Windows Developers Archives - Windows Developer Blog

Windows ML is generally available: Empowering developers to scale local AI across Windows devices

Athima Chansanchai, Writer — Tue, 23 Sep 2025 19:00:03 +0000

The future of AI is hybrid, utilizing the respective strengths of cloud and client while harnessing every Windows device to achieve more. At Microsoft, we are reimagining what’s possible by bringing powerful AI compute directly to Windows devices, unlocking a new era of intelligence that runs where you are. With groundbreaking advancements in silicon, a modernized software stack and deep OS integration, Windows 11 is transforming into the world’s most open and capable platform for local AI. Today we are excited to share that Windows ML is now generally available for production use to assist developers with deploying production experiences in the evolving AI landscape. First introduced at Build 2025, Windows ML is the built-in AI inferencing runtime optimized for on-device model inference and streamlined model dependency management across CPUs, GPUs and NPUs, serving as the foundation for Windows AI Foundry and utilized by Foundry Local to enable expanded silicon support which is being released today. By harnessing the power of CPUs, GPUs and NPUs from our vibrant silicon partner ecosystem and building on ONNX’s strong momentum, Windows ML empowers developers to deliver real-time, secure and efficient AI workloads — right on the device. This ability to run models locally enables developers to build AI experiences that are more responsive, private and cost-effective, reaching users across the broadest range of Windows hardware. https://youtu.be/Mow9UY_9Ab4

Bring your own model and deploy efficiently across silicon – securely and locally on Windows

Windows ML is compatible with ONNX Runtime (ORT), allowing developers to utilize familiar ORT APIs and enabling easy transition for existing production workloads. Windows handles distribution and maintenance of ORT and the Execution Providers, taking that responsibility on from the App Developer. Execution Providers (EPs) are the bridge between the core runtime and the powerful and diverse silicon ecosystem, enabling independent optimization of model execution on the different chips from AMD, Intel, NVIDIA and Qualcomm. With ONNX as its model format, Windows ML integrates smoothly with current models and workflows. Developers can easily use their existing ONNX models or convert and optimize their source PyTorch models through the AI Toolkit for VS Code and deploy across Windows 11 PCs. [caption id="attachment_57579" align="alignnone" width="1024"] Windows ML Stack Diagram[/caption] While AI developers work with various models, Windows ML acts as a hardware abstraction layer offering several benefits:

Simplified Deployment: Our infrastructure APIs allow developers to support various hardware architectures without multiple app builds by leveraging execution providers available on the device or by dynamically downloading them. Developers also have the flexibility to precompile their models ahead-of-time (AOT) for a streamlined end-user experience.

Reduce App Overhead: Windows ML automatically detects the user’s hardware and downloads the appropriate execution providers, eliminating the need to bundle the runtime or EPs in a developer’s application. This streamlined approach saves developers tens to hundreds of megabytes in app size when targeting a broad range of devices.

Compatibility: Through collaboration with our silicon partners, Windows ML aims to maintain conformance and compatibility, supporting ongoing updates while ensuring model accuracy across different builds through a certification process.

Advanced Silicon Targeting: Developers can assign device policies to optimize for low power (NPU), high performance (GPU) or specify the silicon used for a model.

For a more technical deep dive on Windows ML, learn more here.

Windows ML, optimized for the latest hardware in collaboration with our silicon partners

Windows 11 has a diverse hardware ecosystem that includes AMD, Intel, NVIDIA and Qualcomm and spans the CPU, GPU and NPU. Consumers can choose from a range of Windows PCs and this variety empowers developers to create innovative local AI experiences. We worked closely with our silicon partners to ensure that Windows ML can fully leverage their latest CPUs, GPUs and NPUs for AI workloads. The way this works is silicon partners build and maintain execution providers that Windows ML distributes, manages, and registers to run AI workloads performantly on-device, serving as a hardware abstraction layer for developers and a way to get optimal performance for each specific silicon. AMD has integrated Windows ML support across their Ryzen AI platform, enabling developers to harness the power of AMD silicon via AMD’s dedicated Vitis AI execution provider on NPU, GPU and CPU. Learn more. “By integrating Windows ML support across our Ryzen AI platform, AMD is making it easier for developers to harness the combined power of our CPUs, GPUs and NPUs. Together with Microsoft, we’re enabling scalable, efficient and high-performance AI experiences that run seamlessly across the Windows ecosystem.” - John Rayfield, corporate vice president, Computing and Graphics Group, AMD Intel’s EP combines OpenVINO AI software performance and efficiency with Windows ML, empowering AI developers to easily choose the optimal XPU (CPU, GPU or NPU) for their AI workloads on Intel Core Ultra processor powered PCs. Learn more. “Intel’s collaboration with Microsoft on Windows ML* empowers developers to effortlessly deploy their custom AI models and applications across CPUs, GPUs and NPUs on Intel’s AI-powered PCs. With the OpenVINO framework, Windows ML* accelerates the delivery of cutting-edge AI applications, enabling faster innovation with unmatched efficiency unlocking the full potential of Intel Core Ultra processors.” - Sudhir Tonse Udupa, vice president, AI PC Software Engineering, Intel NVIDIA’s TensorRT for RTX EP enables AI models to be executed on NVIDIA GeForce RTX and RTX PRO GPUs using NVIDIA’s dedicated Tensor Core libraries for maximum performance. This lightweight EP generates optimized inference engines — instructions on how to run the AI model — for the system’s specific RTX GPU. Learn more. “Windows ML with TensorRT for RTX delivers over 50% faster inferencing on NVIDIA RTX GPUs compared to DirectML in an easy-to-deploy package, enabling developers to scale generative AI across over 100 million Windows devices. This combination of speed and reach empowers developers to create richer AI experiences for Windows users.” - Jason Paul, vice president, Consumer AI, NVIDIA Qualcomm Technologies and Microsoft worked together to optimize Windows ML AI models and apps for the Snapdragon X Series NPU using the Qualcomm Neural Network Execution Provider (QNN EP) as well as GPU and CPU through integration with ONNX Runtime EPs. Learn more here. "With Windows ML now live and the preview of Foundry local, this is a pivotal moment for AI developers on Windows. The new Windows ML runtime not only delivers cutting-edge on-device inference but also simplifies deployment, enabling developers to fully harness advanced AI processors on Snapdragon X Series platforms. Its unified framework and support for NPUs, GPUs and CPUs ensure exceptional performance and efficiency across Snapdragon Windows PCs. As agentic AI experiences become mainstream, our deep collaboration with Microsoft is accelerating innovation and bringing the best AI experiences to Windows Copilot+ PCs and soon to our next-generation Snapdragon X2 platform.” - Upendra Kulkarni, VP, Product Management, Qualcomm Technologies, Inc.

Enabling local AI in the Windows software ecosystem

While developing Windows ML, we prioritized feedback from app developers building AI-powered features. We previously worked with app developers to test the integration with Windows ML during public preview. Leading software app developers such as Adobe, BUFFERZONE, Dot Inc., McAfee, Reincubate, Topaz Labs and Wondershare are among many others working on adopting Windows ML in their upcoming releases, accelerating the proliferation of local AI capabilities across a broad spectrum of applications. By leveraging Windows ML, our software partners can focus on building unique AI-powered features without worrying about hardware differences. Their early adoption and feedback show strong momentum toward local AI, enabling faster development and unlocking new local AI experiences across a variety of use cases:

Adobe Premiere Pro and Adobe After Effects – accelerated semantic search of content in the media library, tagging audio segments by type, and detecting scene edits, all powered by local NPU in upcoming releases; with plans to progressively migrate the full library of existing on-device models to Windows ML.

BUFFERZONE enables real-time secure web page analysis, protecting users from phishing and fraud without sending sensitive data to the cloud.

Camo by Reincubate leverages real-time image segmentation and other ML techniques to improve webcam video quality when streaming and presenting while using the NPU across all silicon providers.

