SaaSification Overview
SaaSification is the repeatable method for turning a Windows application into a governed, browser-delivered SaaS experience. It works in three stages: first prove the application runs unconstrained, then tighten the policy until it is properly isolated, and finally project just that one application's window through an App Collection. Working in this order separates compatibility problems from isolation problems, so you never have to guess whether a failure is caused by the app or by the policy.
Why this order
Two variables change as you deliver an application: how much the session trusts it (the policy) and how it is presented (a full desktop versus a single projected window). Changing both at once makes failures ambiguous. The methodology deliberately fixes one variable at a time:
- Stage 1 removes the policy as a variable. A
fulltrustVirtual Desktop gives the app a normal Windows environment, so if something fails you know it is the application, not a restriction. - Stage 2 removes compatibility as a variable. Because the app already runs, every regression you see while tightening the policy is caused by the last setting you changed.
- Stage 3 removes presentation as a variable. Only once trust and isolation are correct do you switch from a full desktop to a single-app projection.
The three stages
Stage 1 — Prove It Runs
Publish the app and deliver it as a fulltrust Virtual Desktop. Confirm it fully launches and works before adding any constraints.
Stage 2 — Tighten the Policy
Clone fulltrust and step down toward lowtrust, testing after each change against an isolation checklist.
Stage 3 — App Collection Delivery
Switch delivery to an App Collection that projects only the single app, and handle apps that need launch rules to run standalone.
For a concrete, follow-along example of the underlying admin steps — creating a user and group, publishing an app, and cloning a policy — see the Guided Walkthrough: Publish Notepad.