MSIX and App Attach with Citrix Cloud

Created by Colm Govin and Wendy Gay


MSIX is a Windows app package format that provides a new packaging experience to all Windows apps.

The MSIX package format keeps the functionality of your existing app packages or install files as well as enabling new packaging and deployment features to Win32, WPF, and Windows Forms apps.

MSIX App Attach

MSIX App Attach is Microsoft’s app layering technology using the new MSIX format.

App Attach disk (A vhd with MSIX apps in it) is mounted to the Virtual Machine for that user.

This App Layering technology lets you separate apps from the OS and deliver apps to users dynamically.

Much like FSlogix with their profile containers and also Citrix App layering with Elastic layers or UPL.

For more on both these technologies see the following:


The purpose of this blog is to show you how you can easily create an MSIX app and then add that app to an App Attach disk and then deliver these in Citrix Cloud. This is currently in Preview in Citrix Cloud and should you be interested in trying this out you can talk with your sales contact to get this enabled and provide feedback. The link to the article is here:


  1. Packaged application support is only for Citrix Virtual Apps and Desktops service(CVADS – ONLY)
  2. MSIX is not supported on any Windows Server based operating system later than Windows Server 2019. AVD supported from 20H2
  3. AppAttach is not supported on any Windows Server based operating systems. Unless its AVD 20H2 onwards.
  4. Packaged application integration support includes using SMB shares or AzureFiles shares for applications. The HTTP protocol is not supported.
  5. Based on the above if you use AVD 20H2 onwards you are covered for both MSIX and App attach.

What’s needed to make this happen

  1. The latest remote POSH and the App Discovery package from
  2. Code signing certificate
  3. Tools to create MSIX & AppAttach Disks (optional for the latter)

The VDA:

  1. Sideloading – Registry key on the VDA to be added
    1. If you have ever sideloaded an app onto a firestick, your phone or other then this is similar. The VDA needs to use an application that’s not native to the image and therefore we need to allow the trust in windows for this to happen. To enable side-loading, either configure the appropriate group policy in your environment or manually modify the registry key on you base images. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx DWORD value AllowAllTrustedApps=1
  2. Certificate
    1. Code Signing Cert: The purpose of a code signing certificate is to assure the recipient that the contents of the package have not been altered since it was created. With MSIX, the person creating the package will digitally sign the package (ideally as part of the package creation) using a code signing certificate.
    2. Install the certificate “On local machine” and place it in “Trusted People” certificate storage. Easiest way to do this I found was here:
  1. App-V component on VDA install
    1. The Citrix App-V component software is excluded by default when you install a VDA.
    2. This software retrieves virtual applications, publishes the applications on the client, and automatically sets up and manages virtual environments at runtime on Windows devices. The App-V client stores user-specific virtual application settings, such as registry and file changes in each user’s profile.

Create MSIX App with the MSIX Packaging Tool

On a Windows 10 machines open the MS Store and download the MSIX tool:

Opens where to package, in my case I choose to create a package on this computer:

Checks are done on the place of packaging so give this a minute:

Select the app installer and a certificate:

Fill in the Package info and install location (Will have to be the same as the CN):

Complete the app install:

Choose the location to save the MSIX package, click Create and when done close the wizard:

That’s it, you’ve now created your first MSIX package. We are now ready to import the application packages from the UNC/SMB share to your Citrix Virtual Apps and Desktops service. Before doing that though let’s have a look at creating an App Attach disk.

Creating an App Attach Disk

If you would like to test this out, the nicest way I found was by using a tool called MSIX Hero:

Once installed open it up and click on MSIX app attach:

Choose the file type, volume size and extract the scripts and certificate. Also choose the package you want to import. In my test I’m choosing the original VLC MSIX package I created but you can choose more than one of course. These steps automated will save you a few minutes where manually you would have to create the VHD in disk management and make modifications to the 4 scripts, examples here:

  1. Stage
  2. Register
  3. Deregister
  4. Destage

More on each stage here for an App Attach disk:

Within a few seconds your App Attach disk is created and ready to add to Citrix Cloud.

Adding the packages to Citrix Cloud and your CVADS site

As mentioned in the what’s needed to make this happen

You can download the latest remote POSH SDK and the App Discovery package here:

Then lets open PowerShell and import the App Discovery package module:

Followed by: Add-Type -AssemblyName System.Drawing

And then finally import the MSIX package with: Import-MsixPackageToCloud –PackagePath \\\Vlc.msix

If we want to do the same for an App Attach disk we can do the similar:

Again add your module and System.Drawing followed by:

Import- MsixAppAttachToCloud –VhdPath \\\Vlc.vhd

You will be prompted for Citrix Cloud credentials of course so it knows where these packages are to be associated with.

Navigate to Citrix Cloud and you will see in CVADS, under App Packages:

To assign the MSIX app or App Attach disk to your users, head over to the delivery group and assign applications:

You now have options for MSIX or App Attach:

Thoughts and things that came to mind:

Slow Logins:

In my testing for MSIX I didn’t overall notice this but yes,  package ‘Publishing’  is only relevant in a user context it has to be done when the user’s session is created (i.e. launch time) . It can’t be done in advance when the machine boots.

AppAttach is slightly different because expanded packages are already in the disk that is mounted and that disk only needs to be mounted once, which should happens at  machine startup rather than user session login. So when the user actually logs in there is less work still to do.


So long the service running on the VDA (Local System) can read the UNC path DFS should have no affect

Azure File Shares:

If you want to host your packages/disks in Azure File Share, there are some hoops to jump though to set up your Azure AD for identity based access:

In this case the ctxAppVService on the VDA needs to be running with an account that can authenticate to AAD and not the default Local System (Machine identities are not valid for AFS).


In my testing the Icons never appeared but this is a studio version thing so nothing you are doing wrong. To be addressed in an upcoming release. MSIX packages have PNG files, studio expects icon files as in APPV.

Useful Links


One thought on “MSIX and App Attach with Citrix Cloud

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.