Microsoft Store Testing

The Windows equivalent of Google Play internal testing is Microsoft Store tester distribution through Partner Center. Use two Store mechanisms:
  1. Private audience for the first pre-public tester release. This keeps the Store listing hidden from everyone except a known user group and is the correct first Windows equivalent of Google Play internal testing.
  2. Package flights for ongoing internal builds after the first Store submission exists. Package flights are for post-publish internal package updates.
Microsoft documentation:

Target channel

Create a Partner Center known user group named: 
Sapientic Everything Windows Internal
Add tester Microsoft account email addresses to that group. Testers must be signed into Microsoft Store with the same Microsoft account. For the first submission, set Pricing and availability visibility to Private audience and select that known user group. After that submission is published, create a package flight named: 
Internal
Attach the same known user group to the flight.

Current status

The first private-audience submission for Sapientic Everything went live on 2026-05-24. As of 2026-05-25, a 1.0.32.0 update package has been submitted for certification with the startup crash fix and Store-compatible package versioning.
  • Product ID: 9NRZB5HT5XSX
  • Live submission ID: 1152921505701075594
  • Update submission ID: 1152921505701096903
  • Live package: Everything.Windows_1.0.0.0_x64_bundle.msixupload
  • Submitted update package: Everything.Windows.msixupload / v1.0.32.0
  • Private audience group: Sapientic Everything Windows Internal
  • GitHub variable WINDOWS_STORE_PRIVATE_AUDIENCE_READY: true
The Partner Center UI submission is unblocked, but the package display name must remain Sapientic Everything unless the exact name Everything is successfully reserved for this product. Partner Center rejected a package with Package/Properties/DisplayName set to Everything because that name is not available. CI/API Store publishing still needs Partner Center API access for the configured Microsoft Entra application before msstore can submit future packages automatically. As of 2026-05-25, the Windows developer account that owns product 9NRZB5HT5XSX is the personal Microsoft account avrahamiyaniv@gmail.com. Treat that account as the root administrative owner for Microsoft Store. The configured Store CLI credentials still authenticate but report no managed Store products because the current Sapientic Entra tenant is not associated with that developer account. Attempting to associate that tenant from Partner Center returned Microsoft Unauthorized with correlation ID 117684fd-8ab1-4529-86ba-e4c67cc5c7c4. The next Microsoft-side automation step is to create or associate an owner-controlled Entra tenant from the avrahamiyaniv@gmail.com Partner Center context, then grant the Sapientic Everything Microsoft Store Publisher Entra application access under User management > Microsoft Entra applications.

Account ownership policy

Use avrahamiyaniv@gmail.com wherever Microsoft requires a human owner, root administrator, billing/verification owner, or Store developer account sign-in for this Windows app. This keeps critical account recovery and Partner Center ownership under one known owner identity. Keep customer-facing surfaces on Sapientic identities:
  • Store product name and installed display name: Sapientic Everything
  • Publisher display name: Sapientic
  • Support and privacy contact: support@sapientic.co
  • Public marketing and documentation brand: Everything / Sapientic
Microsoft Store API publishing cannot use a personal Microsoft account directly. It must use a Microsoft Entra application/client secret from an Entra tenant that Partner Center recognizes for the Store developer account. For this project, that tenant should be created or associated from the avrahamiyaniv@gmail.com Partner Center owner context, not from an unrelated customer-facing Sapientic mailbox.

Store listing assets

The first desktop Store screenshot is checked in at: 
apps/windows/Store/Screenshots/everything-windows-desktop-inbox.png
Microsoft Store requires at least one desktop screenshot as a PNG at 1366 x 768 pixels or larger. The current screenshot is 3456 x 1408 and is intended to unblock the first private-audience submission. Add more screenshots before public release if the listing needs a fuller product story.

