Managing Winget using Intune and ADMX Import

One of the new announcements from the Microsoft Technical Takeoff was the management of the Winget App Installer via GPO (this video)

With the new ADMX import functionality, why not import these new GPOs and use Intune to manage the App Installer on your machines.

Update – 1st November 2022 – The policy locations are currently restricted on ADMX import so I have added a guide to use OMA-URI instead. I will leave the import here for future reference

Custom OMA-URI

Management via Settings Catalog is in progress, but until then, we can create a Custom policy to manage Winget Settings

First we need to create a Custom profile

Give it a name and continue to add Settings.

For reference, the CSP settings are all here:

https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-desktopappinstaller

These are all device based policies so the path will be:

./Device/Vendor/MSFT/Policy/Config/DesktopAppInstaller/POLICYNAME

Fortunately these are all simple Enabled/Disabled 1/0 policies so the setting will be a String with a value of either

<enabled/>

or

<disabled/>

To check these have worked, run this command on a machine

winget --info

Which should display something like this:

If you want to grab a JSON export of my policy, you can find that here

Old Content

In this post, I’ll run through the steps to do just that.

First up, grab the ADMX files from the Winget Github Repo released page:

https://github.com/microsoft/winget-cli/releases

Now we need to import the ADMX files, navigate to Devices – Configuration Profiles and then click Import ADMX:

Before we import the new policies, these require the Windows.admx files (if you want to know why, have a look at this post from Rudy Ooms)

Click Import and navigate to c:\windows\policydefinitions

And also the Windows.adml from your preferred language

Click Next and Import

When that has completed we need to upload the Winget policies, same process, but selecting the downloaded ADMX and ADML files

Now we wait for the upload to be marked as Available

Now to create the policy:

We want to use Imported Administrative Templates

Give it a name

You will find the settings here:

Set whatever is required for your environment

Add any scope tags and assign as required:

Finally Create your profile

Posted in Intune