Dot Vista by Dot Inc. supports hands-free voice control and optical character recognition (OCR) for accessibility scenarios, including deployments in healthcare environments using NPUs in Copilot+ PCs.
Filmora by Wondershare uses AI-powered body effects optimized for NPU acceleration on AMD, Intel and Qualcomm platforms, including real-time preview and application of Body effects such as Lightning Twined, Neon Ring and Particle Surround.
McAfee uses automatic detection of deepfake videos and other scam vectors that can be encountered on social networks.

Topaz Photo by Topaz Labs is a professional-grade image enhancement application that lets photographers sharpen details, restore focus and adjust levels on every shot they take - all powered by AI.

Simplified tooling for Windows ML

Developers can take advantage of Windows ML by starting with a robust set of tools for simplified model deployment. AI Toolkit for VS Code provides powerful tools for model and app preparation, including ONNX conversion from PyTorch, quantization, optimization, compilation and evaluation – all in one place. These features make it easier to prepare and deploy efficient models with Windows ML, eliminating the need for multiple builds and complex logic. Starting today, developers can also try custom AI models with Windows ML in AI Dev Gallery, which offers an interactive workspace to make it easier to discover and experiment AI-powered scenarios using local models.

Get started today

With Windows ML now generally available, Windows 11 provides a local AI inference framework that’s ready for production apps. Windows ML is included in the Windows App SDK (starting with version 1.8.1) and supports all devices running Windows 11 24H2 or newer. To get started developing with Windows ML:

Update your project to use the latest Windows App SDK
Call the Windows ML APIs to initialize EPs, and then load any ONNX model and start inferencing in just a few lines of code. For detailed tutorials, API reference and sample code, visit ms/TryWinML
For interactive samples of custom AI models with Windows ML, try the AI Dev Gallery at ms/ai-dev-gallery

Develop local AI solutions with Windows ML

Windows development has always been about enabling developers to do more with software and hardware. Windows ML lets both new and experienced developers build AI-powered apps easily, focusing on innovation and reducing app size. We at Microsoft are excited to see what new experiences you will create using Windows ML across Windows 11 PCs. The era of intelligent, AI-enhanced Windows apps is here – and it’s available to every developer. Let’s usher in this new wave of innovation together with Windows ML!

Editor’s note — September 24, 2025 — Updated to reflect announcements at Qualcomm's Snapdragon Summit on Sept. 24 and correct link for McAfee.

What’s new in Windows App SDK 1.6

Wed, 04 Sep 2024 22:00:03 +0000

We are proud to announce that version 1.6 of the Windows App SDK is now available! Whether you’re looking for the incredible performance boost and footprint reduction of Native AOT support, enhancements for deploying your package, or quality of life improvements for controls like PipsPager and RatingControl, WinAppSDK 1.6 offers a raft of new features, performance boosts and structural changes that enable you to make your native Windows apps better than ever before. The Windows App SDK provides a rich set of APIs and tools to help you build beautiful and fast Windows desktop apps, including any C++ Win32 or C# .NET app. You can harness the modern controls and polish of WinUI 3, which ships as part of the WinAppSDK, or if you have an existing app that uses Win32 such as WPF, you can take advantage of only the parts of the SDK that you need. The WinAppSDK also stays up to date with frequent and OS-independent releases so your app can always access the latest innovations.

Get started with the Windows App SDK

Check out the Windows App SDK overview page to learn more about it and see how to get started. Then, if you’re ready to dive into Visual Studio and begin with your first WinUI 3 app, see our setup instructions to start developing Windows apps.

New features and improvements

Native AOT support

With 1.6, the Windows App SDK now supports native Ahead-Of-Time (AOT) compilation! When publishing your app as a Native AOT app, you produce an app which has been compiled ahead of time to native code for faster startup time and a smaller memory footprint. We’re very excited to bring the powerful capabilities of Native AOT to developers through the Windows App SDK! In our sample Contoso Camera app, we measured a 50% reduction in start time, an ~8x reduction in package size when using a framework package and a ~2x reduction in package size when using Windows App SDK in self-contained mode. While your results might vary, we encourage you to give Native AOT a try if it’s right for your app! For more information about Native AOT, see Native AOT deployment. To get started with Native AOT in your Windows App SDK app, see our release notes for 1.6 for what you need to know and how to set it up.

Decoupled WebView2 versioning

Instead of embedding a hard-coded version of the Edge WebView2 SDK into the Windows App SDK, we now consume the Edge WebView2 SDK as a NuGet reference in 1.6. If your app uses WebView2 to display content, you can now choose a newer version of the Microsoft.Web.WebView2 package if you need to instead of the version that came with the Windows App SDK. Additionally, you can now reference NuGet packages which also reference the Edge WebView2 SDK, streamlining your dependencies. With these updates, we’ve decoupled the WinAppSDK from the Edge WebView2 API surface and brought NuGet’s sophisticated package management capabilities to the WebView2 space. Your WebView2-powered app experiences are now more versatile than ever and can tap into the newest WebView2 offerings at any time!

New Package Deployment APIs

Flexible and robust package management has been a mainstay of the Windows App SDK since its inception, and with the release of 1.6 we’re only making it better. We’ve improved package management APIs with new enhancements and quality-of-life updates including package removal, provisioning and detection of pending registration and locally available updates, easy feature availability detection for light-up scenarios and more. If your app uses MSIX packaging, these enhancements are tailored to make your life easier! For more details, you can peruse the pull request here or take a peek at the full spec here.

Improved TabView tab tear-out

The WinUI 3 TabView control has received a substantial update to the tab tear-out experience in 1.6 in the form of a new CanTearOutTabs mode, overhauling how a user drags tabs out of your app in a major way. In the new mode, dragging a tab out of your app’s TabView is very similar to the tab drag experience in Microsoft Edge and Google Chrome where a new window is immediately created during the drag. This allows users to visually see feedback of their action right away and it lets them drag the new window to the edge of the screen to maximize or snap it in one continuous motion. If you enable the new CanTearOutTabs mode in your TabView, you won’t have to worry about any drag-and-drop API limitations because it doesn’t use them. And, you won’t have to worry about whether tearing tabs out of your app will work if the app is run as an Administrator, because that’s supported. The developer and user experiences are seamless and smooth. If your app uses TabView, you should take the new tear-out mode for a spin!

Other control updates

While smaller in scale, in 1.6 we’ve added some polish and updates to a few other controls in WinUI 3 as well. PipsPager now supports a new mode that wraps between the first and last items: And RatingControl is now more customizable since we moved some previously hard-coded properties to the theme resources. Now, you can override these values in your app to handcraft RatingControl’s appearance. We’ve also unsealed ItemsWrapGrid, which is a backwards-compatible change.

Additional updates

And finally, we’ve added a few other new APIs and features to round things out for 1.6. We filled a gap from UWP with a new ColorHelper.ToDisplayName() API, and we added a new Microsoft.Windows.Globalization.ApplicationLanguages class in MRTCore that includes a new PrimaryLanguageOverride feature for fine-tuning your app’s display language.

Staying in the loop

You can stay up to date with the team on the Windows App SDK GitHub repo and the WinUI GitHub repo, and through our quarterly WinUI Community Calls where we share roadmap updates and other exciting news, as well as demo new features. You can also connect with us on X using #WindowsAppSDK and @WindowsUI. We look forward to seeing the beautiful apps you create with WinAppSDK 1.6 & WinUI 3! Happy coding! Windows App SDK team

DirectML expands NPU support to Copilot+ PCs and WebNN

Thu, 29 Aug 2024 21:19:09 +0000

AI is transforming the way we interact with technology, enabling new and improved experiences across a variety of scenarios. DirectML empowers developers to bring their AI innovations to Windows and utilize local hardware acceleration to scale across the breadth of Windows devices. Today, we are excited to share how DirectML continues to expand platform support for NPUs on Copilot+ PCs and WebNN.

