In this post I will be discussing on how to create MSIX package using MSIX Packaging Tool. There are couple of requirements to create MSIX package which includes creating Code signing Certificate, downloading and creating package using MSIX packaging tool and to sign the application with Code signing certificate.

What is MSIX package?

If you are wondering what is MSIX package and why we require it. Let’s understand what exactly it is. MSIX is a Windows app package usually we see these kind of packages available on Microsoft Store. You can think about MSIX package as a combination of MSI + appx packages. Hence it has the feature of msi files along with the security features of using appx file extensions. In a layman term think about something like this:

MSIX = MSI + .appx

MSIX is not just limited to converting msi files, we can use other formats as well such exe, scripts etc.

Deploying MSIX packages are the modern way of deploying the packages which Microsoft recommends. MSIX is designed for modern systems and cloud. You get following benefits of using MSIX packages :

  • Reliability :  MSIX boasts of installing reliable package with 99.96% success rate with a guaranteed uninstall.
  • Network bandwidth optimization: MSIX reduces the impact on network bandwidth by downloading the content in 64k block. 
  • Disk space optimizations: With MSIX there is no duplication of files across apps.

Requirement for creating MSIX package

  • Create Code signing Certificate for MSIX Installer : We need to create a code signing certificate. This can be either purchased through a vendor or we can create our own if we have Active Directory Certificate services role installed on on-premises environment.
  • Export Code Signing Certificate: We will be exporting the Code signing certificate in pfx format which requires password.
  • Download MSIX Packaging Tool
  • Create MSIX package: Using MSIX Packaging Tool, we will capture the installation of existing msi or exe file and will sign the package with Code signing certificate.

Note: In this demonstration we will be using Notepad++ application (in exe format), download it using the link.

Once the msix package is created, it can be used for deployment using SCCM / Configuration Manager or Intune. You may check the link How to deploy MSIX package using Intune

Create Code Signing Certificate for MSIX Installer

Let’s proceed with very first requirement. We are going to create a Code Signing Certificate, we are not going to use 3rd party vendors certificate, rather going to create own using Certificate Authority when Active Directory Certificate Services role is installed as one of the Server roles.

Login to the server where ADCS role (Active Directory Certificate Services) is installed. Launch Certificate Authority. You may also run Certsrv.msc through Windows + Run.

Select the folder Certificate Templates, right click and select Manage

Certificate Templates Manage

This will launch Certificate Templates Console. Under list of all Template Display Name, select Code Signing Certificate, right click and Duplicate Template.

Certificate Templates Code Signing Certificate

This will open property of new duplicate template, provide a better name for Template display name which suits your organization and you may change Validity period which is by default 1 year, I am changing it to 5 years.

Code Signing Certificate template display name

Click on Request Handling tab, and select Allow private key to be exported.

Allow private key to be exported

Under Subject Name tab, select Supply in the request.

Supply in the request certificate

Click on Security tab to add Domain Computers and specify Permissions as Read, Enroll. For automatic enrollment purpose you may also go with Autoenroll.

Certificate permissions Domain Computers

We are done with creating the Certificate Template for Code Signing Certificate with the name manishbangia.com Code Signing, we can close the window Certificate Templates Console to return back to Certificate Authority.

Under Certificate Authority > Certificate Templates, right click and select New > Certificate Template to issue.

Certificate Template to issue

Under Enable Certificate Templates window, select recently created Code Signing Certificate and click OK.

Enable Certificate Templates

We can now see our Code Signing Certificate listed under Certificate Templates and ready to be used.

Certificate Templates

Launch Current user certificate store, this can be launched in 2 ways:

  • Easiest way is to run command – certmgr.msc
  • Another way is to launch mmc and add following Snap-ins – Certificates > My user Account
Add Certificate under mmc

Under Certificates – Current User > Personal > Certificates, right click and select All Tasks > Request new certificate

Request new Certificate

Under Request Certificates, click the Code Signing Certificate we created previously

Request Certificates

Click on More information is required to enroll for this certificate. Click here to configure settings. This is required as we previously we have selected to “supply in request” for Subject name.

Under Certificate Properties > Subject name, with Full DN selected provide a value such as CN=manishbangia.com and click on Enroll.

We can see manishbangia.com certificate issued under Personal certificate store showing 5 years of validity starting from today.

Personal Certificates

Right click this certificate > All Tasks > Export. Click Next on Welcome page.

Under Certificate Export Wizard page, select “Yes, export the private key” and click Next.

Export private key

Under Export File format, select Personal Information Exchange – PKCS #12 (.PFX) with default selection and click Next.

Export file format

Under Security page, provide the password and click Next.

Certificate Export Wizard

Under File to Export, provide the location where this certificate is going to be saved in pfx format.

file to export

We have now certificate successfully exported under c:\temp directory.

Create MSIX package using MSIX packaging tool

We are going to use MSIX Packaging Tool which will help us repackaging the existing application in MSIX format. MSIX Packaging Tool can be installed through Microsoft Store

What is MSIX Packaging Tool

With MSIX Packaging tool, you can convert following of the below options to MSIX application package:

  • MSI
  • EXE
  • ClickOnce
  • App-V
  • Script
  • Manual installation

How to install MSIX Packaging Tool in offline mode

If you have internet connectivity issue or don’t have direct access to Microsoft Store, you can download the latest version of MSIX Packaging Tool from here – Download MSIX Packaging Tool offline. Offline package downloaded will be having msixbundle extension.

