Key Takeaways
- Microsoft Intune now uses Windows Package Manager (WinGet) for the new Microsoft Store app experience.
- Admins can deploy, update, uninstall, and manage Store apps directly from Intune.
- The new Store integration supports both Win32 and UWP applications.
- Microsoft Store apps now include a larger application catalog powered by WinGet.
- App packages are maintained directly by software vendors (ISVs), reducing repackaging effort for IT admins.
Microsoft Intune automatically receives newer application versions published in the WinGet repository, helping administrators keep applications updated with minimal manual effort. Admins can search, select, and add applications directly from the new Microsoft Store experience in the Intune admin center, simplifying Windows application lifecycle management for enterprises. The WinGet-based Store app model supports Windows 11 managed devices and provides a more modern and centralized approach to application deployment.
Table of Content
Table of Contents
Video – Deploy New Microsoft Store Apps Type from Intune with Winget
Let’s learn about WinGet Windows Package Manager for deploying New Microsoft Store Apps from Intune. You can easily add apps into Intune, The WPM integration with store apps helps enterprise admins to manage apps, and updates to Windows app management in Intune with Winget.
- Use Winget Windows Package Manager Tool To Install Microsoft Store Apps Using Intune
- Install Uninstall Apps From Windows Package Manager Using WinGet Tool And SCCM
Prerequisites for Using the New Microsoft Store App Type in Intune
Before deploying applications using the new Microsoft Store experience in Intune, administrators should ensure that all required prerequisites are configured properly on devices and network environments. The new Store integration uses Windows Package Manager (WinGet) technology to simplify application deployment, updates, and lifecycle management for enterprise-managed Windows devices.
- Devices must run supported versions of Windows 10 or Windows 11.
- Devices should be enrolled and managed through Microsoft Intune.
- The Intune Management Extension (IME) is required for deploying and managing Win32-based Microsoft Store applications.
- Client devices must have internet connectivity to access Microsoft Store services and application content.
- Organizations using proxy servers or firewalls should allow required Microsoft Store and Windows Package Manager communication URLs.
- Devices need access to Microsoft Store service endpoints for app search, metadata retrieval, downloads, installation, and updates.
- Ensure target devices meet the hardware, OS, and application-specific requirements before deployment.
- Proper access to Microsoft Store content delivery services is necessary for the new Store app experience to work correctly in the Intune admin center.
The new Microsoft App Store URL (https://storeedgefd.dsx.mp.microsoft.com/v9.0/manifestSearch) access is required while searching the app from Intune. Ensure the proxy/firewall communications are open otherwise, you won’t be able to search for any new store apps from Intune portal.
Unsupported Features and Current Limitations for Microsoft Store Apps in Intune
While the new Microsoft Store app experience in Intune provides simplified and modern application management using Windows Package Manager (WinGet), there are still some limitations and unsupported scenarios administrators should be aware of before deployment.
- Enrollment Status Page (ESP) integration for Microsoft Store apps is limited and may not fully support all deployment scenarios during Windows Autopilot provisioning.
- Device provisioning support for certain Microsoft Store Universal Windows Platform (UWP) applications is currently limited.
- Applications that only provide ARM64 installers may not be supported in some deployment scenarios.
- Some applications may require additional dependencies or user context permissions during installation.
- Offline Microsoft Store app deployment scenarios available in the legacy Microsoft Store for Business are no longer supported in the new Store experience.
- Certain advanced packaging customization options available with traditional Win32 apps may not be available with Store-based deployments.
- Network restrictions, proxy configurations, or blocked Microsoft Store endpoints can affect application discovery, installation, and updates.
How do we Deliver Latest Winget.EXE to Windows 11
The next big question is How do we Deliver Latest Winget.EXE to Windows 11? The Winget.exe is part of the Windows operating system files from Windows 11 22H2 onwards. For the previous version of Windows, Intune IME is helping to deliver Winget.EXE to the devices.
Intune IME helps to perform many things with Winget.exe. If you use Winget.exe directly, you won’t have those kinds of functionalities, such as installing the app on System Context. The default AppInstaller is a UWP. This also helps to control the version/update of WPM (winget.exe) using IME magic without touching the default Windows command line tool.
Deploy New Microsoft Store Apps Type from Intune with Winget
Intune administrators still maintain full control over application assignments, uninstall behavior, availability settings, and user experience configurations. Microsoft also recommends using the new Microsoft Store experience instead of the legacy Microsoft Store for Business approach to standardize and modernize application deployment and lifecycle management across enterprise-managed Windows devices.
- Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com.
- Navigate to Apps blade and filter on Windows Apps.
- Click the +Create button to select the new Microsoft store app application type.
Microsoft Store App (New)
Select the Microsoft Store app (new) option from the app type drop-down menu in Intune to deploy modern Store applications using WinGet integration. The new Microsoft Store experience supports both Win32 and UWP apps and provides easier app deployment, updates, and management for Windows 10 and Windows 11 devices.
Microsoft recommends using the new Microsoft Store app type because the legacy Microsoft Store for Business and Store app (legacy) experience has been retired. The new integration provides better app management, improved deployment reliability, and simplified application lifecycle management in Intune.
