Last week, we highlighted all the advantages you are bound to benefit from as you start your modern application management journey. And while there are many reasons why you should pursue this path as soon as possible, it isn’t all “puppies and rainbows”. We have to be realistic about our expectations and be aware of any potential speed bumps and pitfalls along the road. Today, I want to walk you through five very common, but often ignored challenges, namely:

  • Modern App Management is still evolving,
  • Application lifecycle management (especially of VHD) is going to be very difficult.
  • License Management has to be considered carefully,
  • Application suitability can become an issue when moving to MSIX, and
  • Heavily customized AppV cannot simply be converted into MSIX apps.


Let’s go through each of the challenges in a little more detail:

#1 Modern Application Management Is Still Evolving & The Destination Isn’t Clear Just Yet

Microsoft’s “Modern IT Management” vision is pretty straightforward and clear. The software giant wants to create a Microsoft 365 Platform-centered universe that is easy to manage and deploy (via Azure AD and Intune), is always up-to-date and therefore produces a more stable and secure environment (via Servicing Channels, e.g., for Windows 10 and Office 365), offers best-in-class security features already built-in (e.g., Windows Defender ATP, Office 365 ATP, and Azure AD Identity Protection), and provides proactive insights to help customers manage their environments better (through telemetry and cloud intelligence).

What isn’t entirely clear yet (and I am not sure if even Microsoft is entirely certain yet of its long-term strategy as we all explore this together) is what it will all look like in the end in terms of application management. We know we want to leave the manual, labor- and time-intensive application packaging and testing behind and happily embrace devops/agile-style, on-the-spot smoke testing whenever needed using self-service, but what format do our apps need to be? Are they all cloud native apps, side-loaded containerized app attach, or something else entirely?

The problem is this: it is hard to keep up with all the changes happening right now and define a strategy. For example, many customers I speak with really want to hop onto Windows Virtual Desktop, but they don’t realize that they would have to convert their entire app portfolio into applications that can be delivered digitally, like app attach.

#2 Application Lifecycle Management Has To Be Figured Out Before Broad Deployment

One of the biggest issues I foresee is that there is no real management console or app lifecycle management to manage your VHD/app attach apps once they are deployed. This has to be addressed systemically before any broader deployment happens.

Do you remember when there were literally millions of SharePoint Sites popping up all over like mushrooms in fall without a centralized way of managing them? Now imagine that those SharePoint Sites are your applications. If you simply apply a VHD to a set of host pool users or machines, you could very quickly end up with a nightmarish management mess. An app attach could easily contain 5, 10, or even 15 different MSIXs.

At some point, you have to update an MSIX somewhere else. Consequently, it will need to be updated in those other VHDs that already have that content as well. This can quickly become a complete admin hell. For example, some containers might want only the newest version of Adobe Creative Cloud, while others might have certain dependencies to other apps linking to an earlier version.

We need to make a very dynamic, version-controlled update of an MSIX — regardless of the VHD containers it’s in. Users need to be able to autonomously opt into updates. With Access Capture, we already offer our customers modern application management functionality, and it will be even more advanced in the coming months. It is similar to the VMware product App Volumes. With regards to app attach, you create a volume, which is a VHD disk of a set of applications. You then have to manage one or many apps inside a volume and manage the version control of it/them.

#3 License Management Has To Be Considered Carefully To Avoid Underpaying/Overusing

Just as application management is going to be a nightmare unless it’s done properly, licenses have to be managed just as carefully to remain in control of how many licenses are actually used and required. Traditionally, you have a license check on a group of apps. This  could have a volume GUID associated with it that allows you to know how many people actively have certain MSI, MSIX, app attach, etc. installed and how many are using it on different host machines. But this information has to flow back into a central port to deduct off your account.

To manage your licenses, you would need an SCCM, an Active Directory object, an Intune AD object, and an app attach volume GUID AD object to count up the number of instances in which this exists. But the scary part is that you could have licensed product MSIX apps in your VHDs and you would never know.

With Access Capture, you can not only know which apps and application components your app attach or VHD is made up of, but can also add a license count check very easily. As an example, when creating the MSIX itself, you could have a separate line in the Capture database to check if it is a licensed product. Then, within the VHD, you can have a separate account on the bottom that says “This is the GUID for the VHD”, indicating how many licensed products sit inside the VHD linking back to the MSIX path.

#4 Application Suitability Of Your Current Estate

Another factor to consider is application suitability. For example, MSIX doesn’t support boot time services and device drivers. These are two big things I cannot see Microsoft relaxing on in the future because, in a modern application management scenario, you will be mainly distributing into a virtual environment. Therefore, you cannot have a device driver (like for a scanner that is connected to a machine) in an application. This means that if your apps have device drivers or boot time services, you will not be able to go forward with them. While the percentage of those applications will not be large and continues to decrease every year, this is still something to be aware of.

#5 Heavily Customized AppV Cannot Be Simply Converted To MSIX

In addition to those criteria, AppVs could pose another big stumbling block. Usually, organizations have spent a lot of money, time, and effort to create heavily customized AppVs. Therefore, just shifting the AppV to MSIX format isn’t going to work. In my opinion, Microsoft will offer a conversion path in about six to nine months to make it possible for heavily customized AppVs to be converted.

But you don’t have to wait that long. With Access AppScan, you can check today for potential issues and prioritize those that can move forward without an issue. For those that cannot move straight forward, you can identify the application components that are blocking the conversion and manually remediate them. You can also identify which applications are using those components to avoid having to reinvent the wheel every time.

Those are the five biggest challenges that larger organizations usually run into. Of course there are others, like dependency management, add-ins and plug-ins for Excel and 365 applications, and understanding how to package those up into MSIX accurately. But when using a modern application packaging and testing tool, like Access Capture, those issues are easily overcome.

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment