Deploy New Microsoft Store Apps Type from Intune with Winget

Let’s learn about WinGet Windows Package Manager for deploying New Microsoft Store Apps from Intune. You can easily add apps into Intune, The WPM integration with store apps helps enterprise admins to manage apps, and updates to Windows app management in Intune with Winget.

Microsoft released Windows Package Manager integration with Intune. You can now use the Winget tool to discoverinstallupgraderemove, and configure applications on Windows 11 or Windows 10 PCs. Winget tool is the client interface tool for the Windows Package Manager service from Microsoft.

The new Microsoft Store app type is implemented using the Windows Package Manager (Winget.exe). This app type features an expanded catalog of apps, which includes both UWP apps and Win32 apps. Roll out of this feature is expected to complete soon.

WinGet Client Connects to one or more centralized application sources, providing a command line interface for installing applications and searching applications from central sources.

Patch My PC

Apps and their packages are maintained centrally by the independent software vendor (ISV) publisher of the app package. And as an Intune admin, you have complete control over curating the experiences and what your users can install.

Video – Deploy New Microsoft Store Apps Type from Intune with Winget

Let’s learn about WinGet Windows Package Manager for deploying New Microsoft Store Apps from Intune. You can easily add apps into Intune, The WPM integration with store apps helps enterprise admins to manage apps, and updates to Windows app management in Intune with Winget.

Deploy New Microsoft Store Apps Type from Intune with Winget

Prerequisites for Using New Microsoft Store Apps Type in Intune

To use Microsoft Store apps, be sure the following criteria are met. Also, you might need to open additional communication via proxy or firewall, as mentioned in the comments section below.

  • Client devices must support at least two core processors to install and run Microsoft Store apps successfully.
  • Devices need to be able to support the Intune Management Extension (IME) to install Microsoft Store apps.
  • Client devices need access to the Microsoft Store and the destination content to install Microsoft Store apps.

The new Microsoft App Store URL (https://storeedgefd.dsx.mp.microsoft.com/v9.0/manifestSearch) access is required while searching the app from Intune. Ensure the proxy/firewall communications are open otherwise, you won’t be able to search for any new store apps from Intune portal.

Adaptiva
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 1.0
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 1.0

Unsupported functionality for Microsoft Store Apps

The following lists the capabilities that are currently not supported by Microsoft Store apps:

  • Enrollment Status Page (ESP) interactions are not supported; you will no longer be able to use the mechanism during the Windows Autopilot enrollment.
  • Device provisioning of Microsoft Store Universal Windows Platform (UWP) applications is not supported.
  • Any app that has an ARM64 installer is not supported.

How do we Deliver Latest Winget.EXE to Windows 11 and Windows 10

The next big question is How do we Deliver Latest Winget.EXE to Windows 11 and Windows 10? The Winget.exe is part of the Windows operating system files from Windows 11 22H2 onwards. For the previous version of Windows, Intune IME is helping to deliver Winget.EXE to the devices.

Intune IME helps to perform many things with Winget.exe. If you use Winget.exe directly, you won’t have those kinds of functionalities, such as installing the app on System Context. The default AppInstaller is a UWP. This also helps to control the version/update of WPM (winget.exe) using IME magic without touching the default Windows command line tool.

Deploy Microsoft Store Apps from Intune

Let’s check the experience in the Intune admin center. Starting from the All apps blade, Microsoft added a new type for the Microsoft Store, and this is different compared to the previous options for the store because it enables you to find apps using built-in search.

  • Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com.
  • Navigate to Apps blade and filter on Windows Apps.
  • Click the +Add button to select the new Microsoft store app application type.
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 2.0
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 2.0

From the drop-down menu – You can select Microsoft Store App (NEW) Intune application type. The Microsoft Store App (Legacy) is going to get retired soon.

Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 3.0
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 3.0

Click on the Select button to start searching for new Microsoft Store apps based on Windows Package Manager (Winget.exe).

Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 4.0
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 4.0

NOTE! – You can use the store for Win32 apps, MSIX, and UWP apps from the new Microsoft store. Win32 apps in the Microsoft Store app (new) are currently in preview.

  • Click on Search the Microsoft Store App (New) link to continue to the search page.
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 5.0
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 5.0

The app creation experience has three steps, Here you can search and add the apps you want to assign to your workforce at your organization.

It’s time for a new Microsoft App Store search. I have started searching with the keyword “Windows 365,” and only one application is listed. Select the application – Windows 365 – UWP app.

Select Search the Microsoft Store app to display the search panel, which features a search bar and includes the Name, name of the app. Publisher, The publisher of the app and Type, The app package type: Win32 or Universal Windows Platform (UWP).

In the search bar, type the name of the app that you want to find. You can only search by app name. A list of apps is displayed, providing a large variety of apps designed to work on your Windows devices. Choose the app that you want to deploy and click Select.

