Automating App Deployment with Winget and Intune

There are some incredible community tools out there for app deployment via Winget and Intune, but as I’m sure you’ve noticed, I prefer a more hands-off script so decided to make my own.

I also stumbled across these PowerShell tools from a previous Microsoft Hackathon which opened up a world of possibilities!

As always, my script can be found on Github here or on PowerShell Gallery:

Install-Script -Name deploy-winget-win32-multiple

When launching the script you will be presented with a credentials box which will authenticate against both Azure AD and Microsoft Graph (you may get a second password prompt for AzureAD).

At this point it will also download the latest copy of the intunewin utility and install Winget if it’s not already installed (you’ll need this for the app list)

Once authenticated, the script will sit there for a minute while it grabs all of the apps available on Winget and then bring a GridView from PowerShell with a list of everything available:

As it uses the native GridView, you can do advanced filtering and select multiple apps via Ctrl or Shift select.

When you click ok, the magic happens!

The script churns away to create:

  • Directory in C:\Temp to store files
  • AzureAD Install and Uninstall Groups
  • Install and Uninstall PowerShell scripts
  • Custom Detection Script
  • Proactive Remediation (to update the app daily)
  • The intunewin file itself

Once created it will:

  • Upload the Intunewin file to Intune
  • Assign Install and Uninstall groups to it
  • Assign the Proactive Remediation to the install group

It’s all at the command line so fully silent, once you’ve selected your apps, leave it running, sit back and have a drink. All scripts use the exact app ID so no worries of it grabbing the wrong one either.

It’s all fully logged in the Windows Temp directory as well.

Remember to launch as an administrator or the Intunewinapputil will get very upset

Any comments, feedback or suggestions most welcome in the comments.

80 thoughts on “Automating App Deployment with Winget and Intune”

  1. Thanks Andrew. This could be very useful. I’ve tested using different PowerShell versions but haven’t been able to get working. I think with PS5 ISE, it flashes open and closes instantly, but cant confirm. I have left the
    ——————————————
    With PS5 ISE i get message: (it doenst go passed this screen after leaving for 30 mins. I do get both AD prompts.)
    Transcript started, output file is C:\Users\J~1.NEW\AppData\Local\Temp\intune-12102022.log
    Installing Intune modules if required (current user scope)
    AZ Ad Preview Module Already Installed
    Directory already existed

    Directory: C:\temp
    Mode LastWriteTime Length Name
    d—– 12/10/2022 10:22 361-2210122234
    winget already installed
    Checking for AzureAD module…

    Account : [email protected]
    Environment : AzureCloud
    Tenant : 16a4dc93-e50d-
    TenantId : 16a4dc93-e50d-
    TenantDomain : tenant.onmicrosoft.com
    ——————————————
    With PS7 via Win Terminal i get message: (it doenst go passed this screen after leaving for 30 mins. I do get both AD prompts.)

    Directory: C:\temp
    Mode LastWriteTime Length Name
    —- ————- —— —-
    d—– 12/10/2022 10:18 258-2210121844
    winget already installed
    Checking for AzureAD module…

    Account : [email protected]
    Environment : AzureCloud
    Tenant : 16a4dc93-e50d-xxx
    TenantId : 16a4dc93-e50d-xxxx
    TenantDomain : tenant.onmicrosoft.com
    ——————————————
    With PS7 i get message:
    Checking for AzureAD module…
    Authorization Access Token is null, please re-run authentication…

    Reply
  2. Hi Andrew,

    Super cool idea….
    Just tried your script.
    Content is created in C:\temp\random_number but it creates for example a directory called “7-zip space, space, space, space, space…. 7-zip.7zip” with a detection7-Zip, install7-Zip and uninstall7-Zip with many spaces… and then it fails…
    How can we fix this?

