Ebsford: Device Management using Intune
It is advised to determine which devices are to be managed via Intune and subsequent licences to be arranged.
Background
The IT department have successfully registered their windows 10 devices to Intune and would provide suitable test systems if changes are deemed necessary before rolling out to a wider test group. Once testing is complete and results are sufficient to meet the requirements. We can plan to move onto Pre-Pilot and Pilot phases before finalising a rollout to production (Live).
The M365 tenant is ready for managing devices through Azure AD join methods but there are pre-requisites to do this. Windows 10 Business standard and above is required on the devices and a minimum M365 Business Premium licence for the user.
There are two routes for rolling out the ‘Endpoint management’ of Ebsford devices. From brand new or reset and for existing devices (see Ebsford_Azure AD Join and Auto enrolment document)
App Management:
To prepare win32 app for Intune:
Prepare a Win32 app to be uploaded to Microsoft Intune | Microsoft Docs
Start application
Specify the folder of the downloaded offline installer/application
Specify the setup file name
Specify output folder
You can specify a catalogue folder which requires to be created beforehand.
You can follow the progress of the package creation and once complete, you can go to the portal and create the application package.
To create the windows application (Endpoint Management):
Direct link to Windows app: Windows - Microsoft Endpoint Manager admin center
From the main windows, select the plus icon to add a new package.
Select your app type, which is a Windows app (Win32)
Once selected you are provided some information relating to the selection made.
You can now follow the wizard to begin building your application package./msdyn_blobfile/$value)
Select the folder icon to the right and browse to the previously created Intune File.
/msdyn_blobfile/$value)
Select the folder icon to the right and browse to the previously created Intune File.
Enter the details for the package being created, such as Publisher, web links to privacy policies, version details etc.
Define the commands for installation. Some publishers provide ‘Enterprise’ packs which include the necessary files and commands for the installation and how it is carried out. If such a pack is not available, you can test the install methos via command prompt and use the ‘switches’ available. For the example used here, an enterprise packaged was available which populated both commands.
.msi and .exe have difference set of commands available which can be found here:
https://docs.microsoft.com/en-us/windows/win32/msi/command-line-options
https://www.advancedinstaller.com/user-guide/msiexec.html
https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/command-switches-supported-by-self-extractor-package
/msdyn_blobfile/$value)
.msi and .exe have difference set of commands available which can be found here:
https://docs.microsoft.com/en-us/windows/win32/msi/command-line-options
https://www.advancedinstaller.com/user-guide/msiexec.html
https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/command-switches-supported-by-self-extractor-package
You can define the ‘requirements’ which have to be met before it can attempt to install. Such as a minimum Windows 10 release version, OS architecture (64bit etc.)
A detection rule is required, which is used to check whether the application is already installed.
A simple method is to check if a file or folder already exists.
/msdyn_blobfile/$value)
/msdyn_blobfile/$value)
Assignments are used to determine how the application is to be installed, automatically or as an option via ‘Company Portal’ app. For this example, an assignment is made to install automatically for all users in the defined group.
/msdyn_blobfile/$value)
Review your settings and create the package.
/msdyn_blobfile/$value)
Review your settings and create the package.