  • Search with “Citrix Workspace” as a keyword.
  • Select Citrix Workspace UWP app from the list.
  • Click on the Select button to continue.
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 6.0
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 6.0

The app information is presented with the selected app’s metadata. Specific fields are pre-populated, you have the choice to edit the field. Once you are done with setting up, Select Next after you have finished populating the fields.

The next screen automatically populates with all the metadata for Windows 365 app, as you can see in the below table and screenshot.

NameDescriptionPublisherPackage IdentifierInstall TypeInstall Behavior
Citrix Workspace The Citrix Workspace app allows for secure, unified access to all of your SaaS apps, web apps, virtual apps, files, and desktops.Citrix9WZDNCRFJ2KJUWPUser
Deploy New Microsoft Store Apps Type from Intune with Winget – Table 1

You will see the name, description, publisher, package ID, and privacy URL are automatically pre-populated. So you don’t need to manually add these details.

Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 7.0
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 7.0
Name of the fieldDescriptionRequired
NameThe name of the app is pre-populated from the store’s metadata. Enter the name of the app as it appears in the Company Portal.Required
DescriptionThe description of the app, and same will appear in the Company Portal.Required
PublisherThe publisher of the appRequired
Installer TypeThe installer type of the application package is distinguished by either the UWP or Win32 installer types. N/A Pre-filled
Package IdentifierThe app’s unique ID is in the Microsoft Store. This value is read-only and is displayed before Installer Type in the UI.N/A Pre-filled
Install behaviorThe install behavior of the app. If the app to be installed has the option of either System or User install behaviors, If the option is greyed out, the specific store application only supports the selected install behavior.Admin must select System or User
CategoryOptionally, select one or more of the built-in app categories, or select a category that you created. Categories make it easier for users to find the app when they browse through the Company Portal.Optional
Show this as a featured app in the Company PortalDisplay the app prominently on the main page of the company portal when users browse for apps.Admin must select Yes or No
Information URLOptionally, enter the URL of a website that contains information about this app. The URL appears in the company portal.Optional
Privacy URLOptionally, enter the URL of a website that contains privacy information for this app. The URL appears in the company portal.N/A Pre-filled
DeveloperOptionally, enter the name of the app developer.Optional
OwnerOptionally, enter a name for the owner of this app. Optional
NotesEnter any notes that you want to associate with this app.Optional
LogoUpload an icon that is associated with the app. This icon is displayed with the app when users browse through the company portal.Optional
Table 1 – Deploy New Microsoft Store Apps Type from Intune with Winget

New Microsoft Store App – Logo Upload

Let’s upload the logo for the application package that you create using the new Microsoft Store App from Microsoft Intune.

You can also upload the logo for the application similar to any other app type in Intune app creation and deployment model. Upload a logo that’s associated with the app. This logo will appear next to the app throughout Company Portal.​

  • Click on the Folder icon near to Logo.
  • Navigate file explorer to the place where the logo is stored.
  • Wait for the Logo to get a successfully uploaded message.
  • Click on the OK and Next buttons.
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 11
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 11

Deploy New Microsoft Store App Type Assignment

Here you can choose how you want to assign Microsoft Store apps to users and devices. App availability can be set based on the assignment type. Assignment type can be Required, Available for enrolled devices, or Uninstall.

Here I will make this app available to enroll devices for all users and confirm creation. Select Next once you finish setting the assignments for the apps. The following are two options for deployment:

  • Required
  • Available for Enrolled Devices
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 8.0
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 8.0

Review and Create New Microsoft Store Apps Type from Intune with Winget

Review the values and settings that you entered for the app. Verify that you configured the app information correctly. Select Create to add the app to Intune.

The Citrix Workspace app allows for secure, unified access to all of your SaaS apps, web apps, virtual apps, files, and desktops. If your company uses Citrix, simply log in with your company credentials to access all of the resources you need to be productive from anywhere.

Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 9.0
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 9.0

Please wait some time to complete the Saving process, and you can check the progress by clicking on the Notification icon. Once the intune package is finished, you will get the status “Application saved successfully.”

Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 10
Deploy New Microsoft Store Apps Type from Intune with Winget Fig. 10

End User Experience – Deploy New Microsoft Store Apps Type from Intune

When this app is later installed on a device, Intune instructs that device to install directly from its defined Microsoft Store location. So it’s not moving into your Intune storage allocation. And for Windows apps, this is probably the easiest way to get those packages into the Intune portal.

In the Company Portal, You will see here that many of my apps are available from your Intune portal. Notice that in addition to the line-of-business apps, there are also third-party apps here and Citrix Workspace.

To make this experience possible as an Intune admin, you didn’t need to download these apps or repackage and up re-upload them into Intune environment to provide this experience to you as an end user.