    Reply
    • Hi, I have a trim() command on the application name which should remove the whitespace. Any chance you can send me the transcript output so I can have a look?
      Which apps did you test with? I’ll do some testing my end as well

      Reply
  3. Your script Doesn’t seem to support Azure MFA so companies that Force MFA it doesn’t to function as needed

    You can do the following to get your tokens with MFA Clams on them:

    # Get token for MS Graph by prompting for MFA
    $MsResponse = Get-MSALToken -Scopes @(“https://graph.microsoft.com/.default”) -ClientId “1b730954-1685-4b74-9bfd-dac224a7b894” -RedirectUri “urn:ietf:wg:oauth:2.0:oob” -Authority “https://login.microsoftonline.com/common” -Interactive -ExtraQueryParameters @{claims='{“access_token” : {“amr”: { “values”: [“mfa”] }}}’}

    # Get token for AAD Graph
    $AadResponse = Get-MSALToken -Scopes @(“https://graph.windows.net/.default”) -ClientId “1b730954-1685-4b74-9bfd-dac224a7b894” -RedirectUri “urn:ietf:wg:oauth:2.0:oob” -Authority “https://login.microsoftonline.com/common”

    #Connect to Azure AD
    Connect-AzureAD -AadAccessToken $AadResponse.AccessToken -MsAccessToken $MsResponse.AccessToken -AccountId: $AccountID -tenantId: $TenantID

    Reply
  4. It seems it does upload and does some graph functions but it does die out due to it being unable to connect to Azure AD modules I selected a Random Application to upload to test out the script

    Creating AAD Groups for BatteryMon
    New-AzureADMSGroup : You must call the Connect-AzureAD cmdlet before calling any other cmdlets.
    At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:2545 char:12
    + $grp = New-AzureADMSGroup -DisplayName $groupname -Description $g …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [New-AzureADMSGroup], AadNeedAuthenticationException
    + FullyQualifiedErrorId : Microsoft.Open.Azure.AD.CommonLibrary.AadNeedAuthenticationException,Microsoft.Open.MSGr
    aphBeta.PowerShell.NewMSGroup

    New-AzureADMSGroup : You must call the Connect-AzureAD cmdlet before calling any other cmdlets.
    At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:2545 char:12
    + $grp = New-AzureADMSGroup -DisplayName $groupname -Description $g …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [New-AzureADMSGroup], AadNeedAuthenticationException
    + FullyQualifiedErrorId : Microsoft.Open.Azure.AD.CommonLibrary.AadNeedAuthenticationException,Microsoft.Open.MSGr
    aphBeta.PowerShell.NewMSGroup

    another Error here form a graph call
    Creation Proactive Remediation for BatteryMon
    Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
    At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:2670 char:29
    + … ssign = Invoke-RestMethod -Uri $uri -Headers $authToken -Method P …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
    eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

    Then at the end

    Assigning Groups
    Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
    At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:2796 char:5
    + Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Bod …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
    eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

    It did however upload the Application

    Reply
  5. I was able to fix the script by changing the connect-AzureAD -credential $user line to the following

    ##Get Credentials
    # Get token for MS Graph by prompting for MFA
    $MsResponse = Get-MSALToken -Scopes @(“https://graph.microsoft.com/.default”) -ClientId “1b730954-1685-4b74-9bfd-dac224a7b894” -RedirectUri “urn:ietf:wg:oauth:2.0:oob” -Authority “https://login.microsoftonline.com/common” -Interactive -ExtraQueryParameters @{claims='{“access_token” : {“amr”: { “values”: [“mfa”] }}}’}

    # Get token for AAD Graph
    $AadResponse = Get-MSALToken -Scopes @(“https://graph.windows.net/.default”) -ClientId “1b730954-1685-4b74-9bfd-dac224a7b894” -RedirectUri “urn:ietf:wg:oauth:2.0:oob” -Authority “https://login.microsoftonline.com/common”

    $userUpn = New-Object “System.Net.Mail.MailAddress” -ArgumentList $User

    $TenantID = $userUpn.Host
    #Connect to Azure AD
    Connect-AzureAD -AadAccessToken $AadResponse.AccessToken -MsAccessToken $MsResponse.AccessToken -AccountId: $cred.UserName -tenantId: $TenantID

    This allowed it to function with MFA Clams with no issues. You might be able to drop that entire user entry box and pull the data using the above token info that you are prompting for just didnt have time to work it out.

