Deploying Privatise with Intune (Scripts)

Deploying the Privatise agent via Microsoft Intune is easy and can be accomplished via the “Scripts” interface under “Devices” management which utilizes our PowerShell script for deployment.

Microsoft Intune is a complex and powerful tool for managing endpoints and mobile devices. This is a guideline using basic settings to accomplish the deployment of the Privatise agent. Your specific Intune setup may require tweaking or changes. Privatises support is not able to perform advanced Intune troubleshooting, please consult the Microsoft documentation or their support channels for Intune assistance.

1. First step is to download the latest version of our PowerShell deployment script from this link.

2. Using your favorite text editor, edit the script to include your Privatise PARTNERID and TEAMID which Privatise support will supply you with.. You can search the script for “PARTNERID” to find the line. Ensure that they are both inside of quotation marks.

3. Log into your Intune instance and navigate to Devices | Scripts, click Add, and then Windows 10.

4. In the Basics section, provide a name and description for your script. For example “Install Privatise Agent” and then next when done.

5. In the Script settings section, click the blue folder icon and upload the script you edited in Step 2. Once the script uploads configure the additional options as shown below. Ensure Run this script using the logged on credentials is set to No (default) as we want the installation to run in the SYSTEM context. Ensure Enforce script signature check is set to No (default) since each script is edited before deployment signing isn't feasible. Finally, set the Run script in 64 bit PowerShell Host option to Yes (not-default) to ensure the script is run in the proper PowerShell architecture on both 32 and 64 bit machines. Click Next when done.

6. In this step you will select which objects in your Azure AD/Intune deployment should have the Privatise deployment script ran on. Click Select and Next when done.

7. This will almost certainly vary based on your specific Intune deployment and configuration needs. The only requirement for functionality is ensuring the assigned group contains the users or devices you wish to deploy Prviatsise to. Privatise support may not be able to assist in resolving security group/permission errors within your Azure AD environment.

On this final screen review the settings and click Add when done. Scripts are deployed to selected groups once every hour by Intune. You may need to wait at least one hour before the deployment is pushed out to the endpoints.

According to Microsoft the deployment schedule is as follows: The Intune management extension agent checks with Intune once every hour and after every reboot for any new scripts or changes. After you assign the policy to the Azure AD groups, the PowerShell script runs, and the run results are reported. Once the script executes, it doesn't execute again unless there's a change in the script or policy. If the script fails, the Intune management extension agent retries the script three times for the next three consecutive Intune management extension agent check-ins.

By clicking on the script name in the list of scripts you can see the status of the deployment.

After clicking the script name above, click on Device status in the left pane. In this view you will be able to see the devices the script successfully installed on (or failed to install on) and is an excellent place to start troubleshooting or reviewing your deployment.

The graphs in the Overview may not update in real time.

  • intune-deployment.txt
  • Last modified: 2021/07/29 18:51
  • by rafi