DirectML now supports Copilot+ PCs, powered by Snapdragon® X Elite Compute Platform

We are thrilled to announce that DirectML now supports Copilot+ PCs, powered by Qualcomm® Hexagon NPU in the Snapdragon® X Elite Compute Platform. Copilot+ PCs bring exceptional performance and energy efficiency, enabling amazing AI experiences on Windows. With DirectML, the foundational component for the Windows Copilot Runtime, developers can now target these machines to scale AI across Windows. Upendra Kulkarni, Vice President - Compute Software Product Management at Qualcomm echoes Microsoft’s sentiment, “With Snapdragon X Elite, we introduced industry-leading NPU with 45 TOPS of AI performance at incredible power efficiency. DirectML is a developer friendly ML programming interface that uses familiar DirectX API structure. By supporting DirectML on our NPU, developers are now able to easily access its phenomenal capability easily and can port their models from GPU to NPU with minimal effort. We collaborated extensively with Microsoft to optimize DirectML for NPU to maximize hardware performance. We are excited to be co-announcing this developer preview program.”

Getting started with DirectML on Copilot+ PCs

System Requirements

Ensure you have the correct versions of DirectML, ONNX Runtime (ORT), Windows and the minimum versioned Qualcomm® Hexagon NPU driver.

DirectML minimum version of 1.15.4 or greater (ARM64) 
ONNX Runtime minimum version of 1.18 (ARM64) 
Windows 11, version 24H2 or newer
Qualcomm® Hexagon NPU Driver minimum version 1.0.0.10

Developer-Environment Set-up on Your Copilot+ PC

Let’s walk through how you can utilize DirectML and ONNX Runtime to leverage a set of models on the Copilot+ PC powered by Qualcomm® Hexagon NPU. First, you need to ensure you have the latest Qualcomm® Hexagon NPU driver package. Setting up a Qualcomm dev account is your very first step:

Create an account at https://qpm.qualcomm.com/

Now, log in with your account credentials and click the following link: Qualcomm Package Manager 3 and download the latest driver available. Then, follow the steps below to download the Qualcomm® Hexagon NPU Driver Package for Windows:

Change OS from "Windows" to "Windows (ARM64)"
Click Download (latest driver version available)
Extract QHND.Core.1.0.0.10.Windows-ARM64.zip (or latest driver available zipped file)
Run PreAlpha_QCHexagon_NPU_Driver installer
Verify that "Neural processors > Snapdragon® X Elite … NPU" has the latest driver version as specified in the release notes included in the ZIP file.

With the driver package installed and the minimum versions of DirectML, ORT and Windows enabled, try this ESRGAN super-resolution model sample to build a C++ application that runs on the new Copilot+ PCs!

Developers who used DirectML on their Surface device from Aug. 29 through the latest Windows Surface Hardware Update in September 2024

If you downloaded the Alpha NPU Driver Package V0.0.0.9 to test DirectML on your Copilot+ PC, recent Windows Updates may have affected the NPU functionality. To maintain DirectML functionality and NPU operational stability, please install the latest driver package V1.0.0.10 as instructed above. Although we recommend installing the latest driver package to resolve this issue, you may choose to uninstall v0.0.0.9 Alpha Driver Package instead:

1. - Navigate to Settings/Apps/Installed apps
  - Search for “Pre-Alpha Qualcomm Hexagon (NPU) Driver”
  - Select the “...” and click on Uninstall.
  - Follow the steps to remove the driver

Current capabilities and limitations

DirectML is rapidly expanding, and we are simplifying how developers can utilize the various local accelerators, hardware variations, and frameworks across Windows. There are constraints with what is available today and they are highlighted below:

1. - C++ Developers need to depend on DirectML 1.15. as a redistributable package within their app (reference the sample above)
  - NPU selection through the Python API for ONNX Runtime is not available currently but is coming soon!
  - Functionality has been verified on Surface Copilot+ PCs and limited other OEMs
  - There are specific models that DirectML guarantees will work on Qualcomm® Hexagon NPU. Please leverage these exact ONNX versions during model sampling.
    - Developers will experience error code DXGI_ERROR_UNSUPPORTED (0x887A0004) stating “The specified device interface or feature level is not support on this system.” when attempting to use models outside of supported models.
    - For testing any models outside of our supported list, developers may enable windows developer mode (settings/systems/for developers). Models that are run in this mode may have undefined behavior.

We are excited for this initial release and the continued expansion of DirectML on Copilot+ PCs. Stay tuned for more capabilities and announcements as we continue our investment in this space. Please visit aka.ms/DirectML with our latest support documentation.

DirectML unlocks NPUs for web-based machine learning with WebNN NPU Developer Preview

At Build, we launched the WebNN Developer Preview across Windows GPUs, and showcased initial support for NPUs, powered by DirectML. We are excited to announce that web developers can now leverage the power of NPUs on Windows devices with the latest release of DirectML and WebNN Developer Preview. This release enables support for an initial set of models on Intel® Core™ Ultra processors with Intel® AI Boost and the Copilot+ PC, powered by Qualcomm® Hexagon™ NPUs that you can try out today on the WebNN Developer Preview website. WebNN is an emerging web standard that defines how to run machine learning models in the browser and offers new possibilities for bringing AI innovations to the web. It defines how to interface with hardware acceleration APIs such as DirectML, enabling web sites to leverage the GPU or NPU on a user’s PC to run AI locally. DirectML, a key foundational component of the Windows Copilot Runtime, uniquely simplifies how developers can scale their AI innovations, through a single, cross-hardware DirectX API that provides a secure, consistent, performant experience across different hardware architectures. WebNN also supports integration with machine learning frameworks, like ONNX Runtime Web (ORT Web), which is part of the ONNX Runtime project. ORT Web is a JavaScript library that enables you to run ONNX models in the web browser and extends the Execution Provider (EP) framework to include WebNN as an EP. Enabling DirectML across NPUs with WebNN is only possible with the support and close collaboration of hardware partners like Intel. Intel Fellow, Moh Haghighat, remarked: “Intel is excited that WebNN and DirectML can now provide countless web developers the ability to harness the power and efficiency of Intel’s NPU for creating and executing innovative machine learning features in web applications on AI PCs. We eagerly look forward to the new possibilities that WebNN and DirectML bring to web developers and the web users around the world who will benefit from faster, smarter, and more engaging web applications.” This is just the beginning of our journey to enable AI on the web with WebNN and DirectML. Stay tuned for upcoming releases that will include more functionality and broader model coverage, including generative AI models.

Get started with the WebNN Developer Preview

With the WebNN Developer Preview, powered by DirectML and ORT Web, you can run ONNX models in the browser with hardware acceleration and minimal code changes. To get started with WebNN on DirectML compatible devices you will need:

- Window 11, version 24H2 or newer
- Insider version of Edge (exact instructions provided below)
- The latest driver from our WebNN NPU Partners:
  - Intel® Core™ Ultra NPU Driver for Windows
  - Qualcomm® Hexagon NPU Driver Package V1.0.0.10 (See instruction set above)

Now that you have the latest NPU driver installed, here are the exact steps required to sample models with the WebNN framework.

