{"id":4628,"date":"2023-02-13T09:48:10","date_gmt":"2023-02-13T17:48:10","guid":{"rendered":"https:\/\/SUMMALAI.COM\/?p=4628"},"modified":"2023-02-13T09:48:12","modified_gmt":"2023-02-13T17:48:12","slug":"how-to-deploy-crowdstrike-falcon-sensor-via-intune","status":"publish","type":"post","link":"https:\/\/SUMMALAI.COM\/?p=4628","title":{"rendered":"How to Deploy CrowdStrike Falcon Sensor Via Intune"},"content":{"rendered":"\n<p>CrowdStrike is a cloud-based next-generation antivirus, EDR (endpoint detection and response) solution. You can deploy CrowdStrike in your infrastructure via a single lightweight agent. This post will discuss how we can install CrowdStrike falcon agent \/ Sensor using Intune on Azure Ad joined devices.<\/p>\n\n\n\n<p>Login to CrowdStrike Portal and download the agent. You can use find step-by-step instructions in the below article.<br><a href=\"https:\/\/www.crowdstrike.com\/blog\/tech-center\/install-falcon-sensor\/\">https:\/\/www.crowdstrike.com\/blog\/tech-center\/install-falcon-sensor\/<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Prepare Intunewin Win32 App<\/strong>&nbsp;<strong>Format<\/strong><\/h2>\n\n\n\n<p>Before adding a Win32 app to Microsoft Intune, you must&nbsp;<strong>prepare the app using the Microsoft Win32 Content Prep Tool.<\/strong>&nbsp;You use the Microsoft Win32 Content Prep Tool to pre-process Windows classic (Win32) apps.<\/p>\n\n\n\n<p>Let\u2019s first identify the command line to perform the silent installation or uninstallation of Windows CrowdStrike Sensor.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Installation Command<\/strong>&nbsp;\u2013 The&nbsp;<strong>CCID<\/strong>&nbsp;(CrowdStrike Customer ID) is required on the command line, CID can be found on the sensor download page of the CrowdStrike Console. You can contact your security admins for the info.<\/li><li><strong>Uninstallation Command<\/strong><\/li><li><strong>Detection Method<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Important \u2013<\/strong>\u00a0I would recommend performing manual testing to ensure scripts are properly executed before converting and uploading files in Intune.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>Install Command<\/th><th>Uninstall Command<\/th><th>Detection Method<\/th><\/tr><\/thead><tbody><tr><td>&lt;File name&gt;.exe \/install \/quiet \/norestart CID=&lt;CCID&gt;<\/td><td>CsUninstallTool.exe \/quiet<\/td><td>MSI Product Code or File Detection<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Download<\/strong>&nbsp;the updated&nbsp;<a href=\"https:\/\/github.com\/Microsoft\/Microsoft-Win32-Content-Prep-Tool\/raw\/master\/IntuneWinAppUtil.exe\" target=\"_blank\" rel=\"noreferrer noopener\">IntuneWinAppUtil.exe<\/a>&nbsp;from&nbsp;<strong>GitHub<\/strong>.&nbsp;<strong>Run<\/strong>&nbsp;IntuneWinAppUtil.exe file&nbsp;<strong>Run as administrator<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Please specify the source folder<\/strong>&nbsp;\u2013 Enter the folder that contains your application setup files. (<strong>For Example,<\/strong>&nbsp;C:\\Users\\JiteshKumar\\Downloads\\Source)<\/li><li><strong>Please specify the setup file&nbsp;<\/strong>\u2013 Enter the setup file name (such as&nbsp;setup.exe&nbsp;or&nbsp;setup.msi) For Example \u2013&nbsp;WindowsSensor.LionLanner.exe<\/li><li><strong>Specify the output folder&nbsp;<\/strong>\u2013 Input the output folder to generate&nbsp;<strong><em>.intunewin<\/em>&nbsp;file<\/strong>.<\/li><li><strong>Do you want to specify catalog folder \u2013&nbsp;<\/strong>Type&nbsp;<strong>N.<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Note \u2013<\/strong>&nbsp;Please wait a few minutes while running the Win32 Content Prep Tool. Once it generates the .intunewin file, the status indicates&nbsp;<strong>100%<\/strong>&nbsp;at the bottom of the command prompt.