Onboard devices with AgentP using Microsoft Intune

In this topic, you will learn how to deploy Portnox™ AgentP on managed devices by using Intune.

You can deploy AgentP on managed devices using Intune on all platforms supported by Intune: Windows, macOS, iOS/iPadOS, and Android. However, unattended/automatic enrollment is possible only in some cases:

  • If you use Windows with Entra ID or Active Directory, you can automatically enroll AgentP via Intune. This enrollment can use either the identity of the current user logged in to Entra ID or Active Directory on the Windows machine, or the identity of the machine itself. This works because, in these cases, AgentP already receives verified identity information from the operating system, so the user does not need to confirm their identity manually.

  • In all other cases, such as on other platforms (macOS, iOS, Android) or when Entra ID or Active Directory is not used on Windows devices, you have two options:
    1. The user can manually onboard in AgentP. Then, AgentP will be able to fully manage the networks as well as provide risk assessment.
    2. You can use Intune to first distribute platform-specific SCEP+Wi-Fi/wired profiles to connect to the managed network, and then distribute AgentP. However, in this case, AgentP will not be managing the network connections, and can only be used for risk assessment purposes.
Note:
If you want AgentP to automatically configure the wired interface, make sure to turn on the following option: Settings > Services > GENERAL SETTINGS > Set AgentP configurations > Configure wired network interface automatically (Windows devices only). For more information about AgentP options, see the following topic: Configure AgentP options.

Deploy on Windows

In this section, you will learn how to configure Microsoft Intune to deploy Portnox™ AgentP on managed Windows devices.

Note:
If you already installed AgentP, make sure to uninstall it and delete all related configuration and profiles before you start managing AgentP deployment and enrollment with Intune.
  1. Open the Download Portnox AgentP page in your browser.
  2. Scroll down to Windows files and click on the tile that best represents your Windows version to download the AgentP MSI package and save it on your disk.

    You will upload this package to Intune later.

  3. Open the Microsoft Intune portal in your browser: intune.microsoft.com.
  4. In the left-hand menu, select the Apps option.

  5. In the left-hand menu of the Apps pane, select the Windows option in the By platform section.

  6. In the Windows | Windows apps pane, click on the Create button.

  7. In the Select app type pane, in the App type field, select the Line-of-business app option, and click on the Select button below.

  8. In the Add App pane, click on the Select app package file link.

  9. In the Add package file pane, click on the  🗀  icon to open a file dialog, select the MSI package file that you downloaded earlier, and click on the OK button.

  10. In the Add App pane, in the App information step of the wizard:
    1. In the Publisher field, type the name that you want to appear in the Company Portal as the name of the publisher, for example, Portnox.

    2. Optional: If you use Entra ID or Active Directory, and you want to automatically enroll AgentP after installing it, in the Command-line arguments field, enter UI_LAUNCH=1.

      If you don’t enter these command-line arguments, the AgentP user interface will open during installation on the managed device, which lets the user onboard manually.

      Note:
      For more information about AgentP unattended installation and onboarding options, see the following topic: Onboard Windows devices with AgentP in unattended or kiosk mode.
    3. Fill in or change the values of other fields, if necessary, to customize the way that the AgentP app information is displayed in the Company Portal, and then click on the Next button.
  11. In the Assignments step of the wizard, use relevant options to assign this profile to specific groups or all users/devices, and then click on the Next button.

  12. In the Review + create step of the wizard, review all the information, and then click on the Create button.
  13. Optional: If needed, add registry key values for AgentP.

    To configure how AgentP works, you can add registry key values to the machine before installing AgentP. You can distribute such registry key values using Intune, too. To learn about the available values and their significance, see the following topic: AgentP configuration/installation options.

    1. For each registry value that you want to add, prepare a PowerShell script to add the value.

      Open a text editor such as Notepad and create a new text file with the following content. Replace value_name with the name of the value and value_data with the value.

      New-Item -Path "HKLM:\SOFTWARE\WOW6432Node\Portnox AgentP" -Force | Out-Null; `
Set-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Portnox AgentP" -Name `
"value_name" -Value "value_data"

      Then, save the file as a .ps1 script.

      Note:
      You can add all registry values in a single script but we recommend one script per registry value. This will let you apply different values to different devices, if needed.
    2. In Intune, go to the following pane: Devices > Windows > Scripts and remediations. Then, click on the Platform scripts tab, and then click on the +Add button to add a new script.

    3. Follow the wizard steps to add the script. You can choose any name you like for the script configuration. Then, browse for the .ps1 file that you saved and assign the script to users/devices as needed.

Result: You created a Windows AgentP app profile in Intune and assigned it to devices.

