Intune App Factory
Intune App Factory is a set of PowerShell scripts run in an Azure DevOps Pipeline that automatically detects, downloads, packages, and publishes onboarded applications as Win32 apps to Microsoft Intune, ensuring up-to-date deployments. It supports onboarding via manifests, integrates the PowerShell App Deployment Toolkit, and automates version checks from Winget, Evergreen, or Storage Account sources to streamline packaging and publishing.
Security Analysis
22 files scanned on Jun 11, 2026
Low to moderate risk patterns detected. No remote code downloads, credential theft, data exfiltration, or obfuscated payloads observed. Primary concern is deliberate PowerShell execution policy bypasses used to facilitate deployment; this should be reviewed and mitigated (e.g., signing scripts, restricting bypass, and ensuring trusted sources). Uninstall logic and local toolkit dot-sourcing are typical admin patterns for Intune/MDM-managed deployments.
You might also like
IntuneComplianceMaintainer
IntuneComplianceMaintainer is a PowerShell automation script that keeps Microsoft Intune compliance and app-protection policies up to date with the latest supported OS minimums across iOS, iPadOS, macOS, Android, and Windows. It uses endoflife.date and the Graph Windows Update Catalog to drive cadence-based updates, with flexible authentication (Managed Identity, App Registration with certificate or secret, plus Key Vault integration) and safety features like dry-run and downgrade protection. It provides comprehensive logging and built-in retry logic for resilience.
Wintuner
WinTuner is a tool that lets you take any WinGet app and upload it to Intune in minutes. It automates downloading the installer and logo, generates the intunewin package, creates the required deployment script details, and publishes the app to Intune. It also ships a PowerShell module for automation and includes documentation to guide you through the process.
Autopilot Management
Autopilot Management is a Windows-based Intune utility that simplifies Autopilot device administration. It supports searching by serial number or device name, bulk updates to Group Tags, bulk or single deletions, and uploading hardware hashes. It can load and verify devices from CSV, backup data, and query with an optional cache for large environments. Authentication uses Azure Graph tools (MFA supported) for secure admin access.
AutopilotGroupTagger
AutopilotGroupTagger is a PowerShell-based utility for bulk updating and managing Windows Autopilot Device Group Tags, with optional unblocking of devices. It supports updating tags by group, manufacturer, model, purchase order, and interactive selection, plus exporting data and creating dynamic Entra ID groups. The tool runs with Microsoft Graph authentication and supports PowerShell 7 on Windows/macOS, including a whatIf simulation mode and Community Tool status.