Enabling Insider version of Edge for WebNN Dev Preview

Microsoft Edge Canary or Dev Channel with WebNN flag enabled in about:flags
1. Download from https://www.microsoft.com/en-us/edge/download/insider
2. Run installer
3. Navigate to about://flags
4. Search for "Enables WebNN API" and change it to "Enabled"
5. Exit browser
Download DirectML redistributable:
1. Download DirectML from https://www.nuget.org/packages/Microsoft.AI.DirectML
2. Rename microsoft.ai.directml.1.15..nupkg to microsoft.ai.directml.1.15..nupkg.zip and extract it
3. Note that the minimum version of DML 1.15.4 is recommended for WebNN Dev Preview
Copy microsoft.ai.directml.1.15..nupkg.zip\bin\-win\directml.dll to the appropriate directory (replace with x64 on Intel devices and arm64 on Qualcomm devices)
1. Edge Dev: “C:\Program Files (x86)\Microsoft\Edge Dev\Application\129.0.2779.0\”
  - When the dialog asks for Administrator permission, choose “Continue"
2. Edge Canary: “%LOCALAPPDATA%\Microsoft\Edge SxS\Application\129.0.2779.0\”
3. Note the following on copying Directml.dll to Edge directory:
  - The version-specific directory (129.0.2779.0) may differ on your machine
  - New versions of Edge may require directml.dll to be recopied to the directory
Launch Edge insider:
1. Open terminal and change your working directory to the Edge Insider build:
  - If using Edge Dev: “C:\Program Files (x86)\Microsoft\Edge Dev\Application”
  - If using Edge Canary: “%LOCALAPPDATA%\Microsoft\Edge SxS\Application”

.\msedge.exe -use-redist-dml -disable_webnn_for_npu=0 -disable-gpu-sandbox

Now, you can run samples with the WebNN Framework by navigating to aka.ms/webnn in the canary browser and choosing either Image Classification or Whisper Base samples (and don’t forget to click the 'npu' button) or by directly linking here: MobilNetV2 NPU Selected / ResNet50 NPU Selected / EfficientNetV4 NPU Selected / Whisper Base NPU Selected Note, model start up times may be >1 minute; NPUs are in a rapid optimization stage so compile times will improve as we move WebNN to production trials. For more instructions and information about supported models and operators, please visit our documentation.

Additional links

To find out more information, we encourage you to visit these sites below:

Looking ahead

DirectML is excited to continue to expand support across Copilot+ PCs and frameworks like WebNN and the ONNX Runtime. Stay tuned for more exciting updates as we continue to innovate and bring cutting-edge AI capabilities that allow you to scale your AI innovations across Windows. As always, we appreciate your feedback and would like to learn from your experiences with NPU support in DirectML. To provide feedback and report issues, use the GitHub issues on the DirectML repository or provide general feedback at aka.ms/directml feedback hub. Make sure to include the details of your device, your Windows build, your DirectML application and your machine learning model when reporting an issue and/or feedback! Editor’s note – Aug. 29, 2024 – The post above was updated to correct the name of the package to download from the Qualcomm Package Manager site. Editor's note -- Sept. 23, 2024: The post above was updated with new directions (in italics, except for testimonials) to ensure DML and NPU driver compatibility on Surface devices. Editor's note -- Oct. 28, 2024: This content was updated with new directions to access the latest Qualcomm driver, which enables DirectML on Dell and Surface Window Copilot+ PCs, powered by Qualcomm® Hexagon NPU in the Snapdragon® X Elite Compute Platform.

Microsoft Photos: Migrating from UWP to Windows App SDK

Mon, 03 Jun 2024 17:00:57 +0000

The Microsoft Photos App team recently released a major update, switching platforms from UWP to Windows App SDK. This blog post documents our experience switching platforms, including some impactful benefits and some interesting technical challenges. The new Photos application is already fully rolled out to Windows Insiders and is now rolling out to Retail customers starting with version 2024.11050.3002.0 and above.

Concurrent Development & Replatforming

As one of the most frequently used apps, we're continually releasing new features such as Slideshow, Background Removal and Generative Erase. Maintaining the ability to ship new features like these on UWP, whilst also progressing the platform switch to Windows App SDK was paramount. In simple terms, this meant all changes – both new features and Windows App SDK changes – had to go into our primary development branch. To do this with the least amount of disruption, we adopted some strategies to ensure code changes were compatible with both platforms concurrently:

Parallel Pull Request build validation for both UWP & Windows App SDK app variants
Conditional compilation (ifdefs) for similar but incompatible APIs

Namespace aliases for equivalent Windows:: and Microsoft:: APIs

#ifdef WIN_APP_SDK
namespace WUXM = winrt::Microsoft::UI::Xaml::Media;
#else
namespace WUXM = winrt::Windows::UI::Xaml::Media;
#endif

Conditional inclusion of XAML source files since conditional compilation is unsupported

Processes & Integrity Level

In UWP applications, processes run at lowIL (low integrity level), also known as ‘AppContainer’, meaning certain APIs are restricted or could require additional user confirmation prompts. In Win32 applications, including Windows App SDK, processes generally run at mediumIL (medium integrity level), meaning the app has a higher privilege level. Using Windows App SDK, we can now save an edited file in the same folder as the original file (e.g. “foo_edited.jpg”) without requesting the user to choose the destination folder. Due to reasons including cross-platform compatibility and privilege checking, equivalent UWP APIs such as StorageFolder.GetFilesAsync can be orders of magnitude slower than their corresponding Win32 APIs such as FindNextFile. This is especially true for file system APIs, and when dealing with large photo collections spanning 100,000+ files, the performance difference could be significant – seconds vs minutes.

PhotosService.exe

Requiring users to wait several minutes to see all their media wouldn’t be a great user experience. To achieve acceptable performance with the UWP version of the Photos App, we used a multi-process architecture including both a lowIL primary process, and a mediumIL background process “PhotosService.exe” – a restricted capability only available to verified publishers. Implementing this required significant complexity:

Using WAP (Windows Application Packaging) to package both UWP and Win32 Applications for deployment
Adding the restricted “runFullTrust” capability in the AppxManifest to allow the inclusion of a mediumIL executable in the package
Building an IPC (interprocess communication) system using Named Pipes to allow RPC calls between two processes:

[caption id="attachment_57038" align="aligncenter" width="1024"] UWP Photos App Process Architecture[/caption] With the migration to Windows App SDK, this complex logic has been removed and integrated into a single process, dramatically simplifying our app architecture, and bringing improved performance due to the removal of interprocess communication. One important point on the new approach is that Photos is still a multi-threaded application, and to receive File System notification events it was necessary to implement a headless window on a separate thread to isolate it from the XAML UI thread. [caption id="attachment_57039" align="aligncenter" width="1024"] Windows App SDK Photos App Process Architecture[/caption]

WebView2

Another huge benefit of Windows App SDK is the addition of WebView2, built upon the new Chromium-based Edge browser. The Photos App uses web tech in a few places, including with our cross-platform image editor used in both OneDrive and the Photos App. Some key benefits of WebView2 include:

WebGL support enabling improved image rendering quality.
Superior performance when sharing high quality images between the native and web layers using SharedBuffer.
Supporting a more up to date version of Chromium, which carries the latest improvements and security updates.
Allowing us to optimize the performance of our AI Service which requires sending pixel buffers back and forth from our Web Editor to our Native App for AI inference.

Maintenance and Support

As an Inbox app (included in Windows), we need to ensure Photos is running reliably for users across all supported versions of Windows. In Windows App SDK, most of the platform code is shipped as part of the WindowsAppRuntime package, in stark contrast to UWP where it’s all shipped as part of the Windows operating system. The key difference between these two models is that users automatically get the latest platform updates to the Photos App on Windows App SDK, whereas in UWP they would have to wait for those changes to be included in Windows Update servicing patches. In practical terms, this means we’ve often needed to use polyfills to patch bugs, re-implement missing APIs, or even disable features entirely on older OS versions. With Windows App SDK this is no longer needed, saving precious development time and reducing the testing overhead required for different OS versions.

Technical Challenges

ASTA vs STA

In UWP, the threading model was based on ASTA (Application Single-Threaded Apartment) which has a mechanism to protect the XAML UI thread against reentrancy. In contrast, Windows App SDK uses a regular STA model which requires some extra care when executing certain calls from the XAML UI thread, which could otherwise cause reentrancy and Stowed Exceptions. For most of the cases the fix would be to re-enqueue the problematic call with the DispatcherQueue if it has to run in the UI thread. Another approach is to offload certain tasks to a background thread to decouple the re-entrant logic from the UI thread.

