Microsoft Intune
  • 22 Jan 2021
  • 4 Minutes To Read
  • Print
  • Share
  • Dark
    Light

Microsoft Intune

  • Print
  • Share
  • Dark
    Light

Microsoft Intune

Prerequisites

Active Directory Based Identity

  1. Configure Acitive Directory with SecureCircle
  2. Apply Configuration to Circles
  3. Download Active Directory Aware SecureCircle agent

Email Based Identity

To complete this quickstart, you must first:

  1. Create a user
  2. Create a group
  3. Enroll a device
  4. Obtain SecureCircle API key
  5. Obtain SecureCircle CircleID
  6. Download Install-SecureCircle.ps1

Install-SecureCircle.ps1

  1. Download SecureCircle agent installer and rename to fhfs.exe

Create install bundle for Intune Deployment

Use the Microsoft Win32 Content Prep Tool to pre-process Windows Classic (Win32) apps. The tool converts application installation files into the .intunewin format. The tool also detects some of the attributes required by Intune to determine the application installation state. After you use this tool on the app installer folder, you will be able to create a Win32 app in the Intune console.

Important

The Microsoft Win32 Content Prep Tool zips all files and subfolders when it creates the .intunewin file. Be sure to keep the Microsoft Win32 Content Prep Tool separate from the installer files and folders, so that you don't include the tool or other unnecessary files and folders in your .intunewin file. For example, place the securecircle files into the following directory structure before running the Microsoft Win32 Content Prep Tool and following the prompted instructions:
├── Example_folder
├── Install-SecureCircle.ps1
└── fhfs.exe

Sign in to Intune

Sign in to Intune as a Global administrator or an Intune Service administrator. If you have created an Intune Trial subscription, the account you created the subscription with is the Global administrator.

Add the client app to Intune

An app can be included so that Intune can manage aspects of the app.

Use the following steps to add an app to Intune:

  1. In Intune, select Apps > All apps > Add.
  2. Select Windows 10 in the Office 365 Suite section of the Select app type pane.
  3. Click Select. The Add app steps are displayed.
  4. Confirm the default details in the App suite information page.
  5. Click Next to display the Configure app suite page.
  6. Next to Update Channel select Monthly from the dropdown box.
  7. Confirm the remaining default details in the *Configure app suite page.
  8. Click Next to display the Scope tags page.
  9. Click Select scope tags to optionally add scope tags for the app. For more information, see Use role-based access control (RBAC) and scope tags for distributed IT.
  10. Click Next to display the Assignments page.
  11. Select the group assignments for the app. For more information, see Add groups to organize users and devices.
  12. Click Next to display the Review + create page. Review the values and settings you entered for the app.
  13. When you are done, click Create to add the app to Intune.

Installation command - replace “SC_URL”, “API_KEY”, “CIRCLE_ID” & “operator” with your SecureCircle Server URL, API key and CircleID and User Role:

Information

%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy bypass -File Install-SecureCircle.ps1 -fqdn SC_URL -ApiKey API_KEY -circleid CIRCLE_ID -MemberRoleId operator

Uninstall command:

Information

C:\Program Files (x86)\SecureCircle\uninstall.exe /S

Detection rules:

Information

Type: File
Path: C:\Windows\System32\drivers
File: fhfs.sys
Detection Method: File or Folder exists

Assign the app to a group

After you've added an app to Microsoft Intune, you can assign the app to groups of users or devices.

Use the following steps to assign an app to a group:

  1. In Intune, select Apps > All apps.
  2. Select the app that you want to assign to a group.
  3. Click Assignments > Add group to display the Add group pane.
  4. Select Available for enrolled devices in the Assignment type dropdown box.
  5. Click Included Groups > Select groups to include.
  6. Click Select > OK > OK > Save to assign the group.

Install the app on the enrolled device

Use the following steps to verify that the app is available to the user of the enrolled device.

  1. Log in to your enrolled Windows 10 Desktop device. The device must be enrolled with Intune. Also, you must sign in to the device using an account contained in the group you assigned to the app.
  2. From the Start menu, open the Company Portal app. Then, find the SecureCircle app and install it.
Information

Useful Intune logs can be found on the client at: C:\ProgramData\Microsoft\IntuneManagementExtension\Logs

Learn how to designate MagicFolders using Group Policy

JAMF Deployment

This guide will highlight key SecureCircle Agent configuration details in JAMF in order to achieve a successful deployment. After following this guide, the administrator will be be able to --

  • Ensure that the SecureCircle Kernel Extension is trusted
  • File access configured for the SecureCircle Agent
  • Identify devices that have (and don’t have) the SecureCircle Agent installed
Note

This guide assumes the SecureCircle package has already been uploaded to Jamf and a base deployment policy is configured.

JAMF deployment script

From within JAMF go to Management Settings → Scripts → New

  • Provide a Display Name (e.g. Install SecureCircle)
  • script tab select from the provided script examples below.

Mac Active Directory Joined deployment script example:

curl -o fhfs.pkg  https://SERVER_ID/download/mac/fhfs.pkg
curl -o bundle.tar.gz "https://$SERVER_ID/download/mac/resources/bundle.dat"
mkdir -p "/private/var/tmp/fhfs"
tar -xzf bundle.tar.gz -C "/private/var/tmp/fhfs"
sudo installer -verboseR -pkg fhfs.pkg -target /

Email based agent deployment script example:

If using the email based agent add the following parameters to your JAMF script

options tab

  • parameter 4: jssUser
  • parameter 5: jssPass
  • parameter 6: jssHost
  • parameter 7: secureCircleHost
  • parameter 8: apiKey
  • parameter 9: circleId

securecircle_enroll.sh

Apply Installation Script

Navigate to Policies → New

  1. Click on Scripts → Configure
  2. Click “Add” for the script created in the previous section (e.g. Installl SecureCircle)
  3. Enter your parameter values.
  • jssUser - JAMF administrative user account with read only access
  • jssPass - password for above account
  • jssHost - JAMF server URL (do not include https://)
  • secureCircleHost - SecureCircle server URL (do not include https://)
  • apiKey - SecureCircle API Key for Administrator that can invite and confirm users
  • circleId - SecureCircle CircleID to be used for initial invitation
  1. Scope. Assign to target computers
  2. Options → Maintenannce. Enable “Update Inventory”
Was This Article Helpful?