This week is all about installing applications via Microsoft Intune by using Windows Package Manager. A few years ago I wrote a post about something similar by using Chocolatey. That time the idea was to simply leverage the PowerShell script functionality that was just introduced. This time the idea is to leverage the Win32 app functionality together with the Windows Package Manager that is just introduced. Leveraging the Win32 app functionality provides me with a few advantages above simply leveraging the PowerShell script functionality. In my opinion the main advantages are the flexibility of the Win32 app model (think about requirements, detection rules, dependencies and notifications) and the ability to use Win32 apps during the Enrollment Status Page (ESP). Creating the Win32 app would cost a little bit more work, but comes with big rewards. In this post I’ll start with a short introduction about Windows Package Manager, followed by the actions and steps for creating a Win32 app that will use Windows Package Manager to install Microsoft PowerToys (as an example app). I’ll end this post by having a look at the end-user experience.
Introduction to Windows Package Manager
Let’s start with a short introduction to Windows Package Manager. Windows Package Manager is a package manager, like any other package manager. It basically provides an administrator (or actually any user with administrative rights) with a set of software tools that help with automating the process of getting apps on a device. The administrator (or user with administrative rights) can specify which apps should be installed, and the package manager does the work of finding the latest version (or a specifically specified version) and installing it on a device. That provides a streamlined experience for installing, updating and uninstalling apps. However, at this moment Windows Package Manager is in its early stages. That means that it doesn’t provide all the expected functionality yet. At the moment of writing this post, Windows Package Manager only provides installation functionality.
Using Windows Package Manager
Now let’s have a look at how we can use Windows Package Manager, in its current shape, in combination with Microsoft Intune. Similar to any other package manager, Windows Package Manager provides a nice repository with apps that can be deployed to devices in an automated way. My suggestion is to use three steps for installing apps by using Windows Package Manager with Microsoft Intune: 1) create a small PowerShell script that will trigger Windows Package Manager, 2) wrap the PowerShell script with the Win32 content prep tool and 3) create and assign the Win32 app in Microsoft Intune.
Prerequisites for using Windows Package Manager
Before looking at the actual configuration steps, let’s start by scoping this post a little bit. This post is focussed on using Windows Package Manager and is not focussed on installing Windows Package Manager. I do provide some guidelines of working with this. Especially as I’m using the Win32 app functionality, it provides all the room for adding functionalities and depending installations. For now it’s important to know how to install Windows Package Manager (winget) tool.
- Windows Package Manager is included in the flight or preview version of Windows App Installer.
- Windows Package Manager is included when participating in the Windows Insider flight ring.
- Install Windows Desktop App Installer package located in the release folder of the winget repository.
Besides that keep in mind that the Windows App Installer is installed per user, which means that the availability of the Windows Package Manager is also per user. That is important to know when installing apps by using Windows Package Manager, as it would require to run in the user context and it would require the user to have administrative permissions to install apps. Also, as mentioned earlier, at this moment creating an update or uninstall for an app requires creativity.
Creating a PowerShell script
Now let’s use Microsoft PowerToys as an example app for using Windows Package Manager. Also, I’m deliberately using a single app, as that provides me with more flexibility for installing other apps and more insights for reporting. The first step is creating a small PowerShell script that will simply use Windows Package Manager for installing Microsoft PowerToys. The following snippet will silently install Microsoft PowerToys, by looking at an exact match of the provided name, and log the installation details to the provided location.
winget install --exact --silent "Microsoft.PowerToys" --log "C:\Windows\Temp\Install-MicrosoftPowerToys.txt"
Note: It’s also possible to use abbreviations of the specified parameters, but I thought that using the full names would provide a more clear example. In this command -e can be used instead of –exact, -h can be used instead of –silent and -o can be used instead of –log.
Using the Win32 content prep tool
The second step is to use the Win32 content prep tool to convert the just created PowerShell script into the .intunewin format. That enables me to upload the .intunewin file into Microsoft Intune and to create a Win32 app of the installation of Microsoft PowerToys. The following three steps walk through the required steps for converting the PowerShell script into the .intunewin format. As the setup file I can simply refer to the PowerShell script.
- Download the Microsoft Win32 Content Prep Tool
- Create a folder that contains the just created PowerShell script (and potentially an uninstall script)
- Open the Windows Terminal by using Run as administrator and run the Microsoft Win32 Content Prep Tool by using a command similar to the following
.\IntuneWinAppUtil.exe -c C:\Temp\PowerToys -s Install-wingetPowerToys.ps1 -o C:\Temp -q
Note: In this command -c is used to specify the source folder, -s is used to specify the setup file, -o is used to specify the output folder and -q is used to run in quiet mode.
Creating and assigning the Win32 app
The third step is to add the .intunewin file of Microsoft PowerToys to Microsoft Intune as a Win32 app. The main reasons for using a Win32 app, are the power of the Win32 app model and the integration with the ESP. The Win32 app model can be used to detect the availability of Windows Package Manager (and eventually configure it as a dependency), or simply verify for the correct version of Windows 10 that contains Windows Package Manager by default. The following seven steps walk through the steps of creating and assigning the Win32 app in Microsoft Intune that will install Microsoft PowerToys by using Windows Package Manager.