AutoPlay Support

One major feature of Photos is the ability for users to connect flash drives and mobile phone devices to import their media files. In Windows App SDK this feature has not yet been implemented, but there is a good alternative using Win32 shell APIs and desktop3:AutoPlayHandler. This feature works by deploying and running a separated COM server process that handles autoplay activation and launches the Photos App’s import workflow. [caption id="attachment_57040" align="aligncenter" width="1024"] Photos App Autoplay Architecture[/caption]

Looking Ahead

Switching to Windows App SDK has allowed the Photos App to continue using the beautiful, cohesive, native user interface components included in WinUI, whilst adding the ability to directly call Win32 APIs and maintaining compatibility with the majority of UWP APIs. On the platform side, switching to Windows App SDK enables all Photos App users to receive the latest stability & performance improvements immediately, since the Windows App Runtime updates as a dependency of the Photos App package install. Upgrading from UWP to Windows App SDK represents a larger change than previous Windows app platform updates, however the corresponding benefits significantly outweigh the development cost. https://www.youtube.com/watch?v=-72BHXxS2os In the future we’ll be taking further advantage of Windows App SDK by having each Photos App window run in its own process – an architecture already used with overwhelming success in Chromium-based web browsers such as Microsoft Edge. Enjoy this sneak-peek of the upcoming performance improvements!

Resources

To learn more about getting started with WinUI & Windows App SDK visit https://aka.ms/windev and check out these videos: Navigating Win32 App Development with WinUI and WPF | BRK241 How to create superior experiences with WinUI and WPF | BRK244

Microsoft App Assure helps Opera build Arm-optimized browser

Thu, 16 May 2024 16:00:04 +0000

The Microsoft App Assure team helps app developers around the world to ensure their users have top-notch experience on all Microsoft platforms. Today, I want to highlight one of our many successful engagements: the new Opera Browser for Arm-based Windows devices. In May, an Arm-optimized version of Opera for Windows was made available on the developer stream of the browser. Engineering assistance from the Microsoft App Assure team played a key role in this effort. The App Assure program delivers on Microsoft’s application compatibility promise: your apps will run on Windows on Arm, and if you encounter any issues, Microsoft will help you remediate them. This no-cost program has a proven track record helping over 300 market-leading developers build Arm-optimized apps for Windows. With the recent worldwide release of our Arm Advisory Service, more developers than ever before have been turning to App Assure for guidance. We continue to see excitement in the market for the coming wave of Windows PCs based on the Qualcomm Snapdragon X Elite platform. These new devices feature powerful on-device AI capability, which will herald a new age of groundbreaking AI features. As with all Arm-based Windows devices, they offer fast connectivity, extended battery life, best-in-class performance, advanced camera capabilities, along with many other benefits.

Porting to Windows Arm is easy

Windows users expect their favorite apps to work great on Arm-based PCs. To meet this expectation, App Assure engages with the most popular apps, such as the Opera Browser, helping them optimize for the platform. App Assure engineers worked directly with Opera’s engineering team, offering technical assistance and guidance. It quickly became apparent that both teams had a similar take on strong signals reflecting growing industry awareness of the performance and efficiency benefits offered by Arm devices. “Windows is our biggest audience, so it is very important for us to deliver a seamless experience on all Windows devices,” said Bartosz Wiklak, head of QA and Automation at Opera. “We had been seeing increased market excitement about the future of Arm-based PCs for some time. When the App Assure team got in touch with us, we decided it was a great time to start focusing on it. We always aim to be at the forefront of the adoption curve and offer more options for our customers.” Through a series of technical workshops, App Assure engineers met with Opera engineers to discuss the nuts and bolts of optimizing for Arm. These in-depth sessions provided a deep dive into the intricacies of Arm's architecture, covering details that go beyond simple cross-platform build configuration or signing multi-architecture app bundles. App Assure engineers also provided technical documentation to further Opera’s understanding of Windows on Arm. This work helped lay the foundation for a version of Opera that is not only compatible with Arm devices, but also takes advantage of the best-in-class performance offered by these devices. “Our experience developing for other Arm platforms was that it took quite a bit of work, so we were initially concerned about the time commitment. But when we looked deeper into it, we found out that a lot of the porting work had already been done in the Chromium project for the Arm-native release of Microsoft Edge. So, it was a very smooth process. We produced a first build in just a few days.” said Wiklak. “Once the builds passed quality bar, we benchmarked optimized browser using Speedometer, a widely popular benchmark for web browsers. We were really pleased that the score was more than double when compared to emulated version.” The Arm-optimized version of Opera will be first available on the developer stream of the browser, allowing early adopters to try it out on Arm-based Windows devices.

App Assure helps developers unlock potential

We are confident that Windows on Arm is going to revolutionize personal computing, and we are excited to offer App Assure to Windows on Arm developers to help all organizations see just how easy it is to build for this platform. If you’d like to know more about how to add Arm support to your Windows app, check out the technical documentation. Once you’re ready to begin your porting journey, Microsoft’s Arm Advisory Service can provide detailed insights into platform features, best practices and code examples. For example, App Assure engineers can help you:

Understand the nuances of emulated code translation and how to seamlessly interoperate between native and x64 code.
Configure build systems most efficiently for multi-architecture delivery.
Obtain Arm-based hardware or get started with Azure Virtual Machines and then prepare those environments for development, continuous integration, or test runners.

If this sounds like something you’re interested in, reach out to us by completing this form.

New experiences designed to make every developer more productive on Windows 11

Tue, 26 Sep 2023 17:00:16 +0000

Back at Build ‘23 in May, we announced a host of new experiences with a renewed focus on developer productivity and performance. We are now pleased to share with you that features like Dev Home, Dev Drive, WinGet and improvements to Taskbar, File Explorer and many more will start to become generally available with the latest Windows 11 update. We also have exciting news to share about the developer tools you already know and love: Windows Subsystem for Linux and Windows Terminal. At Build in May ’23, we announced a new home for developers on Windows – Dev Home. With the latest Windows 11 update, Dev Home is now available as part of the OS, making developer features a key component of Windows 11. Today we are excited to announce a new PC setup experience for developers.

A new PC setup experience for developers on Windows 11

For the first time in Windows, you will be able to identify as a developer during your initial PC setup and Windows will customize your install experience catering to your workloads. To do this, select the "Development" intent on the "Let's customize your experience" page during setup. Once you set up your PC with “Development” intent it is easier to get all the benefits of Dev Home.

Dev Home: Your productivity companion

Dev Home is a new experience for developers in Windows 11 that helps you get back in the zone and streamlines your workflows, boosting your productivity. Dev Home assists you in setting up your dev environment by downloading apps, packages, or repositories, and lets you connect to your developer accounts and tools (such as GitHub). It also helps you create a Dev Drive for performant storage - all in one place. Dev Home also provides a customizable dashboard to help you monitor both your system and dev projects. We are releasing Dev Home v0.5 alongside the latest Windows 11 update to provide even more functionality like managing your extensions. We are adding a new extensions page on Dev Home, available now, that helps you discover and manage your Dev Home extensions, giving you the control to enhance and personalize your experience. With this addition, the Dev Home GitHub Extension will no longer be automatically installed. For more information see Dev Home for Windows Developers | Microsoft Learn.