Deploy on macOS

In this section, you will learn how to configure Microsoft Intune to deploy Portnox™ AgentP on managed macOS devices.

Important:
If you deploy AgentP on managed macOS devices, each user will have to onboard manually, and then AgentP will manage user certificates. If you prefer to onboard users automatically, you must manage certificates using SCEP and use AgentP for profiling only. To learn how to set this up, see the following topic: Onboard macOS devices with AgentP using Intune and SCEP.
  1. Open the Download Portnox AgentP page in your browser.
  2. Scroll down to the Mac OSX tile and click on it to download the AgentP macOS package and save it on your disk.

    You will upload this package to Intune later.

  3. Open the Microsoft Intune portal in your browser: intune.microsoft.com.
  4. In the left-hand menu, select the Apps option.

  5. In the left-hand menu of the Apps pane, select the macOS option in the By platform section.

  6. In the macOS | macOS apps pane, click on the Create button.

  7. In the Select app type pane, in the App type field, select the macOS app (PKG) option, and click on the Select button below.

    Important:
    Microsoft still supports the Line-of-business app option for macOS but they recommend using the newer PKG option instead.
  8. In the Add App pane, click on the Select app package file link.

  9. In the Add package file pane, click on the  🗀  icon to open a file dialog, select the package file that you downloaded earlier, and click on the OK button.

  10. In the Add App pane, in the App information step of the wizard:
    1. In the Publisher field, type the name that you want to appear in the Company Portal as the name of the publisher, for example, Portnox.

    2. Fill in or change the values of other fields, if necessary, to customize the way that the AgentP app information is displayed in the Company Portal, and then click on the Next button.
  11. In the Program, Requirements, and Detection rules steps of the wizard, leave default values or modify them according to your environment.
  12. In the Assignments step of the wizard, use relevant options to assign this profile to specific groups or all users/devices, and then click on the Next button.

  13. In the Review + create step of the wizard, review all the information, and then click on the Create button.

Result: You created a macOS AgentP app profile in Intune and assigned it to devices.

Deploy on Android

In this section, you will learn how to configure Microsoft Intune to deploy Portnox™ AgentP on managed Android devices.

  1. Open the Microsoft Intune portal in your browser: intune.microsoft.com.
  2. In the left-hand menu, select the Apps option.

  3. In the left-hand menu of the Apps pane, select the Android option in the By platform section.

  4. In the Android | Android apps pane, click on the Create button.

  5. In the Select app type pane, in the App type field, select the Managed Google Play app option, and click on the Select button below.

  6. In the Managed Google Play pane, type Portnox in the Search field, click on the  🔍  button, and then click on the Portnox AgentP tile.

    Note:
    You may see a pop-up that says This site uses cookies. If so, click on the Got it link.
  7. In the Portnox AgentP pane, click on the Select button, and then click on the Sync button.

    Intune will show the Android | Android apps pane.

  8. In the Android | Android apps pane, click on the Refresh button to display the newly added Portnox AgentP entry on the list. Then, click on the Portnox AgentP entry to edit assignments.

  9. In the Portnox AgentP pane, in the menu on the left-hand side, click on the Properties option.

  10. In the Portnox AgentP | Properties pane, click on the Edit link in the Assignments section.

  11. In the Edit application pane, use relevant options to assign this app to specific groups or all users/devices, and then click on the Review + save button on the bottom of the pane.

Result: You created an Android AgentP app profile in Intune and assigned it to devices.

Deploy on iOS

In this section, you will learn how to configure Microsoft Intune to deploy Portnox™ AgentP on managed iOS devices.

  1. Open the Microsoft Intune portal in your browser: intune.microsoft.com.
  2. In the left-hand menu, select the Apps option.

  3. In the left-hand menu of the Apps pane, select the iOS/iPadOS option in the By platform section.

  4. In the iOS/iPadOS | iOS/iPadOS apps pane, click on the Create button.

  5. In the Select app type pane, in the App type field, select the iOS store app option, and click on the Select button below.

  6. In the Add App pane, click on the Search the App Store link.

  7. In the Search the App Store pane, type Portnox in the Enter search terms field, and then click on the AgentP icon and click on the Select button below.

  8. In the Add App pane, in the App information step of the wizard, fill in or change the values of other fields, if necessary, to customize the way that the AgentP app information is displayed in the app store, and then click on the Next button.
  9. In the Assignments step of the wizard, use relevant options to assign this profile to specific groups or all users/devices, and then click on the Next button.

  10. In the Review + create step of the wizard, review all the information, and then click on the Create button.

Result: You created an iOS AgentP app profile in Intune and assigned it to devices.