Microsoft Intune Integration with WatchGuard Agent
Microsoft Intune is a cloud-based endpoint management tool that organizations can use to manage users and devices. The Intune Company Portal app enables members of an organization to download and install organization-approved apps.
This document describes how to configure Microsoft Intune to make the WatchGuard Agent available to devices in your organization through Company Portal. Once you install the WatchGuard Agent on a device, you can use it to install WatchGuard endpoint security software on the device, according to the settings you select.
Contents
Integration Summary
The hardware and software used in this guide include:
- Microsoft Intune
- WatchGuard Agent v2.20.01
Before You Begin
Before you begin these procedures, make sure that you:
- Download the WatchGuard Agent installer. For more information, go to Download the WatchGuard Agent Installer.
- Have a global administrator or user management administrator account to log in to Microsoft Intune.
- Create a user in Microsoft Intune or synchronize an on-premises Active Directory user to Microsoft Entra ID and assign the user an Intune Plan 1 license.
- Download the Microsoft Win32 Content Prep Tool from GitHub as a .ZIP file and extract the contents to your computer.
- Enroll your Windows devices in Microsoft Intune.
Configure Microsoft Intune
To configure Microsoft Intune, you must:
Create an .intunewin File
To add the WatchGuard Agent as an app in Microsoft Intune, you must first use the Microsoft Win32 Content Prep Tool to convert the WatchGuard Agent installer to the .intunewin format.
To create an .intunewin file:
- On your computer, create a new folder and copy the WatchGuard Agent installer to the folder. In our example, we name the folder WatchGuard Agent.
- Create a new folder for the output. This is the folder where the .intunewin file is created when the process completes. In our example, we name the folder WatchGuard Agent Output.
- From a Command Prompt window, go to the folder you extracted the contents of the Microsoft Win32 Content Prep Tool .ZIP file to.
- Run the IntuneWinAppUtil.exe file with no parameters.
- Type the path of the source folder you created in Step 1. In our example, we type:
C:\Users\<username>\Documents\WatchGuard Agent - Press Enter.
- Type the file name of the WatchGuard Agent installer. In our example, we type:
WatchGuard Agent.msi - Press Enter.
- Type the path of the output folder you created in Step 2. In our example, we type:
C:\Users\<username>\Documents\WatchGuard Agent Output - Press Enter.
- Type N.
- Press Enter.
The .intunewin file is created in the output folder.
Add a Group in Microsoft Intune
When you add the WatchGuard Agent as an app in Microsoft Intune in the next section, you can assign the app to user groups. Create a group of users that you want to assign the WatchGuard Agent to.
To add a group in Microsoft Intune:
- Log in to Microsoft Intune as an administrator.
- Select Groups > All Groups > New Group.
The New Group page opens. - In the Group Name text box, type a group name.
- Click No Members Selected.
- Select the users you want to assign the WatchGuard Agent to, then click Select.
- Keep the default values for all other settings.
- Click Create.
The group is created in Microsoft Intune.
Add the App in Microsoft Intune
When you add an app to Intune, you define the details shown for the app in Company Portal and configure settings such as device requirements, detection rules, and user assignments.
To add the WatchGuard Agent app in Microsoft Intune:
- Log in to Microsoft Intune as an administrator.
- Select Apps > All Apps > Add.
The Select App Type page opens. - From the App Type drop-down list, select Windows App (Win32).
- Click Select.
The Add App page opens. - Click Select App Package File.
The App Package File page opens. - From the App Package File drop-down list, select the .intunewin file you created in Create an .intunewin File.
- Click OK.
The Add App page opens with additional tabs. - On the App Information page, in the Publisher text box, type a name. In our example, we type WatchGuard Agent.
- Click Next.
The Program page opens. - Keep the default values for all settings on the Program page.
- Click Next.
The Requirements page opens. - From the Operating System Architecture drop-down list, select one or more operating system architectures, depending on the devices used at your organization. In our example, we select 64-bit.
- From the Minimum Operating System drop-down list, select the minimum operating system used at your organization. In our example, we select Windows 10 1607.
- Click Next.
The Detection Rules page opens. - From the Rules Format drop-down list, select Manually Configure Detection Rules.
- Click Add.
The Detection Rule page opens. - From the Rule Type drop-down list, select File.
- In the Path text box, type:
C:\Program Files (x86)\Panda Security\Panda Aether Agent - In the File or Folder text box, type:
AgentSvc.exe - From the Detection Method drop-down list, select File or Folder Exists.
- Click OK.
- To open the Assignments page, click Next three times.
- On the Assignments page, select an assignment type. In our example, we select Add Group from the Available For Enrolled Devices section.
- Select the group you created in Add a Group in Microsoft Intune, then click Select.
- Click Next.
- Click Create.
The Intune package uploads.
Test the Integration
To test the integration:
- On your Windows device, install the Company Portal from the Microsoft Store.
- Open the Company Portal and log in with the Microsoft Entra ID user.
- Select the published app, then click Install.
Wait a few moments. After the installation completes, the computer might restart. - In WatchGuard Cloud, verify that the computer you installed the agent on shows as an endpoint that you can manage. For more information, go to Manage Computers and Devices.