Views:
 

Prior to deployment, make sure the client machine is enrolled to Azure. Below are the pre-requisites:

  • Microsoft Intune subscription – (sign up for a free trial account).
  • Create a user, and create a group.

Reference: Official product documentation for Microsoft Intune

 

 
Sign in to the Intune as a Global Administrator or an Intune Service Administrator. If an Intune Trial subscription is created, the account created with the subscription is the Global administrator.
 

Set up Windows 10 automatic enrollment

Use MDM enrollment so that both corporate and bring-your-own-devices can be automatically enrolled.

 
Signing up for Azure Active Directory Premium subscription is required. Azure AD premium supports “Automatic enrollment”.
 

Reference: Set up enrollment for Windows devices 

  1. In Azure, choose Azure Active Directory > Mobility (MDM and MAM).
  2. Select Microsoft Intune.

    Microsoft Intune

  3. You will be navigated to the Configure page.

    1. The following fields should be filled out with the following information:

      Configure page

      • Select "Some" from the MDM user scope to use MDM auto-enrollment to manage enterprise data on employees' Windows devices. MDM auto-enrollment will be configured for AAD joined devices and bring your own device scenarios.
         
        "Some” is used as the User scope to allow admin to have flexibility on which groups to have the automatic enrollment feature.
         

        Reference: Enable Windows 10 automatic enrollment

      • Click No groups selected then choose your Desired group and click Select.
      • Select Some from the MAM Users scope to manage data on workforce's devices.
      • Click No groups selected then choose your Desired group and click Select.
      • Use the default values for the remaining configuration values.
    2. Click Save.
  4. From Azure Active Directory > Mobility (MDM and MAM), select Microsoft Intune Enrollment.

    click Microsoft Intune Enrollment

  5. You will be navigated to the Configure page.

    1. The following fields should be filled out with the following information:

      Configure page

      • Click No groups selected then choose your Desired group and click Select.
      • Use the default values for the remaining configuration values.
    2. Click Save.

Take the role of an Intune user and enroll a Windows 10 device into Microsoft Intune. Then return to Intune and confirm the device enrolled.

Confirm Windows 10 Desktop version

Before enrolling Windows 10 Desktop, confirm the version of Windows that you have installed.

  1. Right-click the Windows Start icon and click Settings to display Windows Settings options.

    Windows Settings

  2. Select System > About.

    System > About

  3. The Settings window will show a list of Windows specifications for PC. Within this list, locate the Version.
  4. Confirm that the Windows 10 version is 1607 or higher.
     
    The steps presented in this guild are for Windows 10 version 1607 or higher, if version is 1511 or less, continue with these steps.
     

Enroll Windows 10 Desktop

  1. Return to Windows Settings and select Accounts.

    Accounts

  2. Select Access work or school > Connect.

    Connect

  3. Select Join this device to Azure Active Directory.

    join device

  4. Sign in to Intune with work or school account (as Intune user), and then click Next. If the method followed is create a user and assign a license quickstart, the user account created can be used to sign in.

    sign in to Intune

    enter password

    Join

  5. When the "You’re all set!" screen appears, click Done.

    click Done

  6. The added account will be shown as part of the Access work or school settings on the Windows Desktop.

    view in Access work or school settings

     
    Use the Azure Active Directory (AAD) account to Sign in this Desktop.
    If the previous steps are followed, but still cannot access work or school email account and files, follow the steps in Troubleshooting steps to follow if you see Access work or school
    Reference: What is Azure Active Directory?
     

Confirm your device enrollment in Intune

  1. Sign in to Intune
  2. Select Devices > All Devices to view the enrolled devices in Intune.
  3. Verify that there is an additional device enrolled within Intune.

    additional device

Use Intune to add and assign a client app to company's workforce. One of an admin's priorities is to ensure that end users have access to the apps they need to do their work.

Prerequisites to be done on the Worry Free Business Security Services web console

  1. Download Security Agent MSI via downloader.
    1. Log in to WFBS Services web console.
    2. Go to Security Agents.
    3. Under Manual Groups, click the group on where you require to add the client machine to.
    4. Click + Add Security Agents.
    5. Click Download Installer.

      Download Installer

    6. A new tab will open. Click Download.

      Download

    7. Indicate where the MSI should be placed after download.
    8. Click Next, and wait for MSI to be downloaded.

      MSI

  2. Get Identifier.
    1. Under the same “+Add Security Agents” interface on step 1.e, click Instruction to service providers.

      click Instruction to service providers

    2. A URL will be shown, click Copy Identifier.

      click Copy Identifier

Add the client app to Intune via Line-of-Business App

An app can be included so that Intune can manage aspects of the app. Use the following steps to add an app to Intune:

  1. Sign in to Microsoft Endpoint Manager admin center.
  2. Select Apps > All Apps > Add.
  3. Select Line-of-business app in the App type dropdown box.

    Select Line-of-business app

  4. Click Select.
  5. Choose Select app package file to upload MSI.

    Select app package file

  6. Click OK.

  7. You will be navigated to the App Information section.

    1. The following fields should be filled out with the following information:

      App Information page

      • The Name and Description box will be auto-filled with "Trend Micro Security Agent".
      • In the Publisher box enter a publisher name, such as “TrendMicro”.
      • Select Device on the App install context.
      • In the Command-Line arguments box enter “/quiet Abandon=0 SILENTMODE=1 IDENTIFIER=[YOUR IDENTIFIER]”.
      • Use the default values for the remaining configuration values.
    2. Click Next.

Assign the app to a group or enrolled devices

After App is ready to deployed Intune, it can now be assigned to groups of users or devices. Use the following steps to assign an app to a group:

  1. Select the group on which you want to deploy the agent.
  2. Click +Add group on the Required section.

  3. Choose the Desired group then click Select.

    choose group

  4. Click Next.

  5. Review the details. Once done, click Create.

     

    Create

  6. It may take time for the machine to receive the deployment package. You may manually sync the Windows 10 device to speed up the process through the following:
 

If User Account Control (UAC) is enabled, it may require the user to click Yes to allow agent installer to make changes and let installation to push thru. UAC can be advised to be temporarily disabled to let agent be deployed properly and avoid prompt to show on user end.

UAC enabled

For more information about managing User Account Control (UAC) settings via Windows 10 MDM, refer to User Account Control Group Policy and registry key settings.

 

Check the Installation status

Install and use the Company Portal app to install the [Your group] app made available by Intune. Use the following steps to verify that the app is available to the user of the enrolled device.

  1. Sign in to Microsoft Endpoint Manager admin center.
  2. Select Apps > All Apps then select the Trend Micro Security Agent app.
  3. Check the installation status.

     

    check status

     
    In some scenario, there might be a delay for the installation to reflect on the dashboard status. Installed agents may not reflect on real-time basis.
     
Keywords: deploy WFBS-SVC in azure,WFBS-SVC in azure,WFBS-SVC azure,WFBS azure,WFBS Intune,intune,microsoft intune,ms intune