Notes/Prerequisites:
- By default, within Intune, End Users are not required to sign in to the device to execute Powershell scripts. Data will not begin to be collected until the next log-in.
- Intune checks after each reboot to see if there are new scripts to run. If the script *fails* (for instance in the case of a security tool blocking the Auvik SaaS Management installation), Intune will not *re-run* the script unless it is changed.
- The script will by default time out after 30 minutes.
- This guide does not yet cover policy enforcement.
- It is not an issue for Auvik SaaS Management to be run on the same device multiple times. If this does occur, the agent will detect that it is already installed and up-to-date and will take no further action.
Adding the Script to Intune:
-
Navigate to Devices > Scripts > Add > Windows 10 and Later within Microsoft Endpoint Manager Admin.
- In the “Basics” field, enter both a name and an easily recognizable description for the Powershell Script. (Ex: Saaslio Script - Client Name)
- Log into Auvik SaaS Management and Navigate to Partner Hub > Org Preferences > Integrations, then select the option for “Custom Script"
- Scroll down to the “Client Scripts” options and select the desired client from the dropdown and click the button to “Download Script” as a .ps1 file. Note: If you have not already created a client, you can do so under the “Clients” option in the Auvik SaaS Management menu, and then by selecting “Add Client”.
- Name the download file something easily recognizable for the specified client deployment. The PS1 file will need to be uploaded to Intune so that the necessary scripts can reference it.
-
Set the script settings as follows:
- Script Location: (Either upload or reference a central location where the script is saved)
- Run this script using the logged-on credentials: This setting is dependent on the client’s environment. If you are planning to run this in a SYSTEM context in Windows, or as Admin, select “No”.
- Enforce script signature: Set to No (Note-This setting will change to yes as this deployment integration is moved out of Beta).
- Run script in 64-bit PowerShell host: Set to Yes. Microsoft states that if Intune detects a 32-bit environment, the script will still run even if this setting is set to 64-bit.
- Set your scope and assigned groups for this script to run. This allows the user to target specific devices or groups of devices. Note that this option is highly dependent on the client’s environment, Intune configuration, and Active directory configuration. It is recommended to run the script on a smaller group of users to ensure it is working properly prior to deploying to all client users.
- Once scope and groups have been assigned, select “Add” to save the script. Intune will push the script upon certain events or on a timed basis depending on it’s configuration.
Monitoring Status of Deployment:
Once deployed, you will see devices appear under the client’s Saaslio tenant under Users > Devices. You can also view logs from a particular device under `C:\ProgramData\Microsoft\IntuneManagementExtension\Logs`.