RepoFabric is a private winget source platform that cuts repeat-download bandwidth, speeds fleet rollouts, and gives you an Entra-attributed audit trail with Intune and GPO policy export, all from one deployment.
*After the first endpoint on a subnet pulls an installer, the rest fetch it from a LAN peer over BranchCache and Delivery Optimization. Real WAN optimization either way, whether RepoFabric runs in any cloud or on-prem. Best case, peer-dependent.
Admins sign in with Microsoft Entra ID, and every publish, sync, and service action is attributed to their UPN (SYSTEM for scheduled jobs). An audit trail of who did what, with no extra tooling.
Export an Intune Settings Catalog policy for the DesktopAppInstaller CSP and a matching Group Policy script. Point and lock endpoints at your private source in minutes.
Subscribe to the apps you approve, and new versions auto-sync from the public winget repo into your private source. Pair it with the policy export to block the public repo, so endpoints install only vetted builds.
RepoFabric plugs into the services you already run and stands up the ones you are missing, in any cloud or on-prem. Guided setup, scheduled sync, and a web GUI keep day-two simple.
| Capability | Standard winget REST server | Standalone rewinged | RepoFabric |
|---|---|---|---|
| ★ WAN bandwidth savings (LAN peer-caching) | No PeerDist hashes advertised, so installers are not peer-cached out of the box, and no savings reporting. | No PeerDist hashes advertised, so installers are not peer-cached out of the box, and no savings reporting. | Advertises PeerDist (MS-PCCRC) hashes so BranchCache and Delivery Optimization pull from a LAN peer, with a dashboard of savings per subnet and per installer over 7 / 30 / 90 days. |
| ★ Curated auto-update from public winget | Mirror upstream by hand. No approval gate, and endpoints can still reach the public repo. | Mirror upstream by hand. No approval gate. | Auto-syncs new versions of approved apps from the public winget repo into your private source, so you can block the public repo and serve only vetted builds. |
| Azure / Entra ID admin sign-in | Not built in. Add your own auth. | No admin UI to sign in to. | Admin signs in with Entra ID. Every action attributed to the user UPN, SYSTEM for scheduled jobs. |
| Intune / MDM endpoint policy | Possible by hand. Author the CSP yourself. | Possible by hand. No generator. | One-click Intune Settings Catalog export for the DesktopAppInstaller CSP, plus a matching GPO script. |
| Client configuration | Configure trusted source, silent defaults, and caching on every device yourself. | Configure every client yourself. | Generated per-repo PowerShell registers the source as Trusted, sets silent defaults, enables BranchCache / BITS / Delivery Optimization. |
| Custom / in-house apps | Hand-author manifests on disk. | Hand-author manifests on disk. | Upload-first wizard auto-fills metadata, detects silent switches, supports multiple installer types. |
| Ongoing management | No GUI. Manage by hand. | Edit files on disk. No GUI. | Web GUI: subscriptions, activity feed, service controls, and dashboards. |
| Deployment & multi-repo | Assemble the API and a backing store yourself, for example the reference source historically backed by Azure Functions and Cosmos DB. | Single binary you install and configure. | Deploys in any cloud or on-prem, brings the supporting services you are missing, guided web setup, isolated multi-repo with automatic port allocation. |