    Reply
  6. I’m having issues with intune failing to detect the apps correctly when they are installed using the app and dection script. Any suggestions?

    Reply
  7. Thank you for the quick reply.

    I will try again using the new version. I am also having issues with the script successfully uploading the application to intune. I am receiving an error when the scipt get to the “uploading files to intune” and “Assigning Groups”. I have tried deploy-winget-win32-multiple-graphonly and deploy-winget-win32-multiple-multiple. and they both error at the same spot. Any suggestions on that? Can share error via email if that would help.

    Thanks for your hard work on this module.

    Reply
  8. Hello, I wasn’t able to locate your email so I will post it here. I am having issues with the detection script as mentioned above and also having the below error. Any help would be appreciated.

    UploadAzureStorageChunk : PUT https://mmcswda01.blob.core.windows.net/c66ccf2c-dc7e-4486-a9fe-7938db6d1679/8aded0a0-fe7 c-45fa-a740-25db6bc75d8d/754af1ea-b3c2-4d7a-b858-c292dd58b205.intunewin.bin?sv=2016-05-31&sr=b&si=-2056882926&sig=mihso R0kk8IwpQsG5wcrlUTVW%2B99OjXdZmbL%2B58%2FP%2F8%3D&comp=block&blockid=MDAwMA== At C:\deploy-winget-win32-multiple.ps1:453 char:13 + UploadAzureStorageChunk $sasUri $id $bytes + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,UploadAzureStorageChunk UploadAzureStorageChunk : The remote server returned an error: (403) Forbidden. At C:\deploy-winget-win32-multiple.ps1:453 char:13 + UploadAzureStorageChunk $sasUri $id $bytes + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,UploadAzureStorageChunk Invoke-UploadWin32Lob : Aborting with exception: System.Net.WebException: The remote server returned an error: (403) Forbidden. at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.GetResponse(WebRequest request) at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord() At C:\deploy-winget-win32-multiple.ps1:2439 char:18 + … appupload = Invoke-UploadWin32Lob -SourceFile “$appfile” -DisplayName … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-UploadWin32Lob 0 Grammarly for Microsoft┬« Office Suite Created and uploaded VERBOSE: Assigning Groups VERBOSE: POST https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/6a3bc1f9-4fc2-4c42-a8be-2fc3d039d0c0/assign with 670-byte payload VERBOSE: received 797-byte response of content type application/json Invoke-MgGraphRequest : POST https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/6a3bc1f9-4fc2-4c42-a8be-2fc3d039d0c0/assign HTTP/1.1 400 Bad Request Transfer-Encoding: chunked Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 request-id: dfb38651-04b3-495d-a869-abdb95147ca6 client-request-id: dfb38651-04b3-495d-a869-abdb95147ca6
    x-ms-ags-diagnostic: {“ServerInfo”:{“DataCenter”:”Canada
    East”,”Slice”:”E”,”Ring”:”2″,”ScaleUnit”:”002″,”RoleInstance”:”QB1PEPF00002F9E”}}
    Date: Tue, 22 Nov 2022 16:46:50 GMT
    Content-Encoding: gzip
    Content-Type: application/json
    {“error”:{“code”:”BadRequest”,”message”:”{\r\n \”_version\”: 3,\r\n \”Message\”: \”Invalid operation: app’s
    PublishingState is not ‘Published’. – Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 –
    Activity ID: dfb38651-04b3-495d-a869-abdb95147ca6 – Url: https://fef.msua01.manage.microsoft.com/AppLifecycle_2211/Stat
    elessAppMetadataFEService/deviceAppManagement/mobileApps(‘6a3bc1f9-4fc2-4c42-a8be-2fc3d039d0c0’)/microsoft.management.s
    ervices.api.assign?api-version=5022-09-01\”,\r\n \”CustomApiErrorPhrase\”: \”\”,\r\n \”RetryAfter\”: null,\r\n
    \”ErrorSourceService\”: \”\”,\r\n \”HttpHeaders\”: \”{}\”\r\n}”,”innerError”:{“date”:”2022-11-22T16:46:51″,”request-id
    “:”dfb38651-04b3-495d-a869-abdb95147ca6″,”client-request-id”:”dfb38651-04b3-495d-a869-abdb95147ca6″}}}
    At C:\deploy-winget-win32-multiple.ps1:2413 char:5
    + Invoke-MgGraphRequest -Uri “https://graph.microsoft.com/beta/devi …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (Method: POST, R…ication/json
    }:HttpRequestMessage) [Invoke-MgGraphRequest], HttpResponseException
    + FullyQualifiedErrorId : InvokeGraphHttpResponseException,Microsoft.Graph.PowerShell.Authentication.Cmdlets.Invok
    eMgGraphRequest