- Open the Microsoft Endpoint Manager admin center portal and navigate to Apps > All apps to open the Apps | All apps page
- On the Apps | All apps page, click Add to open the Select app type page
- On the Select app type page, select Other > Windows app (Win32) and click select to open the Add App wizard
- On the App information page, click Select app package file, select the just created .intunewin file, provide at least the following and click Next
- Name: Provide a valid and unique name for the Microsoft PowerToys app
- Description: Provide a description for the Microsoft PowerToys app
- Publisher: Provide a publisher for the Microsoft PowerToys app
- On the Program page, provide at least the following information and click Next
- Install command: Provide an install command similar to the following that will simply call the PowerShell script within the .intunewin file that will be used to install Microsoft PowerToys by using Windows Package Manager (winget) – PowerShell.exe -ExecutionPolicy Bypass -Command .\Install-wingetPowerToys.ps1
- Uninstall command: Provide an uninstall command similar to the following that will be used to uninstall Microsoft PowerToys. Keep in mind that Windows Package Manager (winget) currently doesn’t support the uninstall of an app, which means that at this moment the uninstall would require some additional custom scripting (not the scope of this post) – PowerShell.exe -ExecutionPolicy Bypass -Command .\Uninstall-wingetPowerToys.ps1
- Install behavior: Select User as the install behavior to make sure that the installation can actually use Windows Package Manager (winget) for installing Microsoft PowerToys. The App Installer app will make sure that winget is available on the device, but as it’s a Store app (or appxbundle) it will be installed for the user and not for the system.
- On the Requirements page, provide at least the following information and click Next
- Operating system architecture: Select the applicable operating system architectures for the Microsoft PowerToys app
- Minimum operating system: Select Windows 10 1803 as the operating system for the Microsoft PowerToys app (the minimum operating system for winget is not relevant in this case as it’s Windows 10 1709)
- Configure additional requirement rules: (Optional) Configure a custom requirement that will detect a specific minimal Windows 10 version that includes Windows Package Manager
- On the Detection rules page, provide at least the following information and click Next
- Rule format: Select Manually configure detection rules
- Click Add to add a detection rule for the Microsoft PowerToys app that can be similar to the following configuration and click OK
- Rule type: Select File
- Path: Type C:\Program Files
- File or folder: Type PowerToys
- Detection method: Select File or folder exists
- Associated with a 32-bit app on 64-bit clients: Select No
Figure 2: Overview of the detection rule
- On the Dependencies page, configure any required dependencies for the Microsoft PowerToys app or Windows Package Manager (winget), which can also be used to make sure that Windows Package Manager is always automatically installed as a dependency and click Next
- On the Scope tags page, configure any required scope tags for the Microsoft PowerToys app and click Next
- On the Assignments page, configure the applicable assignments for the Microsoft PowerToys app (make sure to show the default notifications to the end-user) and click Next
- On the Review + create page, review the configuration of the Microsoft PowerToys app and click Create
End-user experience
Let’s end this post by looking at the end-user experience (and mentioning the best places to look from an administrator perspective).
The best place to look at for the end-user experience is the action center in Windows. Action center contains all the different notifications, including those that are provided by the Microsoft Intune Management Extension. Those notifications are one of the reason why I like to use a Win32 app, as it provides a very plain and simple interaction with the end-user. As soon as the user receives the required assignment of Microsoft PowerToys, the user will be notified. After that the user will receive notifications when downloading and installing Microsoft PowerToys and when the installation is successfully performed. All of those notifications are shown on the right.
From an administrator perspective, the log files would probably be more interesting. To follow the installation of Microsoft PowerToys, which is started via Windows Package Manager, the administrator can look at the location provided in the winget command (in my case: C:\Windows\Temp\Install-MicrosoftPowerToys.txt). To follow the process of the Win32 app, the administrator can look at the standard log file of the Microsoft Intune Management Extension (IntuneManagementExtension.log).
Figure 3: Overview of the user notifications
More information
For more information about the usage and the introduction of the Windows Package Manager and working Win32 apps in Microsoft Intune, refer to the following articles.
- Windows Package Manager Preview – https://devblogs.microsoft.com/commandline/windows-package-manager-preview/
- Use the winget tool to install and manage applications – https://docs.microsoft.com/en-gb/windows/package-manager/winget/
- Intune Standalone – Win32 app management – https://docs.microsoft.com/en-us/mem/intune/apps/apps-win32-app-management
As always, great write up, Peter.
I have two questions- first, how are you making the Windows Desktop App Installer package a dependency… are you installing it as a Win32 app? And if so, how are you deploying it… a powershell script?
Secondly, when I tested, it seemed that I saw the powershell window using the Winget process even when using the “–silent” switch… is there anyway to suppress it?
I realize this is all still new, and appreciate you looking into this.
Hi Steve,
I’ve currently only been testing with Windows Insider builds and using a custom requirement script to check the version. If you want to create a dependency, the depended app also must be a Win32 app. So, I would say that’s your answer.
Regards, Peter
Hi Peter,
I can’t wait until they implement ‘update’ and ‘uninstall’ in the WinGet tool.
Totally agree, Richard!
Dear Peter
I just would like to inform you, that there ist a bug in winget.
If we do de deployment as you have written above, it would end up in an error.
I just found the known issues by winget on GitHub
#797 Silent install of “winget install git.git” is not working
Just for your information 🙂
Thank you for the information Sven.
just confirming, you’re targeting “user groups” correct?
installation behavior = user then users are targeted under the Assignments page.
I managed to add Winget as LOB with all its dependencies as a separate app linked as a dependency app for everything Winget related.
For this example that was indeed the case.
Regards, Peter