidden app so that only people with link would be able to download it, but Microsoft rejected my submission since I did not provide a test account to our production server or app screenshots. I can provide them with screenshots, but I cannot give them credentials to the system.

I'm having a hard time understanding a thought process behind deploying such an application. We have around 30 employees so I think creating Company Hub for one app is a total overkill, so is using Intune.

This is super small application, but fortunately my employers are willing to spend $99 on company dev account and $299 on the certificate but what next? I tried just uploading a .appx file on http server as a test and trying to install it by navigating the phone to the URL but it saw it as a zip file and wants to extract it instead of installing.

Microsoft documentation is split among many pages, and more often than not they are 404 - not found.

My question is: when I'll finally obtain a company dev account and a certificate how can I deploy my signed application? Any help or point to good tutorial would be much appreciated.

Since you don't have many employees could you use hockey app for deployments? — Ken Tucker, Mar 23 '17 at 11:20
Why not use an MDM https://msdn.microsoft.com/en-us/library/dn499787.aspx? — Barnstokkr, Mar 23 '17 at 13:14
@KenTucker Did you mean dev unlocking all the phones? I think there is a hard limit on how many phones can be unlocked with your account. — Mariusz, Mar 23 '17 at 15:09
@Barnstokkr Thank you for this but I'm looking for a simple solution and this has like 200 pages... — Mariusz, Mar 23 '17 at 15:11
@Mariusz there is. It's 3 per dev account. You can ask Microsoft to up this limit but I think they'll only go to 10 and you have to justify it. This is when they pointed me in the direction of using option 3. — Bugs, Mar 23 '17 at 15:20

score 2 · Accepted Answer · answered Mar 23 '17 at 13:19

We are in a similar boat. We have an app that is used internally and didn't want to go down the Company Hub route. We were going to look into MDM but have yet to get round to it as this solution currently works for us.

The below will make more sense when you come to submitting your app through your developer account.

What we did was set the Distribution and visibility (found under Pricing and distribution) to:

Hide this app and make it available only to the people you specify below, who can download this app on Windows Phone 8.x devices. A promotional code may be used to download this app on Windows 10 devices. Learn more

We created email Outlook addresses for those that wanted to use the app. These are just blank email addresses and aren't actually used other than a way of allowing the app to be downloaded by them:

Note that you can only have three devices to one email account. That means you will need to create 10 email addresses for 30 devices if you want to use generic email addresses, otherwise you should be able to use the employee's email address. The device only needs it to verify the download.

I believe this is what is used for apps that are in BETA mode however it works for internal apps too and it was suggested by Microsoft themselves when I was trying to figure out a way to do this myself last year. It was a phone call so can't actually show proof of that.

Once you have submitted the app you have to wait a period of time, usually 24 hours, before you can download the app.

Within the App overview at the bottom you will find a section headed App management. Under here you will find your App identity:

Click View app identity details to find the URL. This is the URL of your app. It looks something like https://www.microsoft.com/store/apps/xxxxxxxxx

I use TinyURL to make the URL a little shorter but that's personal preference.

You can the browse to that URL on the device and it will open the store for you to download the app.

I don't believe this is a documented way of doing things but it's worked for us over the last year and once setup is very simple.

Thank you for the response. The problem is that I already tried the suggested route but I went for hiding the app but allowing users with the link to download it (second option instead of third) and Microsoft demanded a test account (since my app makes API calls and needs to be authenticated). I think I might go with the AET thing but finding a good tutorial without broken links in Microsoft knowledge base is a nightmare... — Mariusz, Mar 23 '17 at 15:08
@Mariusz have you tried the 3rd option and specifying an email address? I don't quite think the checking by Microsoft is as strenuous as it can _only_ be downloaded by email addresses you have specified. 2nd option still makes it available to those that chance upon it. I don't see any reason why they would reject that but I guess they could have their own reasons. I'll leave the answer up as it may help others anyway. Sorry I couldn't be of more help. — Bugs, Mar 23 '17 at 15:10
I did not, I guess I'll try though. But their policy is that the app has to be tested as if it was available publicly which makes no sense to me. I wish they made it simpler for small apps for internal business usage only but instead you have to either make a generic, not-branded public app or go for full enterprise route with code signing, company hubs and 200+ page documents. Thanks anyway J — Mariusz, Mar 23 '17 at 15:16
@Mariusz I know, tell me about it. For weeks I was talking with Microsoft about this and this was the only way I could get it to work. By using option 3 I believe you don't have the same checks done as it isn't _publicly available_ as such. It's technically for BETA. Still does the job though for us and saved us having to do all the messing around. Give it a whirl and see what happens. They have never asked for information to test my app. The audit on the app prior to submission to store only takes around an hour as well (give or take). Then you have to wait 24 hours. — Bugs, Mar 23 '17 at 15:17
Thanks for pointing this out - I will definitely check this out. Are those email addresses **must** be Outlook ones? Can I just go for `company1@outlook.com`, `company2@outlook.com`, ... and just attach those to employees' accounts (like in android phones)? — Mariusz, Mar 23 '17 at 16:15
I don't think you need to use Outlook. I chose to use them as I have a personal account with them so was easy enough to setup but I do have my work email in that list which is not Outlook so I think you can use any email address. — Bugs, Mar 23 '17 at 16:25

score 0 · Answer 2 · answered Mar 29 '17 at 06:09

when I'll finally obtain a company dev account and a certificate how can I deploy my signed application?

Since you have obtained the Symantec Certificate,

you need to import the certificates
verify the certificates imported correctly
export the .pfx file to sign the company portal
finally, you can upload the app package and your code-signing certificate to Intune.

For detailed steps, see Sign line-of-business apps so they can be deployed to Windows devices with Intune.

Then, you can refer to this Example: Download, sign, and deploy the Company Portal app for Windows devices to complete your deploying job.

Windows Phone private application deployment

2 Answers2