    Reply
  9. Hi Andrew

    Im getting the following error. Any ideas, im not much of a powershell person!

    Mode LastWriteTime Length Name
    —- ————- —— —-
    d—– 28/11/2022 08:40 249-2211284049
    winget already installed
    Connect-MgGraph : User canceled authentication.
    At C:\temp\scripts\DeployWinGetMultiple.ps1:2457 char:1
    + Connect-MgGraph -Scopes DeviceManagementApps.ReadWrite.All, DeviceMan …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Connect-MgGraph], MsalClientException
    + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph
    Connect-MgGraph : User canceled authentication.
    At C:\temp\scripts\DeployWinGetMultiple.ps1:2457 char:1
    + Connect-MgGraph -Scopes DeviceManagementApps.ReadWrite.All, DeviceMan …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Connect-MgGraph], MsalClientException
    + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph

    Reply
    • Hi Simon,
      That error looks like the authentication didn’t work, you should get a popup box with a browser window to authenticate and approve the Graph connection. It might be worth looking for Applocker settings for both this and your Winget issue

      Reply
  10. Hello Andrew,
    it looks that the output in gridview is not formatted the right way. The values for Name and ID are in the same column, the column ID is empty. Therefor the variables are not filled.

    Reply
    • Hi Jonas,

      Not with this script because you can’t wildcard search on msstore apps so I can’t get the grid-view output.

      I have a new post going live tomorrow with some PowerShell functions you can use for msstore apps though

      Reply
  11. Hi Andrew

    I’m facing an error with this script. I think script failed to get winget packages.

    OS: Windows 11 22H2 (22623.1037)
    PowerShell: 7.3.1
    winget: v1.4.3132-preview

    Log

    Microsoft Graph Already Installed
    Directory already existed

    Directory: C:\temp

    Mode LastWriteTime Length Name
    —- ————- —— —-
    d—- 2022-12-22 오전 9:28 65-2212222808
    winget already installed
    Welcome To Microsoft Graph!

    Write-Error: C:\Users\rubik\Documents\PowerShell\Scripts\deploy-winget-win32-multiple.ps1:1345
    Line |
    1345 | … $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles …
    | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | No results were found.

    Write-Error: C:\Users\rubik\Documents\PowerShell\Scripts\deploy-winget-win32-multiple.ps1:1345
    Line |
    1345 | … $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles …
    | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | No results were found.

    ClientId : (DELETED)
    TenantId : (DELETED)
    CertificateThumbprint :
    Scopes : {DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, email, Group.
    ReadWrite.All…}
    AuthType : Delegated
    AuthProviderType : InteractiveAuthenticationProvider
    CertificateName :
    Account : (DELETED)
    AppName : Microsoft Graph PowerShell
    ContextScope : CurrentUser
    Certificate :
    PSHostVersion : 7.3.1

    Reply
    • Hi Sanghyeon, thanks for your message. I’ve just installed that version of Winget on my 22H2 machine and can’t seem to replicate the issue. Any chance you can confirm if you have any language packs installed? I’ve seen that cause problems before

      Thanks

      Reply
  12. I am not able to get the packages to load. When I launch the script, it just sits at Loading Winget Packages and does not do anything else.

