LogoLogo
  • Introducing dope.swg
    • Changing the Rules...
    • Quick Start Guide
      • Create a dope.swg Account
      • Get Started with the dope.endpoint
      • Import User and Group Data
      • Create a dope.swg Web Policy
    • Mitre ATT&CK and Nist CSF
  • dope.console
    • Analytics
      • Overview dashboard
      • Policy View
      • Productivity
      • Shadow IT
      • Detail View
    • dope.swg Policy
      • Editing the Base Policy
      • Adding Policy Exceptions
      • Assigning a Block Page
      • Creating Custom Categories
      • URL Bypass List
      • Application Bypass List
      • Default Bypass List
      • Cloud Application Control (CAC)
        • Microsoft O365
        • Google
        • Box
        • Salesforce
        • Dropbox
        • Slack
        • WebEx
      • Custom Policy
      • Policy Assignment
      • Policy Inheritance and Customization
    • CASB Neural
      • Microsoft 365 - Authentication
      • Google - Authentication
      • CASB DLP
        • DLP Files Table
    • Endpoint Manager View
      • Searching the View
      • Filtering and Sorting the Endpoint View
      • Endpoint Count
      • Running Diagnostics
      • Disable Endpoint
    • Settings
      • General
      • Block Pages
      • Endpoints
      • Users
        • Importing from Google
        • Why not SAML & SCIM?
      • Audit Log
      • SIEM Integration
        • Category & Verdict Mappings
      • API Client Credentials
      • Billing Details
    • Notifications
      • SSL Errors
  • dope.endpoint
    • Trusted Process Names
    • Generate Diagnostics
    • Disable Endpoint
    • Installing using MDM on Mac
      • Using JAMF
      • Using Kandji
      • Using Intune
    • Installing using Intune on Win
    • Mac Installer
      • Installation Process - Silent
      • Uninstall
      • Endpoint Authentication
    • Windows Installer
      • Installation Process - Silent
      • Uninstall
      • Endpoint Authentication
    • dope.endpoint UI
      • Windows UI
      • macOS UI
    • Automatic Updates
  • Release Notes
  • DOPE.APIs
    • Public API Specification
Powered by GitBook
On this page
  • 1. Prepare IntuneWin File
  • 2. Intune Deployment
  • 3. Autopilot Provisioning
  1. dope.endpoint

Installing using Intune on Win

PreviousUsing IntuneNextMac Installer

Last updated 9 days ago

Use Intune to mass-deploy to all corporate devices. There are two primary steps, and one optional:

  1. IntuneWin File Prep: A Microsoft binary that prepares the zip for deployment

  2. Intune Deployment: The series of steps to deploy the installer

  3. Autopilot Provisioning (Optional): Automated installation of applications when a new laptop is Entra joined

If missing, the installer automatically installs the Visual C++ redistributable (dependency). This causes a VC++ download prior to the dope.endpoint installation. Very rarely, this can cause install failures during managed deployments (bad network etc). To avoid, stage an Intune install of VC++ first

1. Prepare IntuneWin File

Intune requires a Win32 "preparation" process before uploading to the Intune console. You'll perform this step first.

Microsoft docs are located here.

Download IntuneWinAppUtil, and use it to prepare the .intunewin package with this PowerShell command modified for version:

IntuneWinAppUtil -c .\dope_security_windows_1.0.x -s .\dope_security_windows_1.0.x\dope_security_x.exe -o .\ -q

Ensure that you use PowerShell for the above one-line command to work. If you just double-click the IntuneWinAppUtil executable, you will have to manually input the locations.

2. Intune Deployment

The application deployment process is standard and similar to any other application

Microsoft docs are located here.

Here are a few hints for setting it up:

  1. Install command should be dope_security_<build number>.exe -silent

  2. Uninstall command: dope_security_<build number>.exe -silent -uninstall AT_PASSWORD=<password>

  3. Detection rule: C:\Program Files\ Folder: dope.security and use the File or Folder Existsdropdown

  4. Assignment: Required

3. Autopilot Provisioning

When a new device is entra joined for the first time, it will run through the checklist of apps to install prior to allowing a user access to the system. Sometimes, the Intune configured application can automatically be a part of the Blocking Apps inside of Autopilot which will naturally cause a conflict.

Ensure that you have removed dope.security from "blocking apps" in Autopilot, and instead, keep it as a required app. Blocked apps will prevent the enrollment process from successfully completing.

If you have this setup correctly, there will not be any issue during initial Entra-device joining.