Onboard devices with AgentP using Microsoft Intune

In this topic, you will learn how to deploy Portnox™ AgentP on managed devices by using Intune.

You can manage AgentP deployment on managed devices using Intune on all platforms supported by Intune: Windows, macOS, iOS/iPadOS, and Android. However, we currently support automatic onboarding only on Windows.

If you’re using Windows, Azure/Entra ID or Active Directory, Intune, and SCEP/Wi-Fi/wired profiles in Intune, you can distribute the SCEP/Wi-Fi/wired profiles first to connect to the network, and then silently install and onboard AgentP via Intune, using the credentials of the current user who is logged in to Azure/Entra ID or Active Directory. For more information on such unattended installation and onboarding, see the following topic: Onboard Windows devices with AgentP in unattended or kiosk mode.

In all other cases, for example, on other platforms (macOS, iOS, Android) or when you don’t use Azure/Entra ID or Active Directory on your Windows devices, after automatic installation of AgentP through Intune, the user must manually onboard in AgentP. You can also first use Intune to distribute platform-specific SCEP/Wi-Fi/wired profiles and connect to the managed network, and only then distribute AgentP, or you can use AgentP to connect to the managed network instead.

Deploy on Windows

In this section, you will learn how to configure Microsoft Intune to deploy Portnox™ AgentP on managed Windows devices.

There are two options to deploy AgentP on managed Windows devices:

  1. Onboard devices using SCEP certificates and use AgentP for risk assessment only (recommended)
  2. Deploy AgentP and have the users onboard manually

If you choose the first option, begin by completing the steps in the following topic: Onboard Windows devices with certificates using Microsoft Intune and SCEP. Then, continue with steps in the current topic.

Note: Do not install AgentP on managed devices before you complete the certificate-based onboarding. If you already installed AgentP, make sure to uninstall it and delete all related configuration and profiles.
  1. Open the Download Portnox AgentP page in your browser.
  2. Scroll down to Windows files and click on the tile that best represents your Windows version to download the AgentP MSI package and save it on your disk.

    You will upload this package to Intune later.

  3. Open the Microsoft Intune portal in your browser: intune.microsoft.com.
  4. In the left-hand menu, select the Apps option.

  5. In the left-hand menu of the Apps pane, select the Windows option in the By platform section.

  6. In the Windows | Windows apps pane, click on the Add button.

  7. In the Select app type pane, in the App type field, select the Line-of-business app option, and click on the Select button below.

  8. In the Add App pane, click on the Select app package file link.

  9. In the Add package file pane, click on the  🗀  icon to open a file dialog, select the MSI package file that you downloaded earlier, and click on the OK button.

  10. In the Add App pane, in the App information step of the wizard:
    1. In the Publisher field, type the name that you want to appear in the Company Portal as the name of the publisher, for example, Portnox.

    2. Optional: If you already onboarded your devices using SCEP certificates and want to install AgentP in silent mode, in the Command-line arguments field, enter /qn UI_LAUNCH=1.

      If you don’t enter these command-line arguments, the AgentP user interface will be open during installation on the managed device, which lets the user onboard manually, if necessary.

      Note: For more information about AgentP unattended installation and onboarding, see the following topic: Onboard Windows devices with AgentP in unattended or kiosk mode.
    3. Fill in or change the values of other fields, if necessary, to customize the way that the AgentP app information is displayed in the Company Portal, and then click on the Next button.
  11. In the Assignments step of the wizard, use relevant options to assign this profile to specific groups or all users/devices, and then click on the Next button.

  12. In the Review + create step of the wizard, review all the information, and then click on the Create button.

Result: You created a Windows AgentP app profile in Intune and assigned it to devices.

Deploy on macOS

In this section, you will learn how to configure Microsoft Intune to deploy Portnox™ AgentP on managed macOS devices.