    Reply
  13. Hi Andrew,
    I have used the Script and replaced all my Store Apps with this Script now. I have had no issues in over 2 weeks. Everything is the way it should be. I just replaced Group names and added “Test” in the Group names for my Testing initially as I already have App groups created.

    Thank you for the hard work.

    Reply
  14. Yes, Andrew. I am a very big fan of Automation too. I am working towards Automating Intune standard config for any new client in 30 minutes. Done enough testing. Your Script made life easier for Apps. For Config Profiles and Admin Templates etc, I use Micke Karlsson Tool. Configure Demo Tenant. Export it without Assignment. Import it to new Tenant. Do the assignment. Make any Modification (Tenant ID etc if needed), now Add apps using Andrew’s Script. Do Customised Modifications if needed on the Tenant and done.

    Reply
  15. So, I have replaced your old script with the new one Github. Getting this error on any App I try to install. Any Ideas?

    Directory: C:\temp\186-2301314527

    Mode LastWriteTime Length Name
    —- ————- —— —-
    d—– 31/01/2023 14:45 Microsoft.DotNet.Framework.Developâ
    Directory c:\temp\186-2301314527\\Microsoft.DotNet.Framework.Developâ Created
    VERBOSE: Creating AAD Groups for .NET Framework
    New-MgGroup : One or more errors occurred.
    At line:2205 char:5
    + $grp = New-MgGroup -DisplayName $groupname -Description $groupdes …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [New-MgGroup_CreateExpanded1], AggregateException
    + FullyQualifiedErrorId : System.AggregateException,Microsoft.Graph.PowerShell.Cmdlets.NewMgGroup_CreateExpanded1

    Reply
    • Can you try and app with a shorter name? I’ve seen this before with some MS apps where it truncates the name and adds random special characters.
      If it works with shorter apps, I’ll see if I can add some logic in

      Reply
  16. Andrew,
    Firstly, thank you for putting this together, it is absolutely amazing!
    I have tried a few apps into a demo tenant and they are working as expected. I then apply additional descriptions, app icons and rename the groups to meet a convention (which is minimal compared to the time you are saving me)

    I am having an issue in deploying the apps to an Autopilot enrolled AAD only device – basically no apps deploy. I still need to troubleshoot it mire, authenticating as admin to read C:\Windows\Temp\
    Reading your comment that the user or an admin might need to run “winget list –accept-package-agreements” – I have tried deploying a Script to these devices with no luck. has anyone else needed to do this to managed devices that have never used winget before? It really is a prerequisite for all this to work, from what I am seeing

    Reply
    • Hi Shane,

      Glad you’re finding it useful.
      The install command for the apps include –accept-package-agreements and –accept-source-agreements so that shouldn’t be a blocker any more.
      Are these Windows 10 or Windows 11 machines and do they have Winget pre-installed?
      If you let me know which OS version and which app, I’ll try to replicate your setup and see what I can find

      Reply
  17. Hi Andrew,

    Thank you so much for creating this script. its fantastic and seems to work most of the time really well.

    I will say though, i am having problems with it creating groups and assigning it to apps if the app has a space in its name.

    For example, ‘Jabra Direct’. the app will upload create everything correctly apart from the install and uninstall groups. im guessing this is because graph doesnt like spaces?

    anyway to fix this? try replicating this for yourself and you will see.

    here is the error i received…

    “VERBOSE: Creating AAD Groups for Jabra Direct
    New-MgGroup : Invalid value specified for property ‘mailNickname’ of resource ‘Group’.
    At C:\Users\RDavies\Downloads\public-main\public-main\Powershell Scripts\Intune\deploy-winget-win32-multiple.ps1:2205 char:5
    + $grp = New-MgGroup -DisplayName $groupname -Description $groupdes …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: ({ body = Micros…ftGraphGroup1 }:f__AnonymousType1`1) [New-MgGroup_CreateExpanded1], RestException`1
    + FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.NewMgGroup_CreateExpanded1
    New-MgGroup : Invalid value specified for property ‘mailNickname’ of resource ‘Group’.
    At C:\Users\RDavies\Downloads\public-main\public-main\Powershell Scripts\Intune\deploy-winget-win32-multiple.ps1:2205 char:5
    + $grp = New-MgGroup -DisplayName $groupname -Description $groupdes …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: ({ body = Micros…ftGraphGroup1 }:f__AnonymousType1`1) [New-MgGroup_CreateExpanded1], RestException`1
    + FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.NewMgGroup_CreateExpanded1”

    Reply
  18. Hi again Andrew.

