PowerShell Scripts to deploy and bulk import WinGet packages to InTune including metadata.
Automatically detect latest version using dynamic detection script.
Detection script checks local installed version against latest winget available version or a defined fixed target version.
Bulk import WinGet packages to InTune including WinGet package metadata using WinGet-WrapperImportGUI.exe
WinGet have a few limitations in terms of automation and is not integrated with common endpoints management products.
System Context is not possible by using "winget" as the .exe location must be found and this location is not static due to versioning in the directory name.
Windows 10 20H2 or newer
Powershell 5.1
Client language must be en-US, as Winget-Wrapper parses only English output.
Module "IntuneWin32App" and "Microsoft.Graph.Intune" needed for import to InTune
WinGet-WrapperImportGUI is a graphical interface designed to streamline the import of WinGet packages into InTune.
This tool complements WinGet-Wrapper, providing an intuitive way to upload WinGet packages to InTune, along with their metadata.
Open the GUI: Run WinGet-WrapperImportGUI.exe to open the GUI
Search Packages: Enter your search query and click "Search" to find WinGet packages.
Select Packages: Select from search results, then click the center arrow to move them to the import list.
Adjust: Select target version if required, UpdateOnly, Installation context, etc.
Import to InTune: Enter your Tenant ID and click "Import to InTune" to import selected packages.
Additional Actions: Use buttons for exporting CSV, deleting, or importing from CSV.
Powershell.exe -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File WinGet-Wrapper.ps1 -PackageName "PackageName for log file" -StopProcess "kill process using Stop-Process (do not add .exe)" -PreScript "somefile.ps1" -PostScript "somefile.ps1" -ArgumentList "Arguments Passed to WinGet.exe"
Matches locally installed version with newest available version using WinGet or specified version using $TargetVersion
Can be setup to accept newer installed version locally $AcceptNewerVersion
Checks if application is detected locally. If not detected will not attempt update/install
To be used when only wanting to update if application is already installed. (Update Only)
Outputs either "Installed" or "Not Installed"
Imports packages from WinGet to InTune (incuding available WinGet package metadata)
Package content is stored under Packages\Package.ID-Context-UpdateOnly-UserName-yyyy-mm-dd-hhssmm
Create deployment using csv columns: InstallIntent, Notification, GroupID
Open the sample CSV file WinGet-WrapperImportFromCSV.csv and add any WinGet Package IDs to import (Case Sensitive)
WinGet-WrapperImportFromCSV.ps1 -TenantID company.onmicrosoft.com -csvFile WinGet-WrapperImportFromCSV.csv -SkipConfirmation
Process:
Results:
Application Installation
In InTune create an Windows app (Win32) and upload WinGet-Wrapper.InTuneWin as the package file.
Install: Powershell.exe -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File WinGet-Wrapper.ps1 -PackageName "VideoLAN.VLC" -StopProcess "VLC" -ArgumentList "install --exact --id VideoLAN.VLC --silent --accept-package-agreements --accept-source-agreements --scope machine"
Uninstall: Powershell.exe -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File WinGet-Wrapper.ps1 -PackageName "VideoLAN.VLC" -StopProcess "VLC" -ArgumentList "Uninstall --exact --id VideoLAN.VLC --silent --accept-source-agreements --scope machine"
Change the $id variable to match the package id in the detection script and upload it ($id = "VideoLAN.VLC")
If specific version is required change the $TargetVersion (Ex. $TargetVersion = "1.0.0.0")
Application Update Only
For creating application that will only update/install if application is already installed
Perform the same steps as in "Application Installation".
Setup Requirement rule script with return string value of "Installed"
Winget (Windows Package Manager) is generally safe for enterprise use due to the following security features:
While Winget provides various security measures, no software management tool is entirely risk-free. Organizations should continually assess their security posture and policies when using Winget or any other software deployment tool.
This software is provided "AS IS" with no warranties. Use at your own risk.