Windows

The Twingate Windows Client is distributed in an MSI package in order to allow automated managed device deployment.

You can download the MSI release for the latest Client version here which you can download and configure in your MDM solution (for example, Microsoft InTune).

We also maintain a historical public changelog of prior releases.

The Twingate Windows Client distributed via https://get.twingate.com/ is an EXE package that is not intended for deployment via an MDM such as InTune. For access to a list of MSI-packaged releases, see Windows Releases.

.NET Prerequisite

Versions of the Windows Client prior to November 2024 require the .NET Desktop Runtime 6.0 (x64) or higher. The MSI installer does not include the .NET Desktop Runtime. When installing the Client via the MSI, you must manually install .NET Desktop Runtime alongside the Client if not already installed.

Versions of the Windows Client from November 2024 onward require the .NET Desktop Runtime 8.0 (x64) or higher. It is recommended to install this version of the runtime in order to support all versions of the Twingate Windows Client.

You can download the .NET 8.0 Desktop Runtime x64 directly from Microsoft.

MSI deployment options

The MSI package supports a number of command line options that are useful for automated deployments:

Silent installation. The /qn option will suppress the installation dialog and automatically accept the user terms of service.
Pre-configure the Twingate Network. The network= option allows pre-configuring the Twingate Network name so that users do not have to enter this information.
Disable automatic updates. Setting no_optional_updates=true will disable optional updates. See the next section for more information on why you might want to do this.
Configure NCSI global DNS. Setting ncsi_global_dns=true will enable NCSI_GlobalDns. Enable this option if users are experiencing a false “No internet” NCSI while Twingate is running.

Example

In this example, this will install the Twingate Windows Client, setting the Twingate Network to beamreach.twingate.com and disable optional updates.

TwingateWindowsInstaller.msi /qn network=beamreach.twingate.com no_optional_updates=true

Should you disable automatic updates?

Usually, yes, but this depends on whether you allow users to have local admin rights on their Windows PC. Automatic updates cannot be installed without the local user providing administrator authorization, so if you do not allow local admin rights, you should disable automatic updates. The MSI command-line setting allows flexibility for different user groups depending on their local admin permissions.

In summary:

If you allow local admin rights: We recommend you leave automatic updates enabled (this is the default). Users will be prompted when an update is available and asked to update the Twingate Client.
If you do not allow local admin rights: You should disable automatic updates. This is because, if optional updates are enabled, users will receive update availability prompts but will not be able to update the Client. New versions of the Twingate Windows Client must instead be pushed to users via your MDM solution.

Remember, Clients older than 12 months are not supported and will not be able to connect to the Twingate service. If you disable automatic updates, you should ensure that you have a process in place to update the Client on user devices on a regular basis.

Microsoft Intune and Endpoint Manager

Microsoft Intune and Endpoint Manager are popular solutions for managing Windows devices. You can deploy the Twingate Windows Client using Microsoft Intune by following the steps outlined in the Microsoft Intune & Endpoint Manager guide.

Third-party MDM solutions

If you use a third-party MDM solution, you can deploy the Twingate Windows Client using the MSI package and the command-line options described above. Consult your MDM documentation for instructions on how to deploy software packages.

If custom PowerShell scripts are supported, you can follow the instructions in the Microsoft Intune custom script guide. This guide provides an example script that downloads the Twingate Client MSI installer and installs it on the device.

Chocolatey

Early Access

Chocolatey packages are not currently updated as part of our automated release pipeline so package updates may be subject to delayed release.

Chocolatey is a package manager for Windows that allows easy installation and updates of thousands of software packages. Installation instructions are available on Chocolatey’s website.

With Chocolatey installed, Twingate can be installed with a single command:

choco install twingate

Last updated 3 months ago

Home

Guides

Use Cases

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

How NAT Traversal Works

Encryption in Twingate

API

Getting Started with the API

Schema

Twingate Labs ↗

managing twingate

Quick Start

Automated Deployment

Connectors

Understanding Connectors

Deploying Connectors

Best Practices

Updating Connectors

Advanced Connector Management

Resources

Remote Networks

Aliases

Usage-based Auto-lock

Ephemeral Access

Resource Tags

Team

Users

Groups

Identity Providers

Security Policies

Policy Guides

Two-Factor Authentication

Devices

Client Application

Managed Devices

Device Administration

Services

Headless Clients

CI/CD Configuration

Analytics

Network Overview

Audit Logs

Network Traffic

User Activity

Syncing Data to AWS S3

Internet Security

DNS Filtering

DNS-over-HTTPS (DoH)

Internet Security Client Configuration

Exit Networks

Administration

Admin Console Security

Subscription Management

Managed Service Providers

Cancel Your Subscription

additional resources

Help Center ↗

Changelog

FAQ

Twingate Trust Center

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

VPN Replacement

Infrastructure Access

Device Security Controls