If you are looking for a guide for Falcon Watch’s Crowd Strike using Intune look no further. This is a Crowdstrike Intune Deployment Guide! With this quick and easy How-To guide, you will learn how to install Crowd Strike using Microsoft Intune.
-Added Update to the Crowdstrike outage that happened
How To Install Crowdstrike using Microsoft Intune
First and foremost you need Microsoft InTune for your environment, you need to go to https://endpoint.microsoft.com/ and you will need to create your app to deploy with Microsoft Intune.
You will need to make your WindowsSensor.exe an intunewin application so you can host it online.
Using this tool https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool and with this how-to guide, you can successfully turn the program WindowsSensor.exe into WIndowsSensor.intunewin.
Learn how to Prepare a Win32 App to be uploaded to Microsoft InTune
I created my own folder to create Intune Apps to deploy. The 1 folder is just a place for the file to go, I categorize them later.
After you have your new WindowsSensor.intunewin file you will be ready to upload it to Microsoft InTune.
Head over to Microsoft Endpoint and go to Apps and you will want to create a new app using Win32
Click Next and start uploading your file.
Note: Intune Storage only has about 8 gigabytes you can play around with and is not unlimited.
You will want to fill out the information as you see fit for your environment. It’s not super important what you put into them, but for management reasons. I usually at least put the Version number and simple description on what this app is doing in case I ever have to revisit it.
REALLY IMPORTANT Install and UNINSTALL COMMANDS.
Install Command
- WindowsSensor.exe /install /norestart /quiet and ProvNoWait=1 CID=XXXXXXXXXXXX
For the Customer CID, you will have to PUT your License there! DO NOT LEAVE XXXXXX obviously it will not work.
Uninstall Command
The uninstall command TECHNICALLY doesn’t really matter here cause you can’t simply uninstall Crowdstrike. You will have to do some manual things to do that, which for an endpoint is what you want.
- msiexec /x {CSAGENTID} /qn
Click next and head over to requirements.
I’ve selected X86 and X64 and the lowest Windows 10 versions available.
Click next
On to the Detection Rules.
This is not going to work perfectly by any means cause we don’t readily have the information at hand for InTune to properly detect that Crowdstrike is installed. We however can check to see if the folder is installed which intune will allows us to check.
I told it to look for
C:\Program Files\Crowdstrike
Then look for the File CSFalconService
- Skip over Dependencies, we don’t need them. We also don’t need the superseding.
Now for assignments. This is where you will be selecting your test group to make sure this is working and installing.
- IMPORTANT – This also will need to be a Cloud Based OU. It will not work with an on-premise Security Group. I had to create my own Azure Group for this to work. This is why there are 2 test groups now.
Now that you’ve got it finished, it is time to check to see if it installs! You can check your Crowdstrike Dashboard and verify by the machine name.
I hope you have luck with this guide and it helps someone out there like me that needed to do some research to get it to work!
The CrowdStrike Outage July 19 2024
The Crowdstrike outage might’ve been one of the biggest outages of all time. I wanted to put this video here talking about the outage and how it effected everyone. I don’t know if we are currently going to go away from Crowdstrike or even in Crowdstrike is going to be a company after the 7/19/2024 outage, but they didn’t make any friends only offering companies a $10 uber eats coupon.
Be wary of using CrowdStrike going forward in 2024+
CrowdStrike Intune Deployment: Conclusion
With this guide, we covered the basic steps on how to create almost any app you want and use intune to install it. You can do similar steps above on just about any application you can think of, I just so happened to have to do this process automatically to install CrowdStrike on all of our non-domain joined laptops and needed to automate a lot of the setup process.
Crowdstrike updates automatically for the most part so whenever you create this app it should last a long time in your repository!
Check out some more stuff around here and consider following below!
- ⌨️Website https://techholler.com
- ⌨️TechHoller.com YouTube Channel – YouTubeChannel
- ⌨️TheSmango YouTube Gaming Channel – GamingYTChannel
- ⌨️Twitter https://twitter.com/thesmango
- ⌨️Live Streaming – https://twitch.tv/TheSmango
- ⌨️Discord – https://discord.gg/52etAD9
- ⌨️Trading Cards and More – AppalachiaTCG