Intune App Factory
Intune App Factory is a set of PowerShell scripts run in an Azure DevOps Pipeline that automatically detects, downloads, packages, and publishes onboarded applications as Win32 apps to Microsoft Intune, ensuring up-to-date deployments. It supports onboarding via manifests, integrates the PowerShell App Deployment Toolkit, and automates version checks from Winget, Evergreen, or Storage Account sources to streamline packaging and publishing.
Security Analysis
21 files scanned on Jan 8, 2026
No obfuscated code detected. The codebase performs legitimate admin tasks (module installation, artifact packaging). Primary concerns are potential remote code execution risk from dynamic module installation and information leakage via verbose error messages. Artifact uploads to Azure Storage are expected but require proper access controls and encryption.
You might also like
IntuneComplianceMaintainer
IntuneComplianceMaintainer is a PowerShell automation script that keeps Microsoft Intune compliance and app-protection policies up to date with the latest supported OS minimums across iOS, iPadOS, macOS, Android, and Windows. It uses endoflife.date and the Graph Windows Update Catalog to drive cadence-based updates, with flexible authentication (Managed Identity, App Registration with certificate or secret, plus Key Vault integration) and safety features like dry-run and downgrade protection. It provides comprehensive logging and built-in retry logic for resilience.
James RobinsonWintuner
WinTuner is a tool that lets you take any WinGet app and upload it to Intune in minutes. It automates downloading the installer and logo, generates the intunewin package, creates the required deployment script details, and publishes the app to Intune. It also ships a PowerShell module for automation and includes documentation to guide you through the process.
Stephan van RooijAutopilot Management
Autopilot Management is a Windows-based Intune utility that simplifies Autopilot device administration. It supports searching by serial number or device name, bulk updates to Group Tags, bulk or single deletions, and uploading hardware hashes. It can load and verify devices from CSV, backup data, and query with an optional cache for large environments. Authentication uses Azure Graph tools (MFA supported) for secure admin access.
Espen JaegtvikAutopilotGroupTagger
AutopilotGroupTagger is a PowerShell-based utility for bulk updating and managing Windows Autopilot Device Group Tags, with optional unblocking of devices. It supports updating tags by group, manufacturer, model, purchase order, and interactive selection, plus exporting data and creating dynamic Entra ID groups. The tool runs with Microsoft Graph authentication and supports PowerShell 7 on Windows/macOS, including a whatIf simulation mode and Community Tool status.
Nick Benton