Publish command
Deploy a packaged app to Intune
wintuner publish {packageId} --package-folder {root-package-folder}
Sample:
wintuner publish JanDeDobbeleer.OhMyPosh --package-folder C:\Packages
Parameters
| Parameter | Value | Description |
|---|---|---|
{packageId} | Package id | What is the package id? |
--package-folder {folder} | Root folder | Root folder where the desirect folder structure should be created. |
-v {version} / --version {version} | Package version | Which version should be used? Exact version, or latest when empty. |
--tenant {tenantId} | Tenant ID | Use this tenant to connect to Intune. |
--username {username} | Username | Use this username to connect to Intune. |
--token {token} | Token | Use this token to connect to Intune. |
--category {category} | Category | Add this app to a pre-existing category in Intune, see category |
--available {id} | Available to | Assign this app to a group, see assignments |
--required {id} | Required for | Assign this app to a group, see assignments |
--uninstall {id} | Uninstall for | Assign this app to a group, see assignments |
--verbose | Verbose logging | Super verbose logging, might help figuring out problems. |
--json | Json logging | Outputs all logging as Json, separated by platform line ending \r\n on Windows and \n on unix. |
This command expects the following folder structure {package-folder}\{package-id}\{version}, so make sure you use the same package folder as you did for packaging.
Authentication
To deploy a package to Intune this app has to authenticate with the correct permissions. You have these options:
- Interactive authentication using the built-in native authentication method default.
- Using a token you got from another source
--token {token}. - Using managed identities is on the roadmap.
If you set the --username {username} parameter you're asked to login once, after that the tokens are saved locally and can be used for several days without you having to login again.
wintuner publish ... --username "{user}@{domain}"
Using just the --username parameter will connect to Intune using your home tenant. You can connect to a different tenant by specifying it --tenant {tenant} (if you have guest access and the correct permissions, off course).
There is absolutely no need to run this app as an administrator, and it might even cause problems. So please run this command in a normal PowerShell window. Running as admin will cause the authentication window to not show up. The interactive authentication prompt will let you pick an account, and there you can pick or enter your admin account.
Category
In Intune you can organize applications in categories, these are created automatically. And the portal doesn't support creating additional once.
With the --category "{categoryName}" parameter you can make sure the application is added to that category. This parameter can be specified multiple times for more categories.
wintuner publish ... --category "Productivity"
Assignments
You can assign the application immediatly after publishing. This is useful for automation or if you know to which groups an app has to be assign up front.
You can use these parameters:
--available {id}To make an app available to a group--required {id}To make an app required for a group--uninstall {id}To make have a group uninstall an app
The {id} can either be a Guid of a group in Entra ID or allusers to use the special group All Users or alldevices to use the special group All Devices.
Guids are not be recognized correctly, so you have to put double quotes around them.
wintuner publish ... --available "784d7b63-82db-4779-a1d8-1bce1ca5bd90"
You can use all these paramters in the same command and multiple times.
Auto package
Instead of packaging and then publishing, you can also combine these steps into a single command by adding --auto-package. This also means you can set the following parameters.
wintuner publish JanDeDobbeleer.OhMyPosh --package-folder C:\Packages --auto-package
| Parameter | Value | Description |
|---|---|---|
--architecture {arg} | Specify architecture | Arm64 or X64 (default) or X86 |
--installer-context {ctx} | Specify installer context | System or User (default) |
--use-winget | Use Winget | Use Winget instead of the open-source index (windows only) |
Technical description
- Discover latest version of package when no version is specified using the open-source index
- Packages the app (if
--auto-packageis added). - Load data from
app.jsonin version specific folder. - Requests token (interactively, or through silent refresh)
- Creates the app in Intune
- Creates a content version, and a file reference.
- Uploads the file to provided Azure Storage link, with ChunkedFileUpload.
- "Commits" the uploaded file (the HMAC and encryption keys are send to Intune and validated by Micrososft, to prevent tempering).
- Updates the app with the just created content version.
- (optionally) Adds the categories and assignments to the app.
See PublishCommand.cs on GitHub.
This command should work on any platform, except when you use the --use-winget option.