    I just want to say i have actually managed to resove this myself by adding a very simple work around in your script.

    Just posting so others can see if they have issues:

    during the function ‘new-aadgroups’ in the script, I add the following after the ‘switch ($grouptype)’

    $appname = $appname -replace ‘ ‘,’_’

    so instead of your code which is:
    switch ($grouptype) {
    “install” {
    $groupname = “LFFUK-Apps-Install-” + $appname
    $nickname = “LFFUK-Apps-Install-” + $appname
    $groupdescription = “Group for installation and updating of $appname application”
    }
    “uninstall” {
    $groupname = “LFFUK-Apps-Uninstall-” + $appname
    $nickname = “LFFUK-Apps-Uninstall-” + $appname
    $groupdescription = “Group for uninstallation of $appname application”
    }
    }

    i add the following in **

    switch ($grouptype) {
    “install” {
    **$appname = $appname -replace ‘ ‘,’_’**
    $groupname = “LFFUK-Apps-Install-” + $appname
    $nickname = “LFFUK-Apps-Install-” + $appname
    $groupdescription = “Group for installation and updating of $appname application”
    }
    “uninstall” {
    **$appname = $appname -replace ‘ ‘,’_’**
    $groupname = “LFFUK-Apps-Uninstall-” + $appname
    $nickname = “LFFUK-Apps-Uninstall-” + $appname
    $groupdescription = “Group for uninstallation of $appname application”
    }
    }

    not sure if its worth adding into your code?

    Reply
    • Hi Ryan,

      Thanks for pointing this out (and glad you’re finding it useful).

      It’s failing on the MailNicknam which should be set to the $appid rather than the $appname (if you’re using v2.0.7)

      When you made the changes to add a prefix, could it be you copy and pasted the name rather than the ID for that one?

      Reply
  19. Ahh yes, you are right, I may have done this. any affects if i leave it like this? or do you recommend I change it back to $appid?

    Reply
  20. Hi Andrew

    first of all thank you for your work. you help us sys admins a lot!
    Some how when i run you script every thing works fine, until it gets stuck in “Loading Winget Packages” from there it is not Processing any dot.

    could you maybe help me out with a hint?

    regards

    Reply
    • Hi,
      Glad you’re finding it useful! First thing is to load up PowerShell/Command prompt and type “Winget List”, it might be you need to accept the license agreement.
      Make sure you don’t have anything which would block the gridview popup window as well

      Reply
  21. Hi,

    i found two syntax errors in the script, so that the install and uninstall ps1 did not work.

    It should read correctly.

    function new-installscript:
    &`$winget install –id `$appid –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null

    function new-uninstallscript
    &`$winget uninstall –id `$appid –silent –force –accept-package-agreements –accept-source-agreements

    The ` missed before the variable $appid.

    As always.
    Variables won’t. Constants aren’t.

    Kind Regards,
    LEM

    Reply
  22. Hi,
    with me the script didn’t work without the backtick before them.
    After I added them, it functions perfectly.

    Different behaviour on two systems? Any ideas?

    Reply
  23. Here you are.

    without backtick – Name: install.ps1
    —-
    $ResolveWingetPath = Resolve-Path “C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe”
    if ($ResolveWingetPath){
    $WingetPath = $ResolveWingetPath[-1].Path
    }

    $Winget = $WingetPath + “\winget.exe”
    &$winget install –id –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
    —-

    backtick – Name: install7zip.7zip.ps1
    —-
    $ResolveWingetPath = Resolve-Path “C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe”
    if ($ResolveWingetPath){
    $WingetPath = $ResolveWingetPath[-1].Path
    }

    $Winget = $WingetPath + “\winget.exe”
    &$winget install –id $appid –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null
    —-

    As you can see, contrary behaviour.