Unattended and reliable dev machine setup: Reducing set up time from days to hours

At Build we introduced WinGet Configuration, a fast and reliable mechanism to help developers get ready to code in just a few clicks. WinGet Configuration is now stable and no longer requires enabling experimental features. To help you get started we have several samples that you can try, and several GitHub repos now include configuration files to help you quickly install the tools to build the source code. For example: vscode/.configurations/configuration.dsc.yaml at main · microsoft/vscode (github.com) PowerToys/.configurations/configuration.dsc.yaml at main · microsoft/PowerToys (github.com) WinGet 1.6 makes its debut with several exciting new capabilities. Support for dependencies is now available. Packages that were previously blocked from submission can now be added to our catalog. WinGet 1.6 introduces the new `winget download` command which allows you to download installers. This feature enables IT professionals to access packages from the community repository and make them available to their enterprise customers. Support for free Apps rated “e” for everyone from the Microsoft Store with licenses is coming in a future release. A new Group Policy enables IT professionals to determine if their users can make use of the Windows Package Manager through either the CLI or PowerShell cmdlets. The latest release of the WinGetCLI contains the updated ADMX files. For more information on using winget, see Use the winget tool to install and manage applications | Microsoft Learn.

Dev Drive: A new storage volume tailor-made for developers: supercharged for performance and security

At Build we introduced Dev Drive – a new type of storage volume, tailor-made for developers, with a file system that delivers both performance and security. Starting today, Dev Drive will be available for all developers on Windows with the latest Windows 11 update. Dev Drive is based on the Resilient File System (ReFS), which, combined with a new performance mode capability in Microsoft Defender for Antivirus, offers up to 30% file system improvement in build times for file I/O scenarios. To reap the benefits of Dev Drive, we recommend moving your package caches and repositories to Dev Drive(s). Learn more. In addition, to quickly view the status of your Dev Drive volumes, the “For Developers settings page” now has a new Dev Drive section. The section also provides deep links to Disk & Volume settings to create a Dev Drive and launch the Windows Security app to control antivirus behavior.

Performance mode for Microsoft Defender

Microsoft Defender Antivirus has released performance mode that provides asynchronous scanning on Dev Drive volumes. Behavior can be controlled via the new improved UI for Dev Drive in the Microsoft Security app under “Virus & threat protection”. If you have multiple Dev Drives, you can now quickly identify which one is in “Performance mode”. Upon clicking on “See volumes”, you can view all your Dev Drives. In this example below, we have two Dev Drives; (D:\) and (F:\) are both formatted in ReFS but Defender Performance Mode has been enabled only on (F:\).

Reducing toil and unlocking the fun and joy of developing on Windows with new improvements

The team has listened closely to what is top of mind for you, including improvements to the Taskbar that we announced at Build back in May. Starting today, all these improvements will become available in the stable version with the latest Windows 11 update.

You can now quickly identify and access any instance of each app housed in the taskbar with just one click. All instances of the app are ungrouped with labels on the taskbar.
You can now hide your Time and Date with a setting on the taskbar.
You can quickly and easily shut down applications with a simple right-click on the app directly from the taskbar without opening the Task Manager. This setting can be enabled within the Developer settings page to then have “End task” appear within the context menu when you right-click on the icon within taskbar.
For Developers settings page has moved from “Privacy & Security” to System. This provides a quick and easily discoverable entry point to developer settings.
You can now get improved performance of archive functionality during compression on Windows. We have added native support for additional archive formats, including tar, 7-zip, rar, gz and many others using the libarchive open-source project.

File Explorer is getting even better

We have introduced new functionality and collection control in WinUI3. ItemsView collection control offers LinedFlowLayout and Island functionality provides an easy way to adopt WinUI3 look and feel in any part of your app without having to change your entire application. File Explorer now runs on WinUI3 and has introduced several new features like Gallery powered by ItemsView and Island functionality, making it easy to access your photo collection. You can also now bring these new WinUI3 capabilities to your apps and offer a rich user experience to your customers. In addition, we have also added multi-threading capabilities to File Explorer to greatly improve the performance of copy, move, recycle, and delete actions. Large operations should see significant improvements in the calculating phase as well as the actual file operation. As noted in our May 2023 blog, these changes show over 40% improvements in bulk delete operations, giving time back to developers.

Tools you know and love are getting even better and smarter

New and exciting – Suggestions UI, Broadcast Input and Web Search features are coming to Windows Terminal 1.19 Preview

With the Windows Terminal 1.19 Preview we are introducing several new features such as the Suggestions UI, Broadcast Input, and Web Search. The Suggestions UI is a new UI element in Windows Terminal that provides text suggestions to the user. These suggestions can come from recently run commands, saved commands, and more. Broadcast Input allows users to broadcast their input from one Terminal pane to another Terminal pane in real time. Broadcast Input was a popular feature request from our community members, and we are thrilled to delight our developers with this exciting feature. Web Search was a community contribution. When the right-click context menu is enabled, users will have a new option to do a web search on highlighted text. Web Search will default to Bing, and we are providing control to developers to change the default to the search engine of their choice.

Introducing experimental features in Windows Terminal Canary

Windows Terminal is distributed in a variety of formats. We are thrilled to announce that we are adding Windows Terminal Canary to the Windows Terminal family. Windows Terminal Canary is a new canary build of Windows Terminal that includes “hot off the presses” experimental features (including our AI chat feature). New builds of Windows Terminal Canary are available nightly. This is the least stable channel of Windows Terminal, so you may be the first to discover bugs that no one else has before. If you are eager for the latest bits, then this is the build for you!

New experimental features in Windows Subsystem for Linux (WSL) - Auto Memory reclaim, new networking mode and more

The latest release of WSL brings access to new experimental features and some important quality and bug fixes! We’ve added new experimental features that you can opt-in to using, so you can get early access to WSL improvements that we are investigating making default in the future. This includes having the WSL VM automatically shrink in memory size when you’re not using it, setting your WSL virtual hard disks to be sparse so they will automatically shrink in disk size and conserve your disk space, as well as Hyper-V firewall which allows your Windows firewall rules to affect your WSL distros, and an entirely new networking mode that improves network compatibility, adds IPv6 support and more! Additionally, there are other bug fixes such as you can now run WSL in session 0, WSL GUI apps have Windows snapping support with the keyboard, and more! To see a full list of WSL changes please see this blog post. We continue to invest in driving developer productivity, convenience and performance with every update, and we are excited to share these features and experiences with you. To learn more and keep up to date with the latest news please visit Windows Dev Center. We also love hearing from you, and we want to continue to work with our developer community to build the experiences and features you want. Share your feedback with us by reaching out on our social channels @WindowsDev on LinkedIn, X (formerly known as Twitter), Facebook and Instagram.

Public Preview : Improve Win32 app security via app isolation

Wed, 14 Jun 2023 14:57:29 +0000

We are thrilled to announce the public preview launch of Win32 app isolation. This blog post provides an overview of the topic. To learn more about the developer experience and engage with the team, please visit our GitHub page. It is worth noting that Win32 app isolation is an addition to the family of existing Windows sandbox options, such as Windows Sandbox and Microsoft Defender Application Guard. While these options are based on virtualization based security, Win32 app isolation is built on the foundation of AppContainers (and more). AppContainers are specifically designed to encapsulate and restrict the execution of processes, helping to ensure they operate with limited privileges, commonly referred to as low integrity levels.

Win32 App isolation

The frequency and impact of zero-day vulnerabilities have witnessed a substantial increase over the years. Attackers frequently focus their attention on popular applications, exploiting either unknown or unpatched vulnerabilities. That's why we strongly advocate for the integration of preventive and containment measures. To this end, we propose using the combined power of Win32 app isolation and cutting-edge technologies like Smart App Control, which together work to effectively block untrusted applications and limit damage if trusted apps are compromised. By implementing this approach, a robust security strategy can be established, significantly mitigating the potential harm caused by zero-day attacks. Win32 app isolation is a new security feature designed to be the default isolation standard on Windows clients. It is built on AppContainers and offers several added security features to help windows platform defend against attacks that leverage vulnerabilities in the application (this could be 3P libraries as well). To isolate their apps, application developers can update their applications using the tools provided by Microsoft. For more information on Win32 app Isolation developer experience, please visit our GitHub page. Figure 1: Combining Preventive and Containment Strategies. Another benefit of isolation is to safeguard end-user privacy choices in the event of a breach. When a Win32 app runs with the same privilege as the user, it is possible to allow itself access to user’s information without the user's consent. Consequently, there is a risk of unauthorized access to the user's privacy data by malicious actors without their knowledge or consent.

