Server & Workload Protection Agent Deployment using Microsoft Intune

Procedure

1. In the Trend Vision One console, go to Endpoint Security → Endpoint Inventory.
2. Click Agent Installer.
3. Specify the Server & Workload Protection package settings.
   1. Select the Windows operating system.
   2. Specify the package type.
      • Auto detect: The installation package is light-weight, and downloads and installs additional components after detecting the operating system type (requires more network bandwidth)
      • Full package: The installation package contains all necessary components and automatically installs the correct components after detecting the operating system version
   3. Select the Server & Workload Protection Manager that the newly-deployed agents report to.
   4. Click the Download installer icon ().
4. On your local machine, unzip the agent installer package to a folder that is easy to find.
5. Locate where you have downloaded and unzipped the Microsoft Win32 Content Prep Tool.
6. Run IntuneWinAppUtil.exe and specify the information when prompted.

   Prompt	Setting
   Source folder	Specify the directory where the agent installer is located The following example uses D:\TMStandardAgent_Windows_x86_64_Windows
   Setup file	Type the full file path with EndpointBasecamp.exe
   Output folder	Specify the destination for the created package The following example uses the same location as the unzipped agent installer package.
   Specify catalog folder	Type N

   

   The tool creates a deployment package named EndpointBasecamp.intunewin.
7. In Microsoft Intune, go to Apps → All apps and click Add.
   The Select app type window appears.
8. Select Windows app (Win32).
   The Add App window appears.
9. On the App information tab, click Select app package file.
10. In the App package file screen, click the folder icon to locate the EndpointBasecamp.intunewin package.
11. Click OK.
12. Specify a unique Name for the app.
    Trend Micro recommends using a name which includes the agent information, such as Trend Vision One Server & Workload Agent.
13. Specify a Description to easily identify the purpose of the app.
14. For Publisher, type Trend Micro.
15. Click Next.
16. Configure the Program tab and click Next.
    • Install command: Type EndpointBasecamp.exe
    • Uninstall command: Type EndpointBasecamp.exe /qn
17. Configure the Requirements tab and click Next.
    • Operating system architecture: Select 64-bit.
    • Minimum operating system: Refer to the Endpoint Agent System Requirements for your agent and security environment needs.
18. Configure the Detection rules tab.
19. For Rules format, select Manually configure detection rules.
20. Click Add to add new detection rules.

    Rule Type	Settings
    Registry	Key path: Type HKLM\SOFTWARE\TrendMicro\Deep Security Agent Value name: Type InstalledVersion Detection method: Select Value exists. Associated with a 32-bit ap on 64-bit clients: Select No.
    File	Path: Type %ProgramFiles%\Trend Micro\Cloud Endpoint File or folder: Type CloudEndpointService.exe Detection method: Select File or folder exists. Associated with a 32-bit app on 64-bit clients: Select No.
    File	Path: Type %ProgramFiles(x86)%\Trend Micro\Endpoint Basecamp File or folder: Type EndpointBasecamp.exe Detection method: Select File or folder exists. Associated with a 32-bit app on 64-bit clients: Select No.

21. Click Next, then click Next again to go to the Scope tags tab.
22. Click Select scope tags to assign a scope tag for the agent installer.
23. Click Next to go to the Assignments tab.
24. Add the groups or users you wish to deploy the agent installer to, then click Next.
25. Review the settings and then click Create.