How to install Endpoint Central Agents on Microsoft Azure?

Endpoint Central can be used to manage machines that come under the Azure AD. To manage such machines, installing the agent is necessary. This document explains how this can be done.

The agent installation in an Azure AD environment can be done in two ways:

  • Microsoft Intune Service with storage account

  • Microsoft Intune Service without storage account

  • Azure Automation Service

  • For Silent Installation

Prerequisites:

  • Microsoft Storage Account
  • Microsoft Intune Subscription

Steps:

To install the agents using the Intune service, follow the steps given below.

Create a Storage Account:

  1. In the Azure portal, select All services.
  2. In the available list, Select Storage Accounts and click on the Add option.
  3. Select the Subscription to create the storage account.
  4. Under the Resource group field, select Create New (If you already have resource group, then choose it from the existing resource group drop down menu). Enter a name for the new resource group, as shown in the following image.
     
Endpoint Central: Creating Azure Storage Account

  1. Select a location for your storage account, or use the default location.
  2. Leave the following fields set to their default values:
     
Field Value
Deployment Model Resource Manager
Performance Standard
Account Kind StorageV2 (general-purpose v2)
Replication Read-access Geo-redundant storage (RA-GRS
Access Tier Hot

  1. Select Review + Create to review your storage account settings and create the account.

Create a Blob and Upload Agent Files:

  1. Go to the storage account created.
  2. Under the Blob Services, click on Blob
  3. Now click the Container button.
  4. Provide Name and the public access level as "Blob".
  5. Then click the OK button to add the blob.
  6. Now, open the Blob created and click on the Upload button to upload the UEMSAgent.msi UEMSAgent.mst and DCAgentServerInfo.json.
  7. Navigate to the file location and select UEMSAgent.msi, UEMSAgent.mst and DCAgentServerInfo.json files which need to be uploaded.
  8. Click on Advanced Drop Down List and select the Authentication type as "Account key", select Blob type as "Block blob" and Blob size as required.
  9. Now, click Upload button to have the files uploaded.

Modify Script:

  1. Go to Storage account->Blob->container (which contains uploaded UEMSAgent.msi and UEMSAgent.mst files).
  2. Copy the URLs of the the above said two files.
  3. Then, copy and paste the given text file in a text editor and save it as AgentInstall.ps1.

If you are using Endpoint Central below 11.2.2309.01

  1. Navigate to the text: "<DesktopCentral_Agent_Msi_URL>" , "<DesktopCentral_Agent_Mst_URL>" and "<DCAgentServerInfo_JSON_URL>" in the same file and replace it with the URL of uploaded UEMSAgent.msi, UEMSAgent.mst and DCAgentServerInfo.json files.

If you are using Endpoint Central 11.2.2309.01 and above

  1. Navigate to the text: "<UEMS_Agent_Msi_URL>" , "<UEMS_Agent_Mst_URL>" and "<DCAgentServerInfo_JSON_URL>" in the same file and replace it with the URL of uploaded UEMSAgent.msi, UEMSAgent.mst and DCAgentServerInfo.json files.

Initiating Installation Via Intune:

  1. Navigate to Microsoft Intune-->Device Configuration-->Powershell scripts and then click on the Add button.
  2. Then, provide a Name and click on the Next button.
  3. In the Script Settings navigate to the AgentInstall.ps1 file location and click on the Open button.
  4. In Assignments, assign the script to all devices or all users or desired groups, depending on the machines that need installation.
  5. Then, click on the Next button and review the task.
  6. Click the Add button to execute the script.

You have now successfully installed the agent on devices in Microsoft Azure AD environment using Intune service.

Steps

The first step involves downloading an agent from Endpoint Central. To download an agent, follow the steps given below:

  1. In the Endpoint Central web console, navigate to Agent ---> Computers---> Download Agent
  2. Rename the downloaded agent as agent.exe
  3. Create a new folder and paste agent.exe in it. [Note: The folder should only contain this exe file]
  4. Use the above directory path for <output_directory> and <directory_of_agent_exe> in the following steps.

After the agent is downloaded, navigate to Intune and follow the steps given below:

Download the zip from the Git page link

Click here to download
  • Extract IntuneWinAppUtil.exe from the downloaded zip folder and double-click the executable to provide the following input:
  • Source folder: < directory_of_agent_exe>
  • Setup file: Agent.exe
  • Output folder: < output_directory >
  • Do you want to specify catalog folder (Y/N)?: N
  • agent.intunewin will be created in the specified output folder mentioned above.
  • Use the agent.intunewin app package for deployment in Intune.

To configure the app:

  1. Login to EndPoint Manager Admin Center
  2. Click on Apps -> All Apps -> Add
  3. Select App Type to Windows app (Win32)

  • Select package file and browse to install.intunewin

  • Enter Name of the application and Publisher information and click Next.