Goals of Win32 app isolation

Figure 2: Key objectives of Win32 app isolation Limit damage: Win32 app isolation achieves its goal of limiting impact (in the event apps are compromised) by running apps with low privilege, which requires a multi-step attack to break out of the container. Attackers must target a specific capability or vulnerability, compared to having broad access and since the attack must be directed at a specific vulnerability, mitigation patches can be quickly applied, reducing the shelf life of the attack. Reduce developer effort: To reduce the effort required for developers to update their apps, Microsoft provides developer tools and experiences, with a focus on the MSIX packaging tool and the Application Capability Profiler. Seamless user experience: Finally, while the focus is on security, it is critical that security decisions are not delegated to end-users via cryptic security prompts, and application compatibility is maintained.

Limit damage

The protection offered by Win32 App isolation follows a two-step process. In the first step, the Win32 application is launched as a low integrity process using AppContainer, which is recognized as a security boundary by Microsoft. Consequently, the process is limited to a specific set of Windows APIs by default and is unable to inject code into any process operating at a higher integrity level. In the second step, the least privilege is enforced by granting authorized access to Windows securable objects. This access is determined by capabilities that are added to the application manifest through MSIX packaging. Securable objects in this context refer to Windows resources whose access is safeguarded by capabilities. These capabilities serve as a means to implement a Discretionary Access Control List on Windows.

Reduce developer effort

To help ensure that isolated applications run smoothly, developers must define the access requirements for the application via access capability declarations in the application package manifest. The Application Capability Profiler (ACP) simplifies the entire process by allowing the application to run in "learn-mode" with low privileges. Instead of failing access if the capability is not present, ACP allows access and logs additional capabilities required for access if the application were to run isolated. Figure 3: Overview of Application Capability Profiler Under the hood, ACP uses the Windows Performance Analyzer data layer backend (WPA) and parses Event Trace Logs (ETL) to provide a list of additional capabilities needed. ETLs are detailed and verbose, and ACP parses them to output missing capabilities as a file. Once the capabilities are output, they can simply be included in the application package manifest. Finally, ACP provides a WPA profile file “ACP-StackTrace.wpaProfile” that allows the user to easily configure WPA to inspect the event trace logs captured (in learn-mode) for relevant call stack information. In most cases, call stack analysis using WPA is not required. For more information on ACP, please refer to the Github documentation page, linked here.

Seamless user experience

To create a smooth user experience that aligns with non-isolated/native Win32 applications, two key factors should be taken into consideration, as outlined below. The first factor relates to implementing methods to manage access to files and privacy information within and outside the isolation boundary (AppContainer). The second factor involves integrating Win32 apps with other Windows interfaces in a way that helps enable seamless functionality without causing perplexing user consent prompts. Now, let's explore these factors in greater detail:

Approaches for accessing data and privacy information;
Integrating Win32 Apps for compatibility with other Windows interfaces;

Approaches for accessing data and privacy information.

Access to a user's private data, such as camera, microphone, location, images, files, or folders, is not permitted without the user's permission. However, the app may require access to certain program files, such as .NET libraries or protected registry keys. Asking for permission to access user folders is intuitive, but asking for permission to access program files and registry keys can be confusing for users. This confusion can be exploited by a compromised Win32 app to trick the user into allowing access to a registry key or sensitive file, which can then be used to escape the sandbox. Figure 4: Effectively managing user consents. To help prevent unauthorized access, several instrumentations have been built. Win32 apps need to explicitly include the “isolatedWin32-promptForAccess” capability and declare their intent to support prompting. Apps that do not require access to user's data outside the app can opt out of any kind of user prompting for consent. Note, this capability only allows control over filesystem access, access to privacy related information such as camera, location and microphone shall always prompt. Let us now discuss approaches on how user consents are obtained. User prompts are displayed when user consent is required, and the context of the prompt should be meaningful to the end user, such as accessing the user's documents or camera. The other way to grant consent to files is via user selection such as when the user selects a file via the file dialog or by right clicking the context menu. When the user grants consent to a specific file for the isolated application, the isolated application interfaces with Windows Brokering File System (BFS) and grants access to the files via a mini filter driver. BFS simply opens the file and serves as the interface between the isolated application and BFS. File and registry virtualization helps ensure that apps continue to work while not updating the base file or registry. This also minimizes any user experience friction while maintaining application compatibility. Protected namespaces are created to allow access only to the app and do not require user consent. For example, access to a folder that has a property only known to the Win32 app and required for app compatibility can be granted.

Integrations with Win32 app isolation for compatibility

Figure 5: Maintaining app compatibility with isolation. In order to achieve a high level of similarity and feature parity between isolated and non-isolated Win32 applications, certain allowances have been made. Specifically, Win32 apps operating with low privileges (referred to as low integrity level) are permitted to interact with file systems and various APIs. For example, interactions involving File Type Associations, including the "open with" option, COM servers, and file drag and drop, are facilitated through BFS (File System Broker). Furthermore, capabilities included in the application manifest enable interactions with other Windows components, such as shell notifications and system tray icons. This ensures that these functionalities can be utilized without compromising the security of these applications.

What’s Next!

To summarize, Win32 app isolation enhances security for Windows clients by using AppContainer and additional security controls (as described above) to help reduce the risk of damage from compromised applications and help safeguard user privacy. The approach enforces least privilege through added capabilities and employs various strategies to help prevent unauthorized access, while minimizing developer effort and maintaining application compatibility. To learn more about isolating your existing or new Win32 Apps, visit the GitHub page at: microsoft/win32-app-isolation (github.com). Win32 App Isolation is currently available for public preview. We look forward to your participation!

Dev Drive: Performance, Security and Control for Developers

Thu, 01 Jun 2023 16:02:00 +0000

We are excited to introduce Dev Drive! A new storage volume optimized for developer workloads that delivers performance, security, and control. Dev Drive is built on the Resilient File System (ReFS) and combined with the new performance mode capability of Microsoft Defender Antivirus, provides up to 30% better performance for overall build times compared to current, in-market Windows 11 (22H2).

Performance and Security

We received feedback from developers that slow file io performance was disruptive to their workflow. In response, we analyzed the file system to understand where the bottlenecks were. Benchmarks were created across multiple end-to-end developer scenarios and across multiple languages. We then made optimizations to the file system and introduced a new performance capability for Microsoft Defender Antivirus. Now available in public preview, this new capability provides asynchronous scanning on a Dev Drive and does not change the security posture of your system drive or other drives Asynchronous scanning provides improved security compared to traditional folder and process exclusions which are often used by developers. As a result, Dev Drive improves overall build performance, most notably in heavy file io based scenarios. For more information, see Protecting Dev Drive using performance mode.

Control

Beyond simply providing faster performance, the purpose of Dev Drive is to give control back to you, the developer. While there are specific configurations that Microsoft generally recommends, and have used as defaults, we have also created tools for you to further customize it. For example, administrators on the device can modify the behavior of filter manager to allow which filters are attached. You may wish to use additional filter drivers for app compat reasons, or if you have a different security posture, you can gain more performance by removing filters. Including new, easier UX Previously the “Disk Management” tool was used to set up and maintain disks. Now we have the same functionality with the modern Settings app. You can do everything you need to do to create a Dev Drive, including creating a new volume, creating & attaching a VHD, shrinking or expanding disk sizes, and creating partitions, all in one place. Here is the new Disks & Volumes UI to support creating a Dev Drive and VHD scenarios. Guidance We recommend placing your working directories, repositories, and package caches on a Dev Drive. We are working with partners to fully take advantage of Dev Drive by default, see our partner blogs for Visual Studio and Dev Box along with other features such as Copy on Write. And our own documentation at aka.ms/devdrive for full configuration guidance. Since Dev Drive only enables a minimal set of filter drivers, any applications or features that depend on those filters will not work on a Dev Drive. For that reason we do not support all apps being installed on a Dev Drive. Developers should test their scenarios, and if needed, enable additional filters or keep their tools installed on another drive.