    Reply
    • Neither of those will work, both are missing the AppID, has anything else changed in the script?
      This is what I get:
      $ResolveWingetPath = Resolve-Path “C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe”
      if ($ResolveWingetPath){
      $WingetPath = $ResolveWingetPath[-1].Path
      }

      $Winget = $WingetPath + “\winget.exe”
      &$winget install –id 7zip.7zip –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null

      Are you using the German language pack? I’ve seen that cause issues before

      Reply
  24. That must be the cause.
    Indeed, am I using the german language pack.

    Do you know a workaround for the issue?

    Many thanks in advance.

    Reply
  25. Hi,

    I have tested and quotation marks do the trick.

    &`$winget install –id “$appid” –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null

    and you get in install.ps1

    &$winget install –id “7zip.7zip” –silent –force –accept-package-agreements –accept-source-agreements –scope machine –exact | out-null

    in install7zip.7zip.ps1

    Is that a solution in your opinion?

    Kind regards

    Reply
  26. The interesting fact was, that the install and uninstall schripts were affected und the detection script wasn’t affected.

    Thanks for helping!

    Reply
  27. hi , i am getting this error when it was load the graph and winget, any idea what could be wrong? thanks in advance
    Invoke-WinGetCommand : No results were found.
    At C:\Program Files\WindowsPowerShell\Scripts\deploy-winget-win32-multiple.ps1:1379 char:17
    + … $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (System.String[]:String[]) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-WinGetCommand

    Reply
  28. Actually it was not display the gridview for me select anything and just throw that error. was that someting that my environment that is not allow or blocking the graph to display the gradview ?

    Reply
  29. power shell ISE is there in the machine, everything was loading till to “welcome to MS graph”-there is not gridview, then it went to the command to invoke-winget….
    Welcome To Microsoft Graph!
    Invoke-WinGetCommand : No results were found.
    At C:\Temp\deploy-winget-win32-multiple.ps1:1379 char:17
    + … $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (System.String[]:String[]) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-WinGetCommand

    ClientId : 1xxxxx
    TenantId : exxxxxxxxxx
    CertificateThumbprint :
    Scopes : {DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, Directory.AccessAsUser.All, email…}
    AuthType : Delegated
    AuthProviderType : InteractiveAuthenticationProvider
    CertificateName :
    Account : [email protected]
    AppName : Microsoft Graph PowerShell
    ContextScope : CurrentUser
    Certificate :
    PSHostVersion : 5.1.19041.2673

    👍 Selected apps have been deployed to Intune

    Reply
    • You might need to add the functions and then try running just the gridview bit and see what happens.
      At that point it’s just searching for all winget apps and returning a list

      Reply
  30. Hi, this should be where the loading is started
    so it seem that it cannot do the search all function
    $packs = find-wingetpackage ‘””‘

    Invoke-WinGetCommand : No results were found.
    At line:116 char:17
    + … $List = Invoke-WinGetCommand -WinGetArgs $WinGetArgs -IndexTitles …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (System.String[]:String[]) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-WinGetCommand

    If i do it with single item, it was ok
    find-wingetpackage ‘”git”‘ | out-gridview

    Reply
  31. i found that it was issue when i run it using my admin account , but it was now working fine if i used my normal account . it seem tha winget is not doing well when it was using the admin account

    Reply
  32. Hi Andrew
    The automation really cool. thanks for the great work!
    Btw, do you know why uninstall will be failing? as i can see , all the apps is install with system context , it was installing nicely , but when i try to add the devcie to the uninstall, it was failing
    Example , Notepad++
    i wonder do you face any issue when assigned the uninstall using intune?
    Thank you

    Reply
  33. ok, the uninstall does not take this 🙂
    argument name was not recognized for the current command: ‘–accept-package-agreements’

    Reply

Leave a Comment