Repository behavior

Every push to main that touches the Windows app runs .github/workflows/windows-production.yml. The workflow now:
  1. Sets the MSIX package identity from GitHub variables.
  2. Sets a monotonically increasing MSIX version.
  3. Builds an unsigned App Installer package candidate.
  4. Builds the Microsoft Store .msixupload package.
  5. Uploads the unsigned package candidates as GitHub Actions artifacts.
  6. Signs the App Installer package in a separate no-checkout job when WINDOWS_PFX_BASE64 and WINDOWS_PFX_PASSWORD are configured.
  7. Publishes Everything.Windows.msixupload from a separate publish-only job only when WINDOWS_STORE_API_PUBLISH_ENABLED=true. If WINDOWS_STORE_FLIGHT_ID is set, it publishes to that package flight. If no flight exists yet, it publishes only when WINDOWS_STORE_PRIVATE_AUDIENCE_READY=true; otherwise it builds the Store artifact and refuses to submit.
Each Store submission still goes through Microsoft certification before testers receive it. The direct App Installer feed remains the faster internal channel while Store updates are waiting for certification. It publishes from the same Windows production workflow to the private GitHub release and updates installed builds on app launch.

GitHub configuration

Add these repository secrets for Microsoft Store publishing: 
AZURE_AD_TENANT_ID
AZURE_AD_APPLICATION_CLIENT_ID
AZURE_AD_APPLICATION_SECRET
SELLER_ID
Add these repository variables: 
WINDOWS_STORE_PRODUCT_ID
WINDOWS_STORE_PRIVATE_AUDIENCE_READY
Add this optional repository variable after the internal package flight exists: 
WINDOWS_STORE_FLIGHT_ID
Optional variables: 
WINDOWS_STORE_API_PUBLISH_ENABLED
WINDOWS_STORE_ROLLOUT_PERCENTAGE
WINDOWS_PACKAGE_IDENTITY
WINDOWS_PACKAGE_PUBLISHER
WINDOWS_STORE_OWNER_ACCOUNT
WINDOWS_STORE_API_PUBLISH_ENABLED defaults to false. Keep it false until npm run windows:store-status reports Microsoft Store API access and product access as OK; the workflow still builds and uploads the .msixupload artifact while API publishing is disabled. WINDOWS_STORE_ROLLOUT_PERCENTAGE defaults to 100. WINDOWS_STORE_OWNER_ACCOUNT defaults to avrahamiyaniv@gmail.com in the readiness script and documents who owns the Partner Center developer account. WINDOWS_STORE_PRIVATE_AUDIENCE_READY must stay false until the current Partner Center submission is configured as Private audience with the internal tester group selected. It is currently true for the submitted private-audience Windows release. WINDOWS_PACKAGE_IDENTITY and WINDOWS_PACKAGE_PUBLISHER are assigned by Partner Center. For the current reserved product: 
Sapientic.SapienticEverything
CN=AE2A8521-D497-42C4-A51E-12D95B9FDC39
If Partner Center assigns different package identity values after reserving the app name, set those variables before the first Store upload. The workflow writes them into apps/windows/Package.appxmanifest on the runner before packaging. The existing GitHub App Installer feed still uses: 
WINDOWS_PFX_BASE64
WINDOWS_PFX_PASSWORD
Those signing secrets are separate from Microsoft Store publishing. For the internal pre-Store channel, create the signing certificate and set those GitHub secrets with: 
npm run windows:appinstaller-setup
Then check the direct channel with: 
npm run windows:appinstaller-status