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/11\/Deploy-CrowdStrike-Falcon-Agent-using-Intune.webp\" alt=\"Deploy CrowdStrike Using Intune Application Deployment Guide Fig.1\" class=\"wp-image-95877\" title=\"Deploy CrowdStrike Using Intune EXE Deployment Guide 1\"\/><figcaption>Deploy CrowdStrike Using Intune Application Deployment Guide Fig.1<\/figcaption><\/figure>\n\n\n\n<p>Once the process completes, Browse to the output folder&nbsp;<strong>(For Example, C:\\Users\\JiteshKumar\\Downloads\\Output)<\/strong>&nbsp;to collect the Intune Win32 app deployment file.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Deploy CrowdStrike using Intune<\/strong><\/h2>\n\n\n\n<p>Let\u2019s follow the steps below to upload the Intunewin file for deploying CrowdStrike Windows Sensor to managed devices. Here\u2019s how you can deploy CrowdStrike using Intune Portal.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Sign in<\/strong>\u00a0to the\u00a0Microsoft Intune admin center\u00a0https:\/\/endpoint.microsoft.com\/ with appropriate\u00a0access rights.<\/li><li>Select\u00a0<strong>Apps<\/strong>\u00a0>\u00a0<strong>All apps<\/strong>\u00a0>\u00a0<strong>Add,<\/strong>\u00a0<strong>or<\/strong>\u00a0you can navigate to\u00a0<strong>Apps > Windows > Windows Apps<\/strong>.<\/li><li>On the\u00a0<strong>Select app type<\/strong>\u00a0pane, select\u00a0<strong>Windows app (Win32)<\/strong>\u00a0under the Other app types and click\u00a0<strong>Select<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/10\/Deploy-Bitwarden-Password-Manager-using-Intune-MEM.webp\" alt=\"Deploy CrowdStrike Using Intune Application Deployment Guide Fig.2\" title=\"Deploy CrowdStrike Using Intune EXE Deployment Guide 2\"\/><figcaption>Deploy CrowdStrike Using Intune Application Deployment Guide Fig.2<\/figcaption><\/figure>\n\n\n\n<p>On the&nbsp;<strong>Add app<\/strong>&nbsp;pane, click&nbsp;<strong>Select app package file<\/strong>. Select the&nbsp;<strong>browse<\/strong>&nbsp;button. Then, select the prepared file with the extension&nbsp;<em>.intunewin<\/em>. The app details appear. When you\u2019re finished, select&nbsp;<strong>OK<\/strong>&nbsp;on the&nbsp;App package file&nbsp;pane.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/11\/Deploy-CrowdStrike-Falcon-Agent-using-Intune1.webp\" alt=\"Deploy CrowdStrike Using Intune Application Deployment Guide Fig.3\" class=\"wp-image-95878\" title=\"Deploy CrowdStrike Using Intune EXE Deployment Guide 3\"\/><figcaption>Deploy CrowdStrike Using Intune Application Deployment Guide Fig.3<\/figcaption><\/figure>\n\n\n\n<p>Enter the<strong>&nbsp;Name<\/strong>&nbsp;of the Windows App Win32 (For Example,&nbsp;<strong>CrowdStrike Sensor&nbsp;<\/strong>or&nbsp;<strong>CrowdStrike Falcon Sensor<\/strong>), and Enter the Description of the Windows App.<\/p>\n\n\n\n<p>Enter the\u00a0<strong>Publisher<\/strong>\u00a0name \u2013 CrowdStrike, and You may specify the additional app information here.\u00a0Upload an icon\u00a0for the app. This icon is displayed with the app when users browse the company portal and click\u00a0<strong>Next.<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/11\/Deploy-CrowdStrike-Falcon-Agent-using-Intune2.webp\" alt=\"Deploy CrowdStrike Using Intune Application Deployment Guide Fig.4\" class=\"wp-image-95879\" title=\"Deploy CrowdStrike Using Intune EXE Deployment Guide 4\"\/><figcaption>Deploy CrowdStrike Using Intune Application Deployment Guide Fig.4<\/figcaption><\/figure>\n\n\n\n<p>The most important part is to specify the commands. On the\u00a0<strong>Program<\/strong>, configure the app installation and removal commands for the app:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Install base<\/strong>: Add the complete installation command line to silent install CrowdStrike.