  • Provide the install and uninstall command in the program tab
    1. Install Command: Agent.exe /silent
    2. Uninstall Command: msiexec.exe /x{6AD2231F-FF48-4D59-AC26-405AFAE23DB7}

  • Detection Rule - manually configure detection rule:
  • Rule type: MSI
  • MSI product code: {6AD2231F-FF48-4D59-AC26-405AFAE23DB7}
  • MSI product version check: No
  • agent-detection
  • Rule Type: Registry
  • Key Path: HKEY_LOCAL_MACHINE\SOFTWARE\AdventNet\DesktopCentral\DCAgent
  • Value name: DCAgentVersion.
  • Associated with a 32-bit app on 64-bit clients: YES.

  • Assign the application to your pilot users or all the users as per your requirement.

Prerequisites:

  • An Azure subscription
  • An Automation account to hold the runbook and authenticate to Azure resources
  • A storage account to hold the agent binaries and script

Download The Agent Installation Files

  • Open the Server web console.
  • Navigate to the Agent tab
  • Open Computers and download agent of respective remote office.

Storage Account Creation

  1. Login to the Azure portal
  2. select the Storage Account
  3. Click new and Create a new storage account
  4. Select the Target Subscription and Resource group
  5. Enter the name of the storage account. Storage account name: "ecagentbinary"

Note: Use the same name as mentioned above. If a different name is provided then it should be updated in the automation runbook script.

You can modify the default values as per your requirements

  1. Once done, click create and wait for the deployment to get completed
  2. After the deployment is successfully completed, Click on Go to resource option
  3. Select Overview and click Upload

  1. Add the following files: (LocalOffice_Agent.exe)
  2. Provide the container name as "scriptcontainer"

Note: Use the same name as mentioned above. If a different name is provided then it should be updated in the automation runbook script.

  1. Once the Upload is successfully completed, open the container tab in data storage and open the "scriptcontainer"

  1. Right click on LocalOffice_Agent.exe file and select the Generate SAS option

  1. Set the expiration date for the link and allowed protocol. Once done click Generate SAS token and URL

  1. Copy the "Blob SAS URL"
  2. Download the attached script and open in a text editor:
  3. Replace the "LocalOffice_Agent.exe Agent_MSI_URL"" with " Blob SAS URL "
  4. Save the file with name as InstallAgentAzure.ps1
  5. Upload the InstallAgentAzure.ps1 to the same "scriptcontainer"
  6. Finally the container should consist of the following files given below:

    LocalOffice_Agent.exe and InstallAgentAzure.ps1

Azure Automation Account Creation

  1. Login to the Azure portal
  2. Select the Automation account
  3. Click New and Create a new Automation account
  4. Select the Target subscription and Resource group
  5. Enter the name of the Automation account. Automation account name: "agentinstallation"
  6. Select System Managed Identity
  7. Once completed, review and create the account

  1. After the deployment is successfully completed, click go to resource
  2. Search for identity and click "System Managed Identity"

  1. Toggle the status to ON
  2. Click "Azure role assignments" and assign the following two roles with "add role assignment" option.
  3. Choose Scope: Resource group
  4. Select Subscription: Target subscription
  5. Choose Role: Virtual Machine Contributor

Your first role is successfully added

Enter the following details to add the second role

  1. Choose Scope: Storage
  2. Choose Subscription: Target subscription
  3. Select Resource: ecagentbinary
  4. Choose Role: Storage Blob Data Contributor
  5. Wait for few minutes to check whether the roles are assigned

  1. Once the status has been updated, go to the automation account and select the runbook option and create new runbook.
  2. Click overview->edit and open the editor
  3. Download the script below and copy the link paste it into the editor

Download script

  1. Save and publish the runbook
  2. Wait for the deployment and click start once it is available
  3. Open the Jobs tab once started and monitor the status of deployment from the output Tab.
  4. Execution status of agent installation scripts in VMs.
  5. Incase of any error in script execution, Make sure the below two module were imported in the module tab of the automation account.

Run time version 5.1

  1. az.accounts

  1. az. compute

Steps:

For versions below 10.1.2124.1, steps are as follows:

The following steps will help you create a single the agent insta ller for silent installation :-

  • Download the ZIP file
  • Extract the selfextractor.zip files to a folder.
  • Download the agent installer files from Endpoint Central-->Admin-->Scope of Management-->Get the UEMSAgent.msi and UEMSAgent.mst files.
  • Copy paste the UEMSAgent.msi and UEMSAgent.mst file into the Selfextractor folder that you extracted.
  • Run "Execreation.bat" from the extracted location and it will generate a file "DCAgentInstaller.exe"
  • Now you can use the "DCAgentInstaller.exe"

This DCAgentinstaller.exe can be used in SCCM, Intune or in any other deployment tools. This will help you install the agent silently.

For versions 10.1.2124.1 and above, steps are as follows:

  1. From the product server web console, navigate to Agent --> Computers --> Download Agent.
  2. Silent Install Command : "<filename>.exe" /Silent, for example, "LocalOffice_Agent.exe" /Silent

This downloaded EXE can be used in SCCM, Intune or in any other deployment tools with the command mentioned above. This will help you install the agent silently.