7

Resources

Last Update 18 dagen geleden

Whitelist Domain Rules - Microsoft OS and Microsoft Product Patches Whitelist Domain Rules - Third Party Patches Configuring the Service Account for macOS Patch Management on Apple Silicon Configuring Proxy on Agents Deploying SecOps Agent Using Group Policy (GPO)

Deploying SecOps Agent Using Microsoft Intune (MSI / LOB App)

Satyam

Last Update 5 maanden geleden


This article explains how to deploy the SecOps Agent on Windows devices using Microsoft Intune by uploading the MSI installer as a Line-of-Business (LOB) app.

Why Use MSI (LOB App) Deployment in Intune?
Deploying the SecOps Agent as an MSI via Intune provides:
  • Native MSI support (no scripting required)
  • Automatic execution in SYSTEM context
  • Silent installation across managed devices
  • Centralized deployment and reporting
  • Ideal for enterprise rollouts


Prerequisites
Before you begin, ensure the following:
  • Microsoft Intune is configured
  • Devices are Azure AD–joined or Hybrid AD–joined
  • Devices have active Intune enrollment
  • You have Intune Admin or Global Admin permissions
  • SecOps Agent MSI installer is available

    High-Level Deployment Flow
    1. Upload MSI as a LOB app
    2. Configure silent install command
    3. Assign app to device group
    4. Intune installs agent in SYSTEM context
    5. Device appears in SecOps dashboard


    Step-by-Step Deployment Guide (MSI / LOB App)

    Export Bulk Agent from SecOps Solution
    Export Agent in Bulk Mode from SecOps Solution tenant, based on your operating system. You can refer this article for agent export.

    Step 1: Create an Intune Device Group
    1. Sign in to Microsoft Intune Admin Center
    2. Navigate to Groups
    3. Create a new Security Group
    4. Add target devices (recommended)
    Example Group Name : SecOps-Agent-Devices
    Step 2: Add the SecOps Agent as a LOB App
    1. Go to Apps → Windows
    2. Click Add
    3. Select Line-of-business app
    4. Click Select
    5. Upload the MSI file: Secops_Solution_CLI_installer.msi

      Step 3: Configure App Information
      1. Enter the following:
        • Name: SecOps Agent
        • Publisher: SecOps Solution
        • Description: SecOps endpoint agent for patch and vulnerability management
      2. (Optional) Upload an app icon
      3. Click Next

      Step 4: Configure Program Settings (Silent Install)
      In the Program section, configure the install command.
      Install Command
      Use the following silent installation command:
      Step 5: Assign the App to Device Group (Device Context)
      1. In Assignments, select:
        • Required
      2. Under Included Groups, add: SecOps-Agent-Devices
      3. ​Click Next → Create.
      Step 6: Monitor Deployment Status
    1. Go to Apps → Windows
    2. Select SecOps Agent
    3. Review:
      • Device install status
      • Success / Failure counts
      • Per-device error details

      4. Validation Checklist
      After deployment, verify:
      • SecOps Agent service is running
      • Device appears in SecOps console
      • App status shows Installed in Intune

      Best Practices
      • Always assign MSI apps to device groups
      • Use Required assignment for agents
      • Avoid user-context deployments
      • Roll out using pilot groups first
      • Keep MSI versions consistent during upgrades

        Looking for Other Deployment Options?
        Depending on your environment, you may prefer a cloud-native or alternative deployment approach.

        Was this article helpful?

        0 out of 0 liked this article

        Still need help? Message Us