Deploy Winget applications to Microsoft Intune with a single click.
Skip the manual packaging workflow and deploy Winget apps to Intune in seconds.
10,000+ Winget apps | One-click deployment | Multi-tenant support | Free and open source
- Curated App Catalog - Browse 10,000+ applications from the Winget repository, ready for Intune deployment
- One-Click Deployment - Deploy apps directly to your Microsoft Intune tenant
- Real-Time Status - Track deployment progress with live updates
- Pre-Configured Detection Rules - Skip the manual configuration
- Community Ratings - See how other admins rate apps before deploying
- App Suggestions - Suggest and vote on new apps for the catalog
- In-App Notifications - Get notified about deployment status, app updates, and community activity
- PSADT v4 Support - Deploy apps with PowerShell App Deployment Toolkit v4 UI elements (dialogs, balloon tips, process handling)
- Multi-Tenant Support - Works with any Microsoft Entra ID tenant
- MSP Mode - Manage multiple client tenants from a single interface
- Tenant Isolation - Each client's data remains completely separate
- Batch Deployments - Deploy a single app across multiple tenants simultaneously with configurable concurrency
- Team Management - Invite members, assign roles (Owner, Admin, Operator, Viewer), manage access with role-based permissions
- Webhook Integrations - Configure event-driven webhooks for Slack, Teams, Discord, or custom endpoints with delivery logging and retry
- Audit Logging - Comprehensive audit trail with IP/user agent tracking and a dedicated log viewer
- Advanced Reporting - Cross-tenant deployment trends, success rate analytics, export to CSV/JSON/PDF
- Multiple Database Options - Supabase Cloud, self-hosted Supabase, or SQLite
- Flexible Packaging - GitHub Actions or local Windows packager
- Air-Gapped Support - Run entirely on-premises with no external dependencies
- Full Source Access - Audit, modify, and extend as needed
The fastest way to get started:
git clone https://github.com/ugurkocde/IntuneGet.git
cd IntuneGet
cp .env.example .env.local
# Edit .env.local with your configuration
docker-compose up -dSee the Self-Hosting Guide for detailed instructions.
flowchart TB
subgraph Frontend
A[Next.js App]
end
subgraph Auth
B[Microsoft Entra ID]
end
subgraph Backend
C[Supabase]
D[(PostgreSQL)]
I[Notifications]
end
subgraph Packaging
E[GitHub Actions]
F[Windows Runner]
G[IntuneWin Tool]
end
subgraph Microsoft
H[Intune API]
end
subgraph External
J[Webhooks - Slack/Teams/Discord]
end
A -->|MSAL Auth| B
A -->|Real-time Updates| C
C --- D
I --- D
I -->|Deliver| J
A -->|Trigger Workflow| E
E --> F
F --> G
G -->|Upload Package| H
A -->|Deploy App| H
| Component | Technology | Purpose |
|---|---|---|
| Frontend | Next.js 14, React, TypeScript | Web application and UI |
| Database | Supabase (PostgreSQL) | App catalog, deployment status, real-time subscriptions |
| Authentication | MSAL | Microsoft Entra ID integration (multi-tenant) |
| Packaging | GitHub Actions | Windows runner for .intunewin file generation |
| Deployment | Intune Graph API | Application deployment to tenants |
| Notifications | In-app, Email, Webhooks | Deployment events, community updates, team activity |
| Community | Ratings, Suggestions, Voting | Community-driven app catalog feedback |
IntuneGet is designed for flexibility. Choose the deployment model that fits your organization.
| Option | Best For | Complexity |
|---|---|---|
| Docker Compose | Production self-hosting | Low |
| Vercel | Quick deployment, serverless | Low |
| Full Self-Hosted | Air-gapped environments, maximum control | Medium |
| Option | Description | Use Case |
|---|---|---|
| Supabase Cloud | Managed PostgreSQL with real-time | Fastest setup, hosted version |
| Self-Hosted Supabase | Full Supabase stack on your infrastructure | Enterprise, compliance requirements |
| SQLite | Single-file database | Development, small deployments |
| Option | Description | Use Case |
|---|---|---|
| GitHub Actions | Cloud-based Windows runner | Default, no infrastructure needed |
| Local Packager | npm package for on-premises | Air-gapped, compliance requirements |
See Database Setup and GitHub Actions Setup for configuration details.
IntuneGet is built with security as a core principle.
- Source Code (this repo) - Fully open source, transparent, and auditable
- Workflow Execution - Runs in a private repository to protect tenant information
- Tenant Isolation - Tenant IDs are masked in logs and never visible in public workflow runs
- No Data Storage - IntuneGet does not store your application binaries or tenant credentials
- HMAC-SHA256 Verification - All callbacks are cryptographically signed
- Token Handling - Access tokens are never persisted and expire after use
- Rate Limiting - API endpoints are protected by rate limiting
- Role-Based Access Control - MSP features use granular permissions with four role levels (Owner, Admin, Operator, Viewer)
- All MSP operations are logged with IP address, user agent, and timestamp
- Dedicated log viewer for reviewing team and deployment activity
For organizations with strict compliance requirements:
- Run the local packager on your own Windows infrastructure
- Use self-hosted Supabase or SQLite
- No external network calls required
See SECURITY.md for our complete security policy.
| Category | Technology |
|---|---|
| Frontend | Next.js 14 with App Router |
| Language | TypeScript |
| UI Components | shadcn/ui |
| Styling | Tailwind CSS |
| Database | Supabase (PostgreSQL) |
| Authentication | MSAL (Microsoft Entra ID) |
| State Management | Zustand + TanStack Query |
| Animations | Framer Motion |
| Deployment | Vercel, Docker |
| Document | Description |
|---|---|
| Self-Hosting Guide | Complete guide for self-hosting IntuneGet |
| Azure AD Setup | Configure Microsoft Entra ID app registration |
| GitHub Actions Setup | Set up the packaging pipeline |
| Database Setup | Supabase configuration options |
| Development Guide | Local development setup |
| Environment Reference | Full env var matrix by deployment mode |
| API Reference | Endpoint overview by feature area |
| SCCM Migration Guide | SCCM import, matching, and migration flow |
| Updates and Policy Guide | Auto-update policies, triggers, and history |
| Inventory/Reports/Uploads Guide | Operational dashboard feature docs |
| Authentication Architecture | MSAL, admin consent, and service principal flow |
| Documentation Audit | Coverage and remaining documentation gaps |
| Capability | Traditional | IntuneGet |
|---|---|---|
| Curated app catalog | -- | Yes |
| One-click deployment | -- | Yes |
| Automated cloud packaging | -- | Yes |
| Pre-configured detection rules | -- | Yes |
| Direct deployment to tenant | -- | Yes |
| Multi-app batch deploy | -- | Yes |
| Multi-tenant batch deployment | -- | Yes |
| Role-based team management | -- | Yes |
| Community ratings and suggestions | -- | Yes |
| Webhook notifications | -- | Yes |
| Self-hosting support | -- | Yes |
Contributions are welcome. Please read CONTRIBUTING.md before submitting a pull request.
This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).
This license applies to all code in this repository, regardless of when it was committed.
- Self-host for internal business use
- Modify for personal or internal use
- Network service modifications must be open-sourced
Simplify your Intune deployments.