New Microsoft Store Experience in Intune
The new Microsoft Store experience in Intune supports multiple application types, including Win32 apps, MSIX packages, and UWP applications through Windows Package Manager (WinGet) integration. Microsoft has expanded support for modern application deployment and management, allowing administrators to easily search, add, deploy, and manage applications directly from the Intune admin center.
- Click on Search the Microsoft Store App (New) link to continue to the search page.
In the search bar, type the name of the app that you want to find. You can only search by app name. A list of apps is displayed, providing a large variety of apps designed to work on your Windows devices. Choose the app that you want to deploy and click Select.
- Search with “Citrix Workspace” as a keyword.
- Select Citrix Workspace Win32 app from the list.
- Click on the Select button to continue.
Configure App Information for Microsoft Store Apps in Intune
After selecting the application from the Microsoft Store, Intune automatically displays the app information and metadata for the selected app. Several fields, such as app name, publisher, description, and logo are pre-populated automatically from the Microsoft Store catalog. Administrators can review and modify these fields based on organisational requirements before deployment.
- Name – Citrix Workspace App
- Description – Requires administrator privileges for installing the app and its packaged
prerequisites – Microsoft Edge WebView2 Runtime, NET Framework 4.8, .Net - Publisher – Citrix
- Installer Type – Win32
- Package Identifier – XPFCG3278HX4X9
| Name of the field | Description | Required |
|---|---|---|
| Name | The name of the app is pre-populated from the store’s metadata. Enter the name of the app as it appears in the Company Portal. | Required |
| Description | The description of the app, and same will appear in the Company Portal. | Required |
| Publisher | The publisher of the app | Required |
| Installer Type | The installer type of the application package is distinguished by either the UWP or Win32 installer types. | N/A Pre-filled |
| Package Identifier | The app’s unique ID is in the Microsoft Store. This value is read-only and is displayed before Installer Type in the UI. | N/A Pre-filled |
| Install behavior | The install behavior of the app. If the app to be installed has the option of either System or User install behaviors, If the option is greyed out, the specific store application only supports the selected install behavior. | Admin must select System or User |
| Category | Optionally, select one or more of the built-in app categories, or select a category that you created. Categories make it easier for users to find the app when they browse through the Company Portal. | Optional |
| Show this as a featured app in the Company Portal | Display the app prominently on the main page of the company portal when users browse for apps. | Admin must select Yes or No |
| Information URL | Optionally, enter the URL of a website that contains information about this app. The URL appears in the company portal. | Optional |
| Privacy URL | Optionally, enter the URL of a website that contains privacy information for this app. The URL appears in the company portal. | N/A Pre-filled |
| Developer | Optionally, enter the name of the app developer. | Optional |
| Owner | Optionally, enter a name for the owner of this app. | Optional |
| Notes | Enter any notes that you want to associate with this app. | Optional |
| Logo | Upload an icon that is associated with the app. This icon is displayed with the app when users browse through the company portal. | Optional |
New Microsoft Store App – Logo Upload
Let’s upload the logo for the application package that you create using the new Microsoft Store App from Microsoft Intune. You can also upload the logo for the application similar to any other app type in Intune app creation and deployment model. Upload a logo that’s associated with the app. This logo will appear next to the app throughout Company Portal.
- Click on Select Image hyperlink next to the Logo option and then.
- Click on the Folder icon near to Logo.
- Navigate file explorer to the place where the logo is stored.
- Wait for the Logo to get a successfully uploaded message.
Assign Scope Tags
While creating or editing a Microsoft Store app in Intune, you can assign scope tags to control which administrators can manage that application. This helps organizations securely manage app administration across different teams and environments.
Configure Assignments for Microsoft Store Apps in Intune
In the Assignments section, you can choose how the Microsoft Store app will be deployed to devices. Intune provides different assignment types based on how you want the application to be installed and used. Here in the assignment section, we select the HTMD Test policy group.
Review and Create New Microsoft Store Apps Type from Intune with Winget
Review the values and settings that you entered for the app. Verify that you configured the app information correctly. Select Create to add the app to Intune.
The Citrix Workspace app allows for secure, unified access to all of your SaaS apps, web apps, virtual apps, files, and desktops. If your company uses Citrix, simply log in with your company credentials to access all of the resources you need to be productive from anywhere.
After completing the configuration and assignment settings, save the Microsoft Store app deployment in Intune. Once the app is successfully created, Intune displays a confirmation message indicating that the Microsoft Store app (new) has been saved successfully.
End User Experience in the Company Portal App
After the Microsoft Store app is deployed from Intune, end users can view and install the application directly from the Company Portal app. In this example, the Citrix Workspace App is successfully installed and displayed in the Company Portal with its installation status and application details.
- Open the Start Menu on the Windows device.
- Search for and open the Company Portal app.
- Select Downloads & updates from the left pane.
- Locate the deployed Microsoft Store application.
- View the installation status and app details from the Downloads & updates section.