Run following command to install MSIX Packaging Tool using PowerShell:

Add-AppPackage -Path C:\Toos\MSIXPackagingTool_1.2022.110.0.msixbundle

It is recommended to install MSIX Packaging Tool on a VDI or any system which has minimal applications installed as we are going to capture the application installation instructions during whole process.

If you have Hyper-V installed, you can easily create one of the Virtual machine with MSIX Packaging Tool Environment. For this launch Hyper-V Manager, right click and select Quick Create.

This brings up a windows with “Select and operating system” where we have following options:

MSIX Packaging Tool Environment
Ubuntu 18.04.3 LTS
Ubuntu 19.10
Ubuntu 20.04
Windows 11 dev environment.

MSIX Packaging Tool Environment

Once you select MSIX Packaging Tool Environment, it will download and create VM for you latest Windows 10 Operating system installed along with MSIX Packaging Tool already in there, this will require approx. 5 GB of download from internet.

If you are manually installing tool from Microsoft store, following prerequisites are required for MSIX Packaging Tool:

  • Windows 10, version 1809 (or later)
  • Participation in the Windows Insider Program (if you’re using an Insider build)
  • A valid Microsoft account (MSA) alias to access the app from the Microsoft Store
  • Admin privileges on your PC account

Once Tool is installed on separate Windows 10 / Windows 11 system, launch it and select Application package (with Modification package and Package editor as additional options).

MSIX Packaging Tool

On Create new package page, under Packaging method select Create package on this computer and click Next.

On Prepare computer page, tool will go through few checks and will install MSIX Packaging Tool Driver

You might see following error while trying to install MSIX Packaging Tool Driver:

Driver Installation failure
We encountered an error when trying to install your driver. More information is available in your logs.

Driver installation failure

Make sure you have access to Microsoft store ( as one of the prerequisite) or else you will get Error code 0x80131500.

If you phase the above error, navigate to Get the MSIX packaging Tool driver, this page will allow us to download the specific FOD.cab file which contains the driver (MSIX packaging tool driver is part of Feature on Demand (FOD) package )

Once MSIX Packaging Tool Driver is installed, return to Packaging Tool, select “Windows Search is active” and click Next.

Windows Search is active

On Choose the installer you want to package, browse to select the downloaded Notepad++ installer.

Under Signing preference, we can either go with Sign with Device Guard signing version 2 or Sign with a certificate (.pfx), we are going to use the latter one. Browse for the certificate we created previously and provide the password and click Next.

Choose the installer you want to package

On Package information page, provide:

Package Name: NotePadPlusPlusMSIX

Package display name:NotePadPlusPlus MSIX

Publisher name: This will be auto populated based upon subject name we specified earlier for the certificate

Publisher display name: manishbangia.com

Version: Provide the info for the version such as 8.2.1

Package Description: NotePadPlusPlus MSIX Application

Installation location: leave it blank for default location

Package information

On Installation page, it will trigger the application installer, click on the user interface to initiate the installation process. Whatever we are doing here is getting monitored along with files getting created and registry values getting created and will be saved as part of our msix package to be used.

Once the installation is done, uncheck the box Run Notepad++v8.2.1 and click Finish.

If application requires restart, this is the perfect time to do so by clicking Restart machine as same behaviour will be captured for our msix package, click Next.

Create new package

On Manage first launch tasks page, you have option to specify post-installation tasks. This could be important in scenario where you wanted to customise the application for user such as changing the default save location etc, click Next.

MSIX Packaging Tool will give you warning with Yes, move on to start creating the packaging process.

Are you done with MSIX Packaging tool

Service report page will be detecting any service changes (start / stop ) to capture, click Next.

Services report

On Create package page, provide the save location, just for the sake of understanding you may also click on Package editor to provide more enhance custom settings.

MSIX Packaging Tool Package editor

Package editor consists of:

  • Package information : This consist of basic package information we provided earlier
Package Editor Package Information
  • Services report : This is the same Service report page which used to capture the service status
  • Capabilities: This page shows the capabilities you can provide for this package
Package editor Capabilities
  • Virtual registry : This shows the registry values created as part of the application installation, this is the good time to create your own registry values used for company branding.
Package editor Virtual registry
  • Package files: This will show all files and folders created during application installation process.

We are good to go as we are not doing any further customization, hence click on Create.

Here you go, you will have MSIX package created successfully under save location, we can also check Package report logs which will be located under c:\users\username\AppData\Local\Packages

MSIX package successfully created

Let’s try to install the application which is available with following name NotePadPlusPlusMSIX_1.0.0.0_x64__twve9bt9x6ty8.msix

While trying to install msix file by double clicking it, we see following error

NotePadPlusPlus MSIX installation failed, reason:

To install this app, enable sideload apps mode and re-initiate the install. If you can’t enable it, ask your system administrator to unlock the device for sideloading (0x80073CFF)

enable sideload apps mode and re-initiate the install

The reason for this error is Microsoft doesn’t allow to install any msix application, by default applications installed through Microsoft Store apps are allowed. To change this behaviour, navigate to Settings > Update & Security > For developers, under Developer features we have 3 options:

Microsoft Store apps
Sideload apps
Developer mode

Sideload apps

Select Sideload apps and try to install the msix file again. This time we see Notepad++ installed successfully.

Important LInks

Microsoft Intune – MSIX | Microsoft Docs

What is MSIX? – MSIX | Microsoft Docs

MSIX Packaging Tool Overview – MSIX | Microsoft Docs

Sign an MSIX package with Device Guard signing – MSIX | Microsoft Docs