<\/li><li><strong>Uninstall command<\/strong>: Add the uninstallation command line for CrowdStrike.<\/li><li><strong>Install behavior<\/strong>: Set the install behavior to&nbsp;<strong>System<\/strong>.<\/li><\/ul>\n\n\n\n<p>You can also specify the&nbsp;<strong>Device restart behavior<\/strong>&nbsp;and Post-installation behavior. Click&nbsp;<strong>Next<\/strong>&nbsp;to continue.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/11\/Deploy-CrowdStrike-Falcon-Agent-using-Intune3-1.webp\" alt=\"Deploy CrowdStrike Using Intune Application Deployment Guide Fig.5\" class=\"wp-image-95880\" title=\"Deploy CrowdStrike Using Intune EXE Deployment Guide 5\"\/><figcaption>Deploy CrowdStrike Using Intune Application Deployment Guide Fig.5<\/figcaption><\/figure>\n\n\n\n<p>On the&nbsp;<strong>Requirements<\/strong>&nbsp;page, specify the mandatory requirements that devices must meet before installing the update and click&nbsp;<strong>Next<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Operating system architecture<\/strong>: Choose the architectures needed to install CrowdStrike Sensor.<\/li><li><strong>Minimum operating system<\/strong>: Select the minimum operating system needed to install CrowdStrike Sensor.<\/li><\/ul>\n\n\n\n<p>There are some\u00a0<strong>built-in and custom requirements rules<\/strong>\u00a0when creating your Win32 application. Explore\u00a0<strong>Intune Win32 App Requirement Rules<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/10\/Deploy-Bitwarden-Password-Manager-using-Intune3.webp\" alt=\"Deploy CrowdStrike Using Intune Application Deployment Guide Fig.6\" title=\"Deploy CrowdStrike Using Intune EXE Deployment Guide 6\"\/><figcaption>Deploy CrowdStrike Using Intune Application Deployment Guide Fig.6<\/figcaption><\/figure>\n\n\n\n<p>On the\u00a0<strong>Detection rules<\/strong>\u00a0pane, configure the rules to detect the presence of the app. You can choose to add multiple rules.<\/p>\n\n\n\n<p>Here I selected the\u00a0Manually configure detection rules\u00a0format. Click on Add button, and A popup will appear showing the Detection rule. This detection rule format provides three detection rules\u00a0<strong>MSI<\/strong>,\u00a0<strong>File,<\/strong>\u00a0and\u00a0<strong>Registry<\/strong>.<\/p>\n\n\n\n<p>Here you can check the registry path for the applications. Most apps are installed in the same location depending on the app architecture \u2013\u00a0Detection Method for Intune Win32 App. For this time, we are going to use the below as a detection rule.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>On the detection rule, select \u201cManually configure detection rules and Rule type Register\u201d<\/li><\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" src=\"https:\/\/www.usmanghani.co\/wp-content\/uploads\/2020\/12\/Intune-Detection-Rule-1024x318.png\" alt=\"Intune Detection Rule\" class=\"wp-image-496\"\/><\/figure><\/div>\n\n\n<p><strong>Path :<\/strong>&nbsp;C:\\Program Files\\CrowdStrike<br><strong>File or folder :<\/strong>&nbsp;CSFalconController.exe<\/p>\n\n\n\n<p>You can also specify app dependencies where the applications must be installed before your Win32 app can be installed.<\/p>\n\n\n\n<p>In the\u00a0<strong>scope tag\u00a0<\/strong>section, you shall get an option to Configure scope tags for this Windows App Win32 application.<\/p>\n\n\n\n<p>Under&nbsp;<strong>Assignments<\/strong>, In&nbsp;<strong>Included groups,<\/strong>&nbsp;click&nbsp;<strong>Add groups<\/strong>&nbsp;and then choose&nbsp;<strong>Select groups to include<\/strong>&nbsp;one or more groups to which you want to deploy the Windows Update. Click&nbsp;<strong>Next<\/strong>&nbsp;to continue.