  1. Open the Download Portnox AgentP page in your browser.
  2. Scroll down to the Mac OSX tile and click on it to download the AgentP macOS package and save it on your disk.

    You will upload this package to Intune later.

  3. Open the Microsoft Intune portal in your browser: intune.microsoft.com.
  4. In the left-hand menu, select the Apps option.

  5. In the left-hand menu of the Apps pane, select the macOS option in the By platform section.

  6. In the macOS | macOS apps pane, click on the Add button.

  7. In the Select app type pane, in the App type field, select the Line-of-business app option, and click on the Select button below.

  8. In the Add App pane, click on the Select app package file link.

  9. In the Add package file pane, click on the  🗀  icon to open a file dialog, select the package file that you downloaded earlier, and click on the OK button.

  10. In the Add App pane, in the App information step of the wizard:
    1. In the Publisher field, type the name that you want to appear in the Company Portal as the name of the publisher, for example, Portnox.

    2. Fill in or change the values of other fields, if necessary, to customize the way that the AgentP app information is displayed in the Company Portal, and then click on the Next button.
  11. In the Assignments step of the wizard, use relevant options to assign this profile to specific groups or all users/devices, and then click on the Next button.

  12. In the Review + create step of the wizard, review all the information, and then click on the Create button.

Result: You created a macOS AgentP app profile in Intune and assigned it to devices.

Deploy on Android

In this section, you will learn how to configure Microsoft Intune to deploy Portnox™ AgentP on managed Android devices.

  1. Open the Microsoft Intune portal in your browser: intune.microsoft.com.
  2. In the left-hand menu, select the Apps option.

  3. In the left-hand menu of the Apps pane, select the Android option in the By platform section.

  4. In the Android | Android apps pane, click on the Add button.

  5. In the Select app type pane, in the App type field, select the Managed Google Play app option, and click on the Select button below.

  6. In the Managed Google Play pane, type Portnox in the Search field, click on the  🔍  button, and then click on the Portnox AgentP tile.

    Note: You may see a pop-up that says This site uses cookies. If so, click on the Got it link.
  7. In the Portnox AgentP pane, click on the Select button, and then click on the Sync button.

    Intune will show the Android | Android apps pane.

  8. In the Android | Android apps pane, click on the Refresh button to display the newly added Portnox AgentP entry on the list. Then, click on the Portnox AgentP entry to edit assignments.

  9. In the Portnox AgentP pane, in the menu on the left-hand side, click on the Properties option.

  10. In the Portnox AgentP | Properties pane, click on the Edit link in the Assignments section.

  11. In the Edit application pane, use relevant options to assign this app to specific groups or all users/devices, and then click on the Review + save button on the bottom of the pane.

Result: You created an Android AgentP app profile in Intune and assigned it to devices.

Deploy on iOS

In this section, you will learn how to configure Microsoft Intune to deploy Portnox™ AgentP on managed iOS devices.

  1. Open the Microsoft Intune portal in your browser: intune.microsoft.com.
  2. In the left-hand menu, select the Apps option.

  3. In the left-hand menu of the Apps pane, select the iOS/iPadOS option in the By platform section.

  4. In the iOS/iPadOS | iOS/iPadOS apps pane, click on the Add button.

  5. In the Select app type pane, in the App type field, select the iOS store app option, and click on the Select button below.

  6. In the Add App pane, click on the Search the App Store link.

  7. In the Search the App Store pane, type Portnox in the Enter search terms field, and then click on the AgentP icon and click on the Select button below.

  8. In the Add App pane, in the App information step of the wizard, fill in or change the values of other fields, if necessary, to customize the way that the AgentP app information is displayed in the app store, and then click on the Next button.
  9. In the Assignments step of the wizard, use relevant options to assign this profile to specific groups or all users/devices, and then click on the Next button.

  10. In the Review + create step of the wizard, review all the information, and then click on the Create button.

Result: You created an iOS AgentP app profile in Intune and assigned it to devices.