No, really, don't add the Intune client software to your Windows 7 reference image, install at deployment time instead via the task sequence.
Still here? I said, don't add the Intune client software to your Windows 7 reference image, install at deployment time instead via the task sequence.
Oh, you're not using MDT to deploy your Windows 7 image?
Oh, you don't have Internet access during deployment, and want to use a fancy schedule feature to automatically install the agent and register in the cloud?
Well, in that case, then this post is for you 🙂
Background info
If you are using Microsoft Intune to manage your Windows 7 machines, you need to install the Intune client software on them. In this post you learn how to add the Intune client software to your Microsoft Deployment Toolkit (MDT) Lite Touch reference image build process. Typically you should just install the Intune Client Software at deployment time, but there are scenarios where including the agent can be useful. For example when the machine does not have Internet access at deployment time, so the Intune agent cannot register.
Note: These steps also works for Windows 10 images, but for Windows 10 machines you most likely want to skip using the Intune client software, and instead use its native mobile device management (MDM). See this post for more info: https://deploymentresearch.com/610/Managing-Windows-PCs-using-Microsoft-Intune-With-or-without-the-Intune-Client-Software
Creds: Extra thanks goes to David Overton @davidoverton for an early write-up about the command-lines needed.
Sysprepping an image with the Intune Client Software
When preparing an image with the Intune Client Software, you should make sure that the Intune Client Software binaries are copied locally to the client. The reason is that when you prepare an image with the Intune Client Software you add the /PrepareEnroll switch, that creates a scheduled task that runs automatically every hour, and the scheduled task needs to find those binaries when it's run after deploying the image to a new machine. You also need to create a registry key to specify the Intune client installation is pending registration in the cloud.
The scheduled task that is created by the setup makes sure that once the new Windows 7 machine get access to the Internet, the registration with Microsoft Intune completes. As a final action the registry key and task is deleted.
Creating the Install – Microsoft Intune Client PrepareEnroll application
To simplify the setup, I put together a PowerShell script that does all the needed configuration.
1. Download the Microsoft Intune Client Software (Microsoft_Intune_Setup.exe and MicrosoftIntune.accountcert), and copy to a folder. For example E:AppsIntune.
2. Download the PrepMicrosoftIntune.ps1 PowerShell script from our Script Repository on GitHub and copy the same folder as the Intune Client Software.
Microsoft Intune Client Software binaries and the script added to the E:AppsIntune folder.
3. Create a new application in MDT using the following settings:
- Application Type: Application with source files
- Name: Install – Microsoft Intune Client PrepareEnroll
- Source Directory: E:AppsIntune
- Destination: Install – Microsoft Intune Client PrepareEnroll
- Command line: PowerShell.exe -ExecutionPolicy Bypass -File PrepMicrosoftIntune.ps1