Benchmarks

How we tested Our testing plan while creating Dev Drive was two-fold:

Build out automatic performance tests that would run on a build-by-build cadence
Test and profile our end-to-end scenarios regularly

We added automatic performance tests to our build labs to ensure that we had measurements tracking our performance for each build. We used the full git suite (clone, commit, etc.) in the lab. These tests enabled us to watch the progression of git clone performance, for example, build over build. Not only were we watching to ensure the speed of a single git clone operation was trending down, but we were also watching to see if any regressions were checked in by the development team for Dev Drive, or other feature teams working on similar components of the Windows OS. Validation and investigation testing To further test, validate and profile key developer workloads we’ve built a set of synthetic benchmarks which cover various workloads like Python, Node, .NET, and Java. We’ve worked with the Storage & File Systems and Defender teams to take traces, validate the improvements and find opportunities for further refinement to the file system and Defender. For these tests we created a consistent hardware setup using a Surface Laptop 4 to compare the default Windows 11 22H2 configuration with Defender enabled, against the latest builds with Dev Drive. We used common public repos and basic scenarios, a few of which are:

Build Orchard Core project using .NET
Run django tests
Build Spring Framework project using Gradle
Clone Node repo using Git

Results As you can see, every scenario benefits differently from the optimizations. Scenarios that are more file io heavy benefit the most from Dev Drive.

Welcome to the Journey!

This is just the start of improvements to come. The Windows ecosystem consists of a wide variety of hardware configurations, with each configuration comes varied performance results. We invite you to help us test Dev Drive to ensure the product is impactful for the scenarios that matter most to you. Your feedback is incredibly valuable to us. We are excited for you to try out your developer scenarios on your hardware configuration and leave us feedback through Feedback Hub under the Dev Drive context. For more information visit: aka.ms/devdrive

Microsoft Store App Awards 2023 nominations are now open!

Zahara Kondo — Wed, 15 Mar 2023 17:47:47 +0000

Microsoft Store App Awards is back this year! Nominations are now closed. For more information, keep reading. Attention Windows users, developers, and app enthusiasts! We are excited to announce the upcoming Microsoft Store App Awards 2023, the most anticipated event for the Microsoft Store community! After the incredible success of last year's awards, we are eager to celebrate the achievements of the brightest and most innovative minds in the industry. The 2022 award recipients brought forward an impressive lineup of apps that showcased the limitless possibilities of the Windows platform. From productivity to entertainment, from creativity to social networks, the array of apps demonstrated excellence in their user experience, design, app quality, and most of all, customer value. Check out last year’s award-winning apps from the Microsoft Store App Awards here. This is just the beginning! We know that there are countless more outstanding apps in the Microsoft Store on Windows that deserve recognition, and that is where you come in. We want to hear from you, the users and enthusiasts, about your favorite apps that you believe should be recognized for the Microsoft Store App Awards 2023. So, we invite you to nominate your favorite apps in the Microsoft Store for the upcoming awards. This is your chance to recognize and showcase the apps that have made your Windows experience unforgettable, and to support the developers who have poured their hearts and souls into making them. We also encourage developers to spread the word about the awards and to invite their users to nominate their apps. We know that your passion and creativity are the driving force behind the Microsoft Store on Windows’ success, and we want to recognize and reward that! Together, let's make the Microsoft Store App Awards 2023 an unforgettable and thrilling celebration for Windows Developers. We cannot wait to see what the community has in store for us and to celebrate the best apps in the Microsoft Store. Let's keep pushing the boundaries of what is possible with Windows, and let's keep making amazing apps together! The nomination period is now closed.

Developers, meet Microsoft Store Ads

Zahara Kondo — Thu, 02 Feb 2023 15:40:13 +0000

Reach the right customers at the right time with your games and apps

Content is at the heart of the Windows PC experience. Consumers typically visit the Microsoft Store to learn more about a wide variety of PC apps or games, from productivity apps that accelerate work to creativity apps that empower innovation, games that incentivize connection, and more. Because most consumers live a multi-screen life—moving from smartphones to PCs and back again—the lines between “mobile” and “desktop” have blurred. In turn, the behaviors consumers are accustomed to on mobile are transferable to the way people expect apps on PCs to look, feel, and function. Developers know that apps are central to how we work, play, and connect. And the great news is PC apps are having their moment. From the pandemic accelerating PC use to app-savvy millennial and Gen-Z audiences growing up creating and using apps—a wide audience is looking for app-centric experiences, not only on mobile, but on PCs, too.

Reach a wider app audience with Microsoft Store Ads

Our passion for helping developers more easily bring their apps to customers inspired us to redesign the Microsoft Store on Windows—which now features a new desktop app distribution experience that looks and feels more like mobile. Now, when customers visit the Microsoft Store, they can download apps for either mobile or PC. With Microsoft Store Ads, developers now have new app discoverability opportunities on Windows. Microsoft Store Ads is all desktop traffic, with mission-driven users that have a high intent to download a desktop app. The opportunity is vast; 2022 was a record year, with over 900 million unique users worldwide utilizing the Microsoft Store, and a 122% year-over-year increase in developer submissions of new apps and games. Microsoft Store Ads was designed to help developers grow their business by getting their apps or games in front of the right customers at the right time, and to inspire Microsoft Store customers with great content. A developer of a music-making app, for example, will be able to create an ad campaign to get their app in front of an audience that likes music or likes to create music. Whether you're about to launch a brand-new app or have a 2.0 bug update for an app currently on the Windows Store, developers can now advertise right on the Microsoft Store, to incentivize people to install or update.

All developers are welcome

We are now offering a new set of Open App Store Principles that welcome all developers to bring the best apps and games to Windows 11 devices, from apps using their own commerce to third-party storefronts. And last year, we announced a waitlist program for Win32 apps in Microsoft Store and welcomed hundreds of developers. Today, we are pleased to share that the program is now open to all Win32 developers (.NET, C++, Electron, Flutter, Qt, Rust, and more). If your app or game is not in the Microsoft Store yet, begin by publishing your Windows app. All developers have access to Microsoft Store Ads, where they can create ad campaigns in the Microsoft Store, using Microsoft Advertising, reaching customers on Windows 10 and Windows 11 devices. However, only developers with published content on the Store will be able to run ad campaigns, which ensures ads are contextual for customers.

Get started today

Microsoft Store Ads is built for apps already on Windows—and for your latest release. Now is the time to promote and invest in your desktop app. Having just announced ads on the Microsoft StoreOpens in new window, the costs per click (CPC) are very competitive, which can bring your overall cost per action (CPA) down. We recommend developers reach out to their marketing team to create a strategic app marketing plan leveraging Microsoft Store Ads. Let the team know that with Microsoft Store Ads you promote your desktop app to customers on Windows 10 and Windows 11 devices by creating ads on the Microsoft Advertising platform. Once created, developers will see their app advertised live right on the Microsoft Store. Customers will click the ad, download or update the app to their PC, and let the writing, playing, or gaming come to life. Choose your way to get started:

Ask your marketing team to reach out to their Microsoft Advertising account manager or Microsoft Store representative.
If your marketing team does not have a Microsoft Advertising account manager or Microsoft Store representative, Contact Us.
If your app or game is not in the Microsoft Store yet, begin by publishing your Windows app.

To learn how Microsoft Store Ads can help consumers discover your app and for product updates and channel information, visit the Microsoft Store Ads page.