Partner Center setup

  1. Sign in to Partner Center with the Store owner account avrahamiyaniv@gmail.com.
  2. Create or associate a Microsoft Entra tenant from that owner context. This tenant is for Microsoft identity, Partner Center administration, and CI automation only; public Sapientic email can remain on Google Workspace.
  3. Create the first admin work account in that tenant as an owner-controlled Microsoft identity. It does not need to be a customer-facing Sapientic email address.
  4. Enroll the owner account in the Windows program from Partner Center > Account settings > Programs > Windows > Get started, or from storedeveloper.microsoft.com.
  5. Choose Company account for Sapientic. The current Microsoft onboarding page shows company registration as free.
  6. Complete Business details with either a 9-digit D-U-N-S number or one accepted business document:
    • Articles of incorporation or company formation documents.
    • Franchise agreement or agency appointment letter.
    • Government-issued business license or registration certificate.
    • Official government registry record with business details.
    • Stock exchange filings or official tax filing records.
  7. Complete Contact details and Account verification. Use Sapientic contact emails for customer-facing support/privacy fields where Partner Center exposes them.
  8. Reserve the Microsoft Store app name Sapientic Everything. The product can still be branded as Everything in-app and on the website.
  9. Copy the Product ID from Partner Center into WINDOWS_STORE_PRODUCT_ID. The current reserved product ID is 9NRZB5HT5XSX.
  10. Copy the Package/Identity/Name and Package/Identity/Publisher values into WINDOWS_PACKAGE_IDENTITY and WINDOWS_PACKAGE_PUBLISHER. The current values are Sapientic.SapienticEverything and CN=AE2A8521-D497-42C4-A51E-12D95B9FDC39.
  11. Create the known user group Sapientic Everything Windows Internal.
  12. Upload the desktop screenshot from apps/windows/Store/Screenshots.
  13. Configure the current submission as Private audience and select Sapientic Everything Windows Internal.
  14. Run npm run windows:store-setup after Azure CLI is logged into the owner-associated Entra tenant. The script creates/reuses the Microsoft Entra app registration, creates a GitHub Actions client secret, configures msstore, and writes the GitHub repository secrets and variables.
  15. In Partner Center, add the Microsoft Entra application Sapientic Everything Microsoft Store Publisher under Account settings > User management > Microsoft Entra applications, and give it permissions to manage Store submissions.
  16. Run npm run windows:store-status and confirm Microsoft Store API access and Microsoft Store product access are both OK.
  17. Set WINDOWS_STORE_PRIVATE_AUDIENCE_READY=true.
  18. After npm run windows:store-status confirms Store API access, set WINDOWS_STORE_API_PUBLISH_ENABLED=true.
  19. Push a Windows change to main or run the Windows production workflow. The workflow publishes the generated .msixupload with msstore publish.
  20. After the first private-audience submission is published, create the Internal package flight and copy its flight ID into WINDOWS_STORE_FLIGHT_ID.
  21. Later pushes publish to the internal package flight automatically.
For a new Microsoft Entra work account, use Microsoft’s small-business sign-up flow from the owner context. It creates the Entra tenant and first admin work account. Do not change MX records; keep Google Workspace as the public mail provider. If Partner Center rejects the upload with identity errors, the app reservation identity does not match Package.appxmanifest; update the two package identity variables and rerun the workflow. If Partner Center Home only shows the My access workspace, the Windows developer program enrollment is not complete for the signed-in account yet. Finish the Store Developer onboarding before trying to reserve or manage Store products. If npm run windows:store-status reports Microsoft Store API access as missing with an unauthorized account error after enrollment is complete, the Microsoft Entra app registration exists in Azure but has not been added to the Partner Center account. Add it from Partner Center user management before relying on CI/API Store submissions.

Local package and Store publish

Build the Store upload package locally: 
npm run windows:store-package
Configure Microsoft Store publishing after Azure CLI is logged into the Partner Center-associated Entra tenant and the Partner Center Product ID/Seller ID are known: 
npm run windows:store-setup -- -SellerId <seller-id> -ProductId <product-id>
If the package flight does not exist yet but the known user group does, create the flight and associate the group by passing the Partner Center group ID: 
npm run windows:store-setup -- -SellerId <seller-id> -ProductId <product-id> -GroupIds <known-user-group-id>
The setup script creates or reuses the Microsoft Entra app registration, creates a two-year client secret for GitHub Actions, writes GitHub repository secrets and variables with gh, and configures the local Microsoft Store Developer CLI. Check the current automation readiness without printing any secrets: 
npm run windows:store-status
Publish the latest local .msixupload to Store when msstore and the required environment variables are available: 
npm run windows:store-publish
If WINDOWS_STORE_FLIGHT_ID is set, windows:store-publish publishes to that flight. Without it, the command publishes only when WINDOWS_STORE_PRIVATE_AUDIENCE_READY=true; otherwise it refuses to submit. For a draft-only Store submission, run the script directly: 
powershell -ExecutionPolicy Bypass -File scripts/windows/Publish-StorePackage.ps1 -NoCommit