- FIX Intune Admx File Upload Error Referenced not found NamespaceMissing
- Search Options in Group Policy and Intune Cloud Policy
New Store Group Policies Restrictions
Some Store Group Policies may affect app deployments from the Microsoft Store. Here get an overview of the policy that you should not configure. The following table provides details about how app deployment may be affected by Store Group Policies:
| Store Group Policies | Desired setting |
|---|---|
| Store\Disable all apps from the Microsoft Store | Not configured or Disabled. Set to Disabled if you wish to prevent end users from blocking the scenario. |
| Store\Turn off Automatic Download and Install of updates | Not configured or Disabled. Set to Disabled if you need to prevent end users from blocking the scenario. |
| Desktop App Installer\Enable App Installer Microsoft Store Source | Not configured or Enabled. Set to Enabled if you wish to prevent end users from blocking the scenario. |
| Desktop App Installer\Enable App Installer | Not configured or Enabled. Set to Enabled if wish to prevent end users from blocking the scenario. |
| Store\Turn off the Store application | Not configured or Disabled. Set to Disabled if you need to prevent end users from blocking the scenario. |
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, join the WhatsApp Community and the Whatsapp channel to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.
Hi Jitesh!
Great Post! I was today looking into exactly this topic. But by reading the description of the “Store\Turn off the Store application” Policy I was a bit confused as it states “If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.”
So what about the updates? I can’t imagine that Apps will not be updated this way.
Happy to get a confirmation about that from you 😉
BR
Björn
Thanks for the write up.
Looking at steps and options, I still see the need to use win32 packaging with powershell deployment toolkit and serviceui.exe so that you can force updates to software as System, whilst still warning/prompting the end user that the install with close the application.
winget will not push updates to an app that is in use, give it some testing before you veto it
upgrade –all will identify all the applications with upgrades available?
Hello
I’m just get Error searching apps – An error occurred when searching for apps.
Anyone else getting this issue? I have log out/in, cleared cache etc nothing seems to be working.
Thanks
Hello – I don’t know whether you are accessing this from a corporate or office network behind firewalls and proxy. If so, that could be the reason …. the Microsoft Store is accessing new cloud URLs while Intune New Microsoft Store app search
https://storeedgefd.dsx.mp.microsoft.com/v9.0/manifestSearch
Am I understanding correctly and “Not supported in Enrollment Status Page (ESP)” means you can not make the app an required ? Otherwise it will try to install during the AutoPilot user part.
I think there is an option called – don’t track. Can we try that if we don’t want to track the app status using ESP?
Hello !
thanks a lot for this blog really interesting.
One question though, I did create an application for Company Portal and assigned it to a computer group. It has been some time that the app is created but when looking at the computer under “windows” devices and going to the managed apps, I cannot see the newly added app and thus it is not pushed. It does not seem to work to push it to the computer even if I assign the app to the device group (I also have tried a user group as well). It has been more than one hour and I cannot see anything pushed to the computer. Do you have some leads where I can find the solution or do I just need to wait more ?
great article , all this is exciting but I still can’t figure out everything in regards to the “integration” of Winget with Intune … as an example Winget search Notepad++ is telling me the source is winget so not msstore so I can’t add this app from New Store in Intune. How can I deploy Notepad++ from Intune on using winget as a source ? Thanks !!
If the Notepad++ version of the app is non-UWP, then that is not supported by Intune at this point in time.
The Winget version of the app is UWP -> then this is supported.
Hi,
Company Portal install behavior on the new Microsoft Store Apps is forced to user. Is there any way to get it for System install? Or is there an offline installation option that we could use for device installation?
Hi Anoop,
How to delete old business store apps from intune?
All the old apps have the Delete option greyed out.
Thanks!
Hi Anoop,
Can we block the user from installing any store apps that have not been deployed through Intune?
If an app is in Winget, but not in the Windows Store, is it possible to still import it in to Intune for deployment? I am trying to install/uninstall Malwarebytes which has an ID of Malwarebytes.Malwarebytes – Version number 4.5.19.229, but is not located in the Store itself.
My true issue is, although I can deploy it through Intune to install the Malwarebytes after converting it into and Intune Win App, the uninstaller can not uninstall it or even recognize it is installed. The default installer is an EXE, that I have converted to an MSI, and it uses the default values to detect the uninstaller, but it still fails.
Any suggestions in either case are greatly apprecitated.
Under assignments, can you not add groups to “Uninstall”?
Hi Steven,
I guess that app is part of the community repository. Have you tried wrapping a powershell script with just the winget command to install malwarebites (winget install appname)?
At the same time you could use the same tactic to remove it (winget uninstall appname). I’m not sure it’s an orthodox way to do it, but it might worth a try.
This is honestly half baked. So many of the “msstore” apps are NOT published by the actual developers of the software. They are republished by some third party person that’s not even affiliated. Compared to “winget” sourced packages that are published by the developers. Notepad++, 7-zip, even Dell software (Dell Command | Update). They either don’t exists as “msstore” apps or have a bunch of unofficial sketchy 3rd parties publishing them to the msstore. So what’s going to happen is a bunch of people will push these unofficial packages out through intune because it shows up, they don’t know better, and it’s easy. Only to be left with a package that eventually doesn’t get updated or someone sneaks some spyware/malware into. Makes no sense.