This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 38%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
We are currently using a WinUI 3 application packaged and deployed as an MSIX Bundle (.msixbundle) via sideloading, using an AppInstaller file. This approach is working fine in standard integrity levels, and updates are being handled via the AppInstaller auto-update mechanism.
However, in our scenario, the application needs to run in a Low Integrity Level for security isolation purposes. Under this constraint:
The AppInstaller service appears to be inaccessible from the low-integrity context.
Manual update attempts also fail silently or are blocked.
🔹 We are specifically using .msixbundle (not .msix) to support multiple architectures in a single deployment.
💡 Feature Request / Concern:
We'd like guidance and/or support for either:
Enabling MSIX Bundle auto-updates via AppInstaller when running in Low Integrity.
Official Microsoft-recommended alternatives to support secure auto-updates for apps in sandboxed or restricted environments.
Questions:
Is there a supported mechanism to initiate or delegate updates from a background service or helper?
Is Microsoft planning support for these scenarios in future versions of Windows or AppInstaller?
Thank you!We are currently using a WinUI 3 application packaged and deployed as an MSIX Bundle (.msixbundle) via sideloading, using an AppInstaller file. This approach is working fine in standard integrity levels, and updates are being handled via the AppInstaller auto-update mechanism.
However, in our scenario, the application needs to run in a Low Integrity Level for security isolation purposes. Under this constraint:
The application cannot initiate or trigger auto-updates.
The AppInstaller service appears to be inaccessible from the low-integrity context.
Manual update attempts also fail silently or are blocked.
🔹 We are specifically using .msixbundle (not .msix) to support multiple architectures in a single deployment.
💡 Feature Request / Concern:
We'd like guidance and/or support for either:
Enabling MSIX Bundle auto-updates via AppInstaller when running in Low Integrity.
Official Microsoft-recommended alternatives to support secure auto-updates for apps in sandboxed or restricted environments.
Questions:
Is there a supported mechanism to initiate or delegate updates from a background service or helper?
Is Microsoft planning support for these scenarios in future versions of Windows or AppInstaller?
Thank you!