Team: Huntress EDR
Product: Intune (Win32 app)
Environment: Windows Server 2008 and newer, Windows Vista and newer
Summary: Automated Huntress agent deployment via Intune (Win32 app)
Deploying the Huntress agent via Microsoft Intune is easy and can be accomplished in one of two methods. This is the alternate method, via the Win32 app deployment interface. The preferred method is via a PowerShell script deployment, which is documented here. The primary reason the PowerShell deployment is preferred as the PowerShell script always downloads the newest agent from our CDN as well as checking if the application is installed prior to triggering the download or install process. This reduces load on the endpoint, ensures you always install the latest agent, and negates the need to periodically maintain the App deployment with an updated version of the Huntress Installer package. The primary reason to use this method over the preferred one is if your environment doesn't permit the execution of unsigned PowerShell scripts.
Microsoft Intune is a complex and powerful tool for managing endpoints and mobile devices. This is a guideline using basic settings to accomplish the deployment of the Huntress agent. Your specific Intune setup may require tweaking or changes. Huntress support is not able to perform advanced Intune troubleshooting, please consult the Microsoft documentation or their support channels for Intune assistance.
- To configure the deployment using this method you will need to download two items and save them to your local system to create the .intunewin package needed by Intune.
- First, you need to download the IntuneWinAppUtil from Microsoft's github. As we'll only describe basic functionality of this tool in this document it is recommended you review the full Microsoft instructions on preparing a Win32 app in Intune. As noted before, Huntress support may be unable to provide advanced Intune support. It's recommended you place the IntuneWinAppUtil.exe in the a folder you can easily access via the command line. In our example we're using D:\Downloads\IntuneWinApp.
- Download the HuntressInstaller.exe package from your portal. You can do this by clicking on the "three lines" menu in the upper right of the portal, selecting Download Agent, click to show the link, and finally click the link. Save this file into a subfolder of the one above. In our example we're using D:\Downloads\IntuneWinApp\source.
- After downloading both of the files above, open a command prompt window in and navigate to the folder containing the IntuneWinAppUtil.exe executable.
- Run the following command from the folder which contains IntuneWinAppUtil.exe. Ensure the HuntressInstaller.exe is located in a subfolder of the one containing IntuneWinAppUtil.exe named source.
IntuneWinAppUtil -c .\source -s .\source\HuntressInstaller.exe -o .\
- You should see an output similar to the one below. Verify you see the "has been generated successfully" message and that HuntressInstaller.intunewin is present in the same folder as IntuneWinAppUtil.exe.
- In your Intune portal, navigate to Apps, then All Apps, click the Add button, change the App type to Windows app (Win32) and click Select.
- In the Add App dialog, click Select app package file, then click the blue folder icon, navigate to your previously created HuntressInstaller.intunewin package and click OK.
- In the App information dialog fill out as much of the information as is relevant for your deployment scenario. It is required you provide a publisher, we recommend Huntress Labs, Inc. in this field. We also recommend you edit the Name to Huntress Agent and leave the Show this as a feature app... setting to No. (This is recommended as we'll set it to a required app vs. requiring users to manually install.) Click Next when done.
- In the Program dialog, fill out all of the below fields matching the example image provided below the copy/paste- able sections below.
Install command: HuntressInstaller.exe /ACCT_KEY="YOUR_ACCOUNT_KEY" /ORG_KEY="ORGANIZATION _KEY" /S
Uninstall command: "%PROGRAMFILES%\Huntress\Uninstall.exe" /S
Install behavior: Leave as System.
Device restart behavior: Change to No specific action.
Return code / Code type: Leave the existing 0 = Success entry and delete the remaining.
You MUST replace YOUR_ACCOUNT_KEY with the account key from your Huntress console and provide an appropriate ORGNIZATION_KEY value for your environment. The account key in the image below has been shortened for the purposes of a screenshot, but your actual Huntress account key will be 32 characters long.
Click Next when done.
- In the Requirements dialog, fill out the below fields as described.
Operating system architecture: Select both 32-bit and 64-bit.Minimum operating system: Select the oldest version of Windows 10 listed, in this example build 1607 is selected.Disk space required (MB): Enter 20Leave the remaining fields at their default blank settings and click Next.
- In the Detection rules dialog, change the Rules format to Manually configure detection rules and set up the following rules. You can configure each rule by clicking Add and selecting the appropriate type and path/code. The full list of rules are specified in the table below, followed by screenshots of the output once they are all specified.
Rule Type: File Path File or Folder Detection Method Assoc. 32-bit on 64-bot %PROGRAMFILES%\Huntress HuntressAgent.exe File or folder exists No %PROGRAMFILES%\Huntress HuntressUpdater.exe File or folder exists No Rule Type: Registry Key path Value name Detection Method Assoc. 32-bit on 64-bot HKEY_LOCAL_MACHINE\SOFTWARE\Huntress Labs Key exists No HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HuntressAgent Key exists No HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HuntressUpdater Key exists No
Click Next when done.
- Do not make any changes on the Dependencies dialog and click Next.
- In the Assignments dialog you will need to select the group/users/devices you wish to have this application deployed to. Huntress recommends adding it to an appropriate organizational unit under the Required section of this dialog. In this example we've applied it to a Security Group titled Huntress Users. You will see the newly selected assignment target appear in the list. Click on one of the blue highlighted options to configure the detailed settings for this entry. (Details in next step.)
- The Huntress recommended settings are below. The only change from default is to Hide all toast notifications. This will prevent a Windows Modern UI pop-up indicating the Huntress Agent was installed. If you wish for end users to see this notification, or for testing purposes, feel free to leave this set to Show all toast notifications. We've opted to hide them in the image below, but in a later step we depict an example of what these toast notifications look like. Click Next when done.
- Finally, on the Create dialog review all of your previous settings and click the Create button at the bottom of the list.
If you leave the toast notifications on, the end user will see 3 dialog messages during the Huntress Agent installation process, they will appear in the following order:Once installed, the Intune agent should report this information back to your portal and can be viewed within the App details.
Please sign in to leave a comment.