Skip to main content

How to deploy Endpoint Protection using Microsoft Intune

This guide will take you step-by-step through the process of deploying Endpoint Protection to your end-users' devices using Intune.

Alan Butcher avatar
Written by Alan Butcher
Updated this week

Preparing the application

  1. Please see this Microsoft documentation, which explains the process and has a link to the GitHub page to download the Win32 Content Prep Tool - https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-prepare

  2. Download the prep tool and save it somewhere easily accessible, as you’ll need this later.

  3. You will now need the Defense.com Endpoint Security installer for your preferred operating system (Windows kit 64 bit) is used in this example. Please reach out to us requesting this via a support ticket. We'll then reply to the ticket with the requested installer.

  4. Now you have the installer, you see a zip folder called ‘epskit_x64_7.8.2.254’ or similar, depending on the current version available.

  5. Extract the contents of this folder, right-click and Extract all, use the default folder location or choose a preferred destination.

Once fully extracted, find and run the Content prep tool as an administrator account. Then use the commands below to package your installer for Intune, correcting the commands with the file names and folder locations appropriate for your environment.

Please specify the source folder: C:\Users\Username\Downloads\epskit_x64_7.8.2.254

Please specify the setup file: epskit_x64.exe

Please specify the output folder: C:\Users\Username\Downloads\epskit_x64_7.8.2.254

Do you want to specify catalog folder (Y/N)? N

This will create an Intunewin file of the installer in the location you specified.

Configuring an app in Intune

  1. Now, log in to the Microsoft Admin Centre with your administrator account.

  2. Open the Endpoint Manager (Intune admin centre)

  3. Click the Apps tab.

  4. Then, either click the Windows platform tab or All apps.

  5. Next, click the + Add button.

  6. Select your ‘App type’, which in this case will be Windows app (Win32) under the Other category near the bottom of the list.

  7. Then click Select to move on to the next step.

  8. Click Select app package file, then click the folder button to browse and find the intunewin file that you created earlier.

  9. Click OK, and complete the fields required for the app information.

  10. On the program page, you’ll need the install and uninstall commands for the program. Please use the below, replacing the application name with the name of your file. Leave all other settings as the default.

Install command: “application name” /s

Uninstall command: uninstall “application name” /s

Configuring the requirements

  1. Select 64-bit and the latest Windows version for OS architecture and minimum OS version is required.

  2. Next, configure the detection rules to look for the presence of a folder called EndpointProtection in the default installation path C:\Program Files\Defense.com.

  3. Dependencies can be configured, but aren't required.

  4. Superdense can be used to remove other apps before installing another app, this isn't required, however, you may wish to use this to remove any other security software in place before deploying Endpoint Protection.

  5. Scope tags are optional; add any if you require them, if not, then leave as the default.

  6. Assignments are where you choose which groups have this application available or removed.

    1. Required means the app is automatically installed on Intune enrolled devices in the applicable groups.

    2. Available for enrolled devices makes the application available in the Company Portal app for Intune enrolled devices in the applicable groups.

    3. Uninstall removes the application from Intune-enrolled devices in the applicable groups.

  7. Finally, check that you're happy with the settings you've configured and click Create. You will then be taken back to the apps list, and your intunewin file will be uploaded to Intune.

And that's it! You've successfully deployed Endpoint Protection via Intune. 🎉

Did this answer your question?