How Enterprises Are Really Using WinGet: Opportunities and Pitfalls in 2025

Windows Package Manager (WinGet) has gained attention as a new option for managing Windows software. Introduced in 2020 as Microsoft’s official, open-source package manager for Windows 10 and 11, it lets admins install, update, and configure software via the command line, similar to apt on Linux or Homebrew on macOS. WinGet is built into Windows 11 and is now used behind the scenes in the new Windows Store integration in Intune, signalling Microsoft’s ambition to make it a core part of modern Windows app management.

For enterprises, WinGet offers automation, consistency, and a simpler way to deliver and update software. But as with any young technology, the opportunities come with challenges.

Why WinGet Appeals to Enterprises

The biggest attraction of WinGet is its ability to simplify application management. Because it’s CLI-based, IT teams can script the installation of a standard set of apps on new machines, export a list of installed apps from a reference PC, and import that list elsewhere to replicate the same environment. This makes provisioning faster and more consistent, whether for physical endpoints, virtual desktops, or cloud PCs.

WinGet also benefits from being officially supported and preinstalled. There’s no extra client to deploy, and packages from Microsoft’s curated community repository and the Microsoft Store are verified with SmartScreen, hashes, and other protections.

Perhaps most importantly, Microsoft is weaving WinGet into its ecosystem. Windows 11 includes it by default, and Intune now uses WinGet behind the scenes for deploying store apps. This means organisations that already manage devices with Intune are effectively getting WinGet capabilities out of the box.

Real Enterprise Use Cases

• Golden Image and VDI Provisioning
  Many organisations are using WinGet to pre-install apps on base images. Instead of maintaining multiple golden images or complex task sequences, IT can keep a single script or configuration file. Running winget import on a new VM or physical machine automatically installs all required software and ensures the latest versions. This speeds up image creation and keeps deployments consistent.

• Software Deployment and Self-Service
  Even without Intune, IT teams can leverage WinGet through scripts or self-service portals. Some build simple GUIs that let employees choose approved apps, which then trigger a winget install command in the background. Because repository packages must support silent installation, admins don’t need to repackage each app individually.

• Automated Patching
  One of the most attractive scenarios is automating third-party application updates. With winget upgrade --all --accept-agreements, a scheduled task or Intune Proactive Remediation can silently update apps with newer versions. This native approach is appealing to organisations looking to reduce spend on separate patching tools. Community projects such as Winget-AutoUpdate already add scheduling and reporting on top of WinGet.

• Private Repositories
  Large organisations often have proprietary applications or want strict control over which versions of software are deployed. WinGet supports private repositories for these scenarios. Companies can host their own REST source containing custom app manifests and binaries, using Azure or even a simple static web server. Employees can then run winget install CompanyApp to get the latest internal tools while IT maintains governance and compliance.

Current Limitations and Challenges

Despite its potential, WinGet is not yet a ready-to-use solution for every enterprise. Out of the box, it’s command-line only. This can be challenging for administrators who are not used to working with scripts, unless an internal GUI or wrapper is built.

By default, WinGet runs in the user context. Installing machine-wide software requires elevation, and running deployments in the System context (with no user prompts) still involves workarounds such as wrapping WinGet calls in PowerShell App Deployment Toolkit scripts or using scheduled tasks.

Repository control is another concern. The public Winget repository accepts community submissions, and Intune currently only surfaces Microsoft Store apps, not the full community repo. Organisations wanting to restrict or vet apps must invest in allow-lists or private sources.

Finally, WinGet always installs the latest version by default. That’s great for security, but not for enterprises that prefer to stage updates or hold back versions. Package pinning is now available but basic, and Intune’s automatic Winget updates for Store apps can’t yet be paused or rolled back.

Market Trends and Adoption Signals

Even with these limitations, there are signs of growing adoption. The Winget community repository has grown from about 1,400 packages at launch to around 9,000 packages in 2025, roughly on par with Chocolatey’s community catalog. Most common enterprise applications are already available, and Microsoft is working with vendors to onboard more.

Microsoft’s roadmap underscores its enterprise ambitions. Recent versions have added offline download support for Store apps, Azure AD authentication for private repositories, manifest-defined elevation requirements, and package pinning, features aimed squarely at enterprise needs.

Wrapping Up

WinGet is moving from niche to mainstream in enterprise IT. Early adopters are already using it to script golden images, power self-service portals, and automate third-party patching. While current gaps around GUI, System context, and version control mean it’s not yet a complete replacement for established tools, Microsoft’s rapid development and deep integration with Intune suggest that WinGet is expected to take on a more significant role in Windows application management over time.

Our Apptimized team has already started packaging WinGet applications for a customer project and will share our insights and lessons learned as we gain more experience.