Announcement

Collapse
No announcement yet.

ITSM Enrollment through Intune

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ITSM Enrollment through Intune

    Is it possible to use PowrShell a script to 'enroll' a device manually?

    The reason i ask is that i am attempting to build a MS Intune Profile for a new customer that as part of their enrollment in to the MDM element of Intune, automatically deploys the ITSM MSI from the bulk installation wizard. Given that Intune renames the MSI to a random name, removing the token, is it possible to configure the enrollment settings (Host, Port, Token) via a windows script (CMD, PowerShell or Regedit) after the MSI has been deployed?

  • #2
    curatrix_pl ,

    We are going to forward your request to our Script Developers and provide you a response with their output. I believe there is already a previous request related to your query that is currently being worked on by Development Team.

    Comment


    • #3
      Thanks, this is different to my previous request of integrating C1 with Intune, and this is purely about using the AutoPilot feature within Intune for deploying new machines. The process works as far as it installs the Comodo Agent, but unfortuntely, it doesn't enrol. If i can update the enrolment settings using PowerShell, then i can get this working through Intune with ease and minimise our efforts moving forward.

      Comment


      • #4
        curatrix_pl ,

        We thank you for making the picture clearer. We can inform the Product Team and coordinate with their analysis from creating the feature, devising the functionality, staging tests until it reaches fruition. Rest assured, all details that you provided will be helpful.
        Last edited by Oliver C; 05-11-2018, 02:36 PM.

        Comment


        • #5
          Thanks Jimmy

          Whilst the product team look to implement, is there a method for enrolling devices automatically either via script of registry edit?

          Comment


          • #6
            Hi curatrix_pl ,

            Thank you for bringing this to our attention. We will create a support ticket for this inquiry and we'll get back to you as soon as possible through email.

            Comment


            • #7
              Firstly, thanks to the C1 guys for their guidance in this. I'm sharing the process here for any others who wish to use Intune to deploy ITSM within their customers:

              Install Process
              The first step is to make the MSI Available for distribution
              • Go to ITSM > RMM and download the ITSM Communications Client for a client. The MSI is irrelevant at this stage as Intune renames the MSI when deploying.
              • Once downloaded, login into Intune and go to Mobile Apps > Apps > Click Add
              • Select Line of Business App
              • Click App Package File > Upload the MSI > Click OK
              • Click on App Information
              • Make sure that the Name is 'COMODO Client - Communications'. It is important that this name is the same as what it would be if installed Manually as this is what intune checks for initially to see if already installed. Fill in the description and publisher and click 'Yes' to ignore version. This ensures that COMODO can update the client communications when new versions are released. If you leave this as no, you will need to manually update the MSI here upon update.
              • Click OK > Create
              • Wait for the MSI to finish uploading then go to the Assignments tab and add it as a required Application using the groups you desire.


              Enrol Process
              Now you have added the MSI, you need to enrol your device using a powershell script to create an INI file.
              • In Intune go to Device Configuration > PowerShell Scripts
              • Click Add and enter a name and description. Then upload your PowerShell script (see my below for basic contents).
              • Click configure and make sure that the script is not running as the logged in user and you are not checking the siganutre.
              • Click create
              • Click Assign and select the relevant security groups. I suggest that you use the same groups as for the MSI.
              • Click Save


              Now, when users login on an Azure AD Joined and Intune MDM managed device, Comodo ITSM will be automagically deployed and enrolled.

              Example content of PowerShell script. Just update with the correct host and token for each client you are deploying to.

              Code:
              $INIText = @"
              [General]
              host = customername-mspname-msp.cmdm.comodo.com
              port = 443
              remove_thrid_party = false
              suite = 4
              token = a12354cfaf234b2b0ff2455d2d62
              "@
              
              New-Item "C:\Program Files (x86)\COMODO\Comodo ITSM\enrollment_config.ini" -type file -value $INIText
              
              net stop itsmservice
              net start itsmservice

              Comment


              • #8
                UPDATE - I should point out on this, you need to update the Token every 90 days as you are not able to create persistent tokens on the ITSM platform.

                Comment


                • #9
                  Thank you for posting this curatrix_pl , this code gives me a good point to work on for an enrollment procedure that I am working on.

                  I want to point out as well for anyone using this, US based hosts are on itsm-us1.comodo.com so the host would be customername-mspname-msp.itsm-us1.comodo.com. Alternatively, replace the host string with the host name from the manual section on the enrollment instructions page.

                  Comment


                  • #10
                    Intune Deployment works without any issue if you deploy the MSI as a Windows 32 app in the new INTUNEWIN format.

                    Guide: https://www.petervanderwoude.nl/post...rosoft-intune/

                    Comment


                    • #11
                      Any updates on this? I noticed that the name of the enrolment file is enrollment_settings.ini and it only contains three entries. I have another question when I was deploying the client using PDQ Deploy I would only use the command line arguments of msiexec.exe /i "em_RdvmQG2I_installer.msi" ALLUSERS=1 /qn /norestart /log output.log and those clients would auto enroll.

                      Comment


                      • #12
                        And on my machine in which I deployed at the command line, that file is empty.

                        Comment


                        • #13
                          carls ,

                          See example of an enrollment config file.


                          [General]
                          host = subdomain.cmdm.comodo.com
                          port = 443
                          remove_third_party = false
                          suite = 4
                          token = a5d15fd0dd9d7640fbd830e3f1c40999

                          msiexec.exe /i "em_RdvmQG2I_installer.msi" here used was a short token. It is resolved upon enrollment config during the installation. Once enrollment is done ITSMService removes enrollment_config


                          enrollment_settings.ini should be enrollment_config.ini



                          Comment


                          • #14
                            Originally posted by Weatherlights View Post
                            Intune Deployment works without any issue if you deploy the MSI as a Windows 32 app in the new INTUNEWIN format.

                            Guide: https://www.petervanderwoude.nl/post...rosoft-intune/
                            I used this method, and apparently it is updated as all I had to was re-package the MSI and use the command line when setting it up in intune I did not need to use the install.cmd file and include the command line now you can just utilize the command line that is auto-generated. And it worked like a charm.

                            Keep in mind Microsoft notes this: "Any Win32 app deployed using Intune will not be automatically removed from the device when the device is retired. The app and the data it contains will remain on the device. If the app is not removed prior to retiring the device, the end user will need to take explicit action on the device to remove the app."

                            Comment

                            Working...
                            X