Deploy Microsoft Store Apps from Intune with Winget Fig.6 Credit Microsoft
Deploy New Microsoft Store Apps Type from Intune with Winget Fig.6 Credit Microsoft

Global sourcing means users can get the latest versions of the app too. And it’s important. It also means that they’re going to have the latest security and quality fixes applied to them.

New Store Group Policies Restrictions

Some Store Group Policies may affect app deployments from the Microsoft Store. Here get an overview of the policy that you should not configure.

The following table provides details about how app deployment may be affected by Store Group Policies:

Store Group PoliciesDesired setting
Store\Disable all apps from the Microsoft StoreNot configured or Disabled. Set to Disabled if you wish to prevent end users from blocking the scenario.
Store\Turn off Automatic Download and Install of updatesNot configured or Disabled. Set to Disabled if you need to prevent end users from blocking the scenario.
Desktop App Installer\Enable App Installer Microsoft Store SourceNot configured or Enabled. Set to Enabled if you wish to prevent end users from blocking the scenario.
Desktop App Installer\Enable App InstallerNot configured or Enabled. Set to Enabled if wish to prevent end users from blocking the scenario.
Store\Turn off the Store applicationNot configured or Disabled. Set to Disabled if you need to prevent end users from blocking the scenario.
Table 2 – Store Group Policies Restrictions – Deploy New Microsoft Store Apps Type from Intune with Winget

Author

About Author – JiteshMicrosoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

18 thoughts on “Deploy New Microsoft Store Apps Type from Intune with Winget”

  1. Hi Jitesh!
    Great Post! I was today looking into exactly this topic. But by reading the description of the “Store\Turn off the Store application” Policy I was a bit confused as it states “If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.”

    So what about the updates? I can’t imagine that Apps will not be updated this way.

    Happy to get a confirmation about that from you 😉

    BR
    Björn

    Reply
  2. Thanks for the write up.

    Looking at steps and options, I still see the need to use win32 packaging with powershell deployment toolkit and serviceui.exe so that you can force updates to software as System, whilst still warning/prompting the end user that the install with close the application.

    Reply
  3. Hello

    I’m just get Error searching apps – An error occurred when searching for apps.

    Anyone else getting this issue? I have log out/in, cleared cache etc nothing seems to be working.

    Thanks

    Reply
  4. Am I understanding correctly and “Not supported in Enrollment Status Page (ESP)” means you can not make the app an required ? Otherwise it will try to install during the AutoPilot user part.

    Reply
  5. Hello !
    thanks a lot for this blog really interesting.
    One question though, I did create an application for Company Portal and assigned it to a computer group. It has been some time that the app is created but when looking at the computer under “windows” devices and going to the managed apps, I cannot see the newly added app and thus it is not pushed. It does not seem to work to push it to the computer even if I assign the app to the device group (I also have tried a user group as well). It has been more than one hour and I cannot see anything pushed to the computer. Do you have some leads where I can find the solution or do I just need to wait more ?

    Reply
  6. great article , all this is exciting but I still can’t figure out everything in regards to the “integration” of Winget with Intune … as an example Winget search Notepad++ is telling me the source is winget so not msstore so I can’t add this app from New Store in Intune. How can I deploy Notepad++ from Intune on using winget as a source ? Thanks !!

    Reply
  7. Hi,

    Company Portal install behavior on the new Microsoft Store Apps is forced to user. Is there any way to get it for System install? Or is there an offline installation option that we could use for device installation?

    Reply
  8. If an app is in Winget, but not in the Windows Store, is it possible to still import it in to Intune for deployment? I am trying to install/uninstall Malwarebytes which has an ID of Malwarebytes.Malwarebytes – Version number 4.5.19.229, but is not located in the Store itself.

    My true issue is, although I can deploy it through Intune to install the Malwarebytes after converting it into and Intune Win App, the uninstaller can not uninstall it or even recognize it is installed. The default installer is an EXE, that I have converted to an MSI, and it uses the default values to detect the uninstaller, but it still fails.

    Any suggestions in either case are greatly apprecitated.

    Reply
  9. Hi Steven,
    I guess that app is part of the community repository. Have you tried wrapping a powershell script with just the winget command to install malwarebites (winget install appname)?
    At the same time you could use the same tactic to remove it (winget uninstall appname). I’m not sure it’s an orthodox way to do it, but it might worth a try.

    Reply
  10. This is honestly half baked. So many of the “msstore” apps are NOT published by the actual developers of the software. They are republished by some third party person that’s not even affiliated. Compared to “winget” sourced packages that are published by the developers. Notepad++, 7-zip, even Dell software (Dell Command | Update). They either don’t exists as “msstore” apps or have a bunch of unofficial sketchy 3rd parties publishing them to the msstore. So what’s going to happen is a bunch of people will push these unofficial packages out through intune because it shows up, they don’t know better, and it’s easy. Only to be left with a package that eventually doesn’t get updated or someone sneaks some spyware/malware into. Makes no sense.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.