Windows App Management

This document will explain you the various steps involved in managing Apps for Windows devices.

App Management for Windows

This section will explain you the workflow of App management for Windows devices. ManageEngine Desktop Central, currently supports only Enterprise App management for Windows devices.  Like iOS and Android App management process, you will have to add the Enterprise App to the App repository for the App to be distributed to groups and devices. However, there are a list of prerequisites that needs to be addressed to perform App management on Windows devices.


The following are the prerequisites to perform App management activities for Windows devices. The first step that needs to be done to initiate App management is to create an Application Enrollment Token (AET).  AET is mandatory for every enterprise to distribute or manage Apps on windows devices. To create an AET, you need to have an Developer Account signed up with Microsoft.  Refer to this, to know more about creating a developer account:

 After creating a developer account, enterprise should contact Symantec, to register for a Symantec Mobile Code Signing Certificate. They need to provide their Microsoft developer account and the corporate email address, to get the mobile code signing certificate.  Refer to this, to know more about the steps involved in getting a code signing certificate:

Steps to Generate AET

This code signing certificate is required to create an AET. It is used to associate the managed mobile phones with the company account. Application Enrollment Token, deploys a certificate to the managed mobile device, so that it establishes a connection between the mobile device and the Enterprise.  AET can be generated using a tool, which will be provided along with the Windows Phone SDK 8.0 and the code signing certificate. Follow the steps mentioned below to generate an AET:

  1. Download the Windows Phone SDK 8.0 from and save it in your desired location. You will receive XapSignTool and MDILXAPCompile, along with the AET generator tool.
  2. Go to the location,where you have saved the Windows Phone SDK 8.0 and  locate the AET Generator tool, under %ProgramFiles(x86)%\Microsoft SDKs\Windows Phone\v8.0\Tools\AETGenerator
  3. Go to command prompt run the AETGenerator tool with the following command line. Be sure to replace the placeholder text in this command with appropriate values.  
    %ProgramFiles(x86)%\Microsoft SDKs\Windows Phone\v8.0\Tools\AETGenerator\AetGenerator <Certificate File> [private key] 
  4. AETGenerator creates three files in the current directory. The files  are AET.xml, AET.aet and AET.aetx. Copy the AET.aetx file, which should be uploaded in the Desktop Central server for the App management to work. For more information refer to this:

This AET is valid for one year and needs to be renewed using the same Company ID.  If the AET file expires, then you will not be able to manage/distribute Apps to Windows devices.

Upload AET in Desktop Central Server

The AET file that has been generated  should be uploaded in the Desktop Central server. Follow the steps mentioned below ot upload the AET file:

    1. Click MDM tab on Desktop Central console

    2. Select App Repository and click Windows App Settings

    3. Click Browse and upload the AET file.

    4. Specify the email address to which the mail notifications should be sent, when the AET is about to expire.

    5. Click Save to complete the process.

You have successfully created and uploaded the AET file. You can see a Company Hub App listed on the Desktop Central server. You will have to download the Company Hub App, sign it and upload it in the Desktop Central server.

Sign the ME MDM App

Download the ME MDM App, sign it and upload it in the Desktop Central server. ME MDM App should be customized before distributing it to the managed devices.  There are two steps to be addressed, they are:

  1. Precompile managed assemblies that are included in XAP into native code

  2. Sign XAP with the enterprise certificate, which was received from Symantec

Refer to this, to know more about signing the company hub: You can use the MDILXAPCompile and XapSignTool which you would have downloaded in the Windows Phone SDK 8.0. to precompile all the managed assemblies into native code. You can use a script BuildMDILXap.ps1, which is available, in %ProgramFiles(x86)%\Microsoft SDKs\Windows Phone\v8.0\Tools\MDILXAPCompile folder. Go to command prompt and run the command " BuildMDILXap.ps1 -xapfilename XAP -pfxfilename PFXFile -password Password ".

After creating the Apps, you can add it to the App Repository.

Renewing AET

The AET is valid for one year and when it expires, you will be unable to manage any Apps on Windows devices. Hence it is required to renew the AET at the end of a year. The AET renewal process comprises of obtaining a new code signing certificate from Symantec using the same Company ID used to obtain the code signing certificate earlier. Refer to this, to know more about the steps involved in getting a code signing certificate: Once the code signing certificate is obtained, it is required to generate the AET and upload it on Desktop Central as per the steps mentioned in the below links:

In case you use a different Company ID for obtaining the code signing certificate, you would have to re-sign all the Apps that you have added to the App Repository, using the new AET. Else, the Apps will not get installed on the mobile devices.

Enterprise Apps for Windows Devices

ManageEngine Desktop Central currently supports only managing Enterprise Apps. You can create an enterprise App, add it to the App repository and distribute the same to the managed devices. Apps can be forced on the managed mobile device, without the user's intervention. When an App is distributed from the Desktop Central server, the App distribution status will be changed to initiated. App will be distributed to the device, only when the device reaches the Desktop Central server. For more refer to this: Distributing Apps to Groups


Copyright © 2005-2015, ZOHO Corp. All Rights Reserved.