I had this post on my to-do list for a while. How to use winget with Intune to deploy your packages and create a default deployment method for these packages. If you deploy packages via this method you won’t have to update Intune again with new versions of packages.

Peter van der Woude inspires this post with his default chocolatey deployment blog. You can find it here. I built my deployment method around this idea.

Prerequisites

You need an Intune environment with proper licensing.

You need the Win32App packaging tool.

After that, you are ready to start this blog!

The deployment method for Winget with Intune

I already created all the scripts for using Winget, installing prerequisites on devices that need them, and installing an application afterward. For the example deployment, I am using Adobe Reader 64-bit.

I created 3 scripts and published them on my GitHub:

Use Winget with Intune - Github scripts

Download these scripts and put these in a temp folder for later packaging. I’ll go through these scripts 1 by 1.

Firstly, the install.ps1. This script has a value for the package id in Winget(1), detects which version of the App Installer is Installed (2), creates a log folder (3), and checks if the App Installer version lower than “2022.506.16.0”.

After that, if Windows 10 is detected Winget + dependencies will be installed and the package (Adobe.Acrobat.Reader.64-bit) is installed. Check the full install.ps1 at your own pace, it was too large to post the entire script here.

Next the Detection.ps1. You fill in the same value for the Package name as in the install.ps1 (1), and after that the package is detected (2):

Lastly, the uninstall.ps1 script. Again, you fill the Package name variable with the package id (1), a new log file for uninstallation is created (2), and the package is uninstalled if detected (3).

Furthermore, If you want to deploy another package with Winget. Change the $PackageName in the Winget package id.

You can search for this using winget. For example 7zip:

Create Intune Package

I assume that you downloaded the IntuneWin32App tool. If you didn’t, use this link.

Double-click the IntuneWinAppUtil.exe and fill in your variables:

As a result, you see this output:

Next, log on to Intune.

(if you want more details about the process below, please check out this post.)

1. Go to Apps and create a new Win32App
2. Select the app package file. This is the Install.intunewin file from the picture above.
3. Name the application and fill in a description.
4. The install command is: powershell.exe -ExecutionPolicy Bypass -File .\Install.ps1
5. The uninstall command is: powershell.exe -ExecutionPolicy Bypass -File .\UnInstall.ps1
6. The requirements are Windows 10 20H2 and 64-bit. (you can change this if you like).
7. The detection rule is the detection.ps1 script.
8. No dependencies and supersedence needed.
9. Assign the application to a group and click on review and create!

As a result, the package is created in Intune:

Intune Package Deployment

Lastly, I want to talk about the results.

On the targetted PC you see this log:

If you open the log, you can see the results of the installation:

Furthermore, If you send the uninstallation command, there will also be a _uninstall log file:

References

Rudy Ooms Winget Installation

9 thoughts on “Use Winget with Intune”
  1. Hi Niels,
    This is a great addition to using winget. However I have problem with the detection script and as a result the app is not installed. Gave it a try with “Microsoft.PowerToys” and the app is detected by the script even if it’s not installed and hence it will not install. Have you encountered this?

    1. Hi Erik,

      Thanks for your comment. Did you try to run the script as system manually on the machine? What is the result? You can use the sysinternals toolkit to run cmd or powershell as system.

      Regards,
      Niels

      1. Hi Niels,
        No, only with Intune to machine (runs as system), psexec is blocked so I’ll give it a try on a test PC.
        When you deploy with Intune, do do deploy to machine? I think earlier versions of winget required deployment to user and the user needed to be admin, has this changed?

  2. Hello.
    First, congratulations on the excellent script.
    As I understand it, your script will only install Adobe Reader (in the given example) if it is not installed.
    If it’s installed, your script won’t upgrade, right?

  3. Sort of a winget related question… thanks for the scripts btw…

    We have the Microsoft Store locked down for all our users, but it seems with Winget they can install whatever they like by just opening a command prompt and using winget without Administrative credentials. Is there any way we can lock down winget the same way we did with the Microsoft Store while still being able to push applications to our users with scripts like these?

    1. Hi Marcel,

      You could take a look at Windows Defender Application Control (WDAC) or Applocker. WDAC is easier to deploy than Applocker. I would recommend you to take a look at it first.

      Thanks,
      Niels

Leave a Reply

Your email address will not be published. Required fields are marked *