Publish store command
Deploy an app from the Microsoft Store to Intune
wintuner publish store --id {packageId}
Sample:
wintuner publish store --search {packageId}
App Parameter
Use one of these methods to specify the correct package. Either lookup the ID upfront and use that, or use the search feature and pick the first.
| Parameter | Value | Description |
|---|---|---|
--id {storeId} | Store ID | Deploy the app with this ID |
--search {query} | Search string | Search the store for a package and deploy the first one found. |
winget search "{query}" --source MsStore
Parameters
| Parameter | Value | Description |
|---|---|---|
--tenant {tenantId} | Tenant ID | Use this tenant to connect to Intune. |
--username {username} | Username | Use this username to connect to Intune. |
--token {token} | Token | Use this token to connect to Intune. |
--category {category} | Category | Add this app to a pre-existing category in Intune, see category |
--available {id} | Available to | Assign this app to a group, see assignments |
--required {id} | Required for | Assign this app to a group, see assignments |
--uninstall {id} | Uninstall for | Assign this app to a group, see assignments |
--verbose | Verbose logging | Super verbose logging, might help figuring out problems. |
--json | Json logging | Outputs all logging as Json, separated by platform line ending \r\n on Windows and \n on unix. |
Authentication
To deploy a package to Intune this app has to authenticate with the correct permissions. You have these options:
- Interactive authentication using the built-in native authentication method default.
- Using a token you got from another source
--token {token}. - Using managed identities is on the roadmap.
If you set the --username {username} parameter you're asked to login once, after that the tokens are saved locally and can be used for several days without you having to login again.
wintuner publish store ... --username "{user}@{domain}"
Using just the --username parameter will connect to Intune using your home tenant. You can connect to a different tenant by specifying it --tenant {tenant} (if you have guest access and the correct permissions, off course).
There is absolutely no need to run this app as an administrator, and it might even cause problems. So please run this command in a normal PowerShell window. Running as admin will cause the authentication window to not show up. The interactive authentication prompt will let you pick an account, and there you can pick or enter your admin account.
Category
In Intune you can organize applications in categories, these are created automatically. And the portal doesn't support creating additional once.
With the --category "{categoryName}" parameter you can make sure the application is added to that category. This parameter can be specified multiple times for more categories.
wintuner publish store ... --category "Productivity"
Assignments
You can assign the application immediatly after publishing. This is useful for automation or if you know to which groups an app has to be assign up front.
You can use these parameters:
--available {id}To make an app available to a group--required {id}To make an app required for a group--uninstall {id}To make have a group uninstall an app
The {id} can either be a Guid of a group in Entra ID or allusers to use the special group All Users or alldevices to use the special group All Devices.
Guids are not be recognized correctly, so you have to put double quotes around them.
wintuner publish store ... --available "784d7b63-82db-4779-a1d8-1bce1ca5bd90"
You can use all these paramters in the same command and multiple times.
Technical description
- Lookup details
- Download logo
- Requests token (interactively, or through silent refresh)
- Creates the store app in Intune (with the logo set)
- (optionally) Adds the categories and assignments to the app.
See PublishStoreCommand.cs on GitHub.
This command should work on any platform.