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/10\/Deploy-Bitwarden-Password-Manager-using-Intune5.webp\" alt=\"Deploy CrowdStrike Using Intune Application Deployment Guide Fig.7\" title=\"Deploy CrowdStrike Using Intune EXE Deployment Guide 7\"\/><figcaption>Deploy CrowdStrike Using Intune Application Deployment Guide Fig.7<\/figcaption><\/figure>\n\n\n\n<p>You will see the details you provided during the application creation process. Review your settings and select&nbsp;<strong>Create<\/strong>&nbsp;to add the app to Intune.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/11\/Deploy-CrowdStrike-Falcon-Agent-using-Intune4.webp\" alt=\"Deploy CrowdStrike Using Intune Application Deployment Guide Fig.8\" class=\"wp-image-95881\" title=\"Deploy CrowdStrike Using Intune EXE Deployment Guide 8\"\/><figcaption>Deploy CrowdStrike Using Intune Application Deployment Guide Fig.8<\/figcaption><\/figure>\n\n\n\n<p>Once you proceed to create, you will see the status Uploading is in progress, If you thinking about how much time will it take to complete the upload? It depends on the&nbsp;<strong>size of the application<\/strong>&nbsp;and&nbsp;the&nbsp;<strong>speed of internet connectivity<\/strong>.<\/p>\n\n\n\n<p>Please wait some time to complete the upload process, and you can check the progress by clicking on the Notification icon. Once the intune package is uploaded and finished, you will get the status\u00a0<strong>\u201cUpload finished.\u201d<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>End Users Experience \u2013 Intune Company Portal<\/strong><\/h2>\n\n\n\n<p>Your groups will receive targeted application when the devices check in with the Intune service the policy applies to the device.<\/p>\n\n\n\n<p>On the client machine, In the\u00a0Company Portal, You can click on the apps to track the details and check the progress. Here you can see the CrowdStrike Falcon Sensor is installed successfully.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/11\/Deploy-CrowdStrike-Falcon-Agent-using-Intune-Company-Portal.webp\" alt=\"Deploy CrowdStrike Using Intune Application Deployment Guide Fig.9\" class=\"wp-image-95916\" title=\"Deploy CrowdStrike Using Intune EXE Deployment Guide 9\"\/><figcaption>Deploy CrowdStrike Using Intune Application Deployment Guide Fig.9<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Monitor CrowdStrike Windows Sensor Deployment<\/strong><\/h2>\n\n\n\n<p>Once the application installation starts, the \u201c<strong>Detection rule<\/strong>\u201d will be evaluated.&nbsp;Checks were performed against the rules configured and the app \u201c<strong>Install command<\/strong>\u201d will be triggered.<\/p>\n\n\n\n<p>You can track the details logged at\u00a0<strong>IntuneManagementExtension.log<\/strong>\u00a0located C:\\ProgramData\\Microsoft\\IntuneManagementExtension\\Log. You track the application activity in client devices.\u00a0You can\u00a0<strong>get through an excellent article on<\/strong>\u00a0Intune Win32 App Issues Troubleshooting\u00a0for more details.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Validate CrowdStrike Installation Status from Control Panel<\/strong><\/h2>\n\n\n\n<p>To check if the&nbsp;<strong>CrowdStrike<\/strong>&nbsp;Application has been Installed Successfully. You can open Control Panel &gt; Programs and Features to check if CrowdStrike Windows Sensor is Installed. You have successfully deployed CrowdStrike using Intune.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/11\/Deploy-CrowdStrike-Falcon-Agent-using-Intune5.webp\" alt=\"Validate CrowdStrike Installation Status from Control Panel Fig.11\" class=\"wp-image-95884\" title=\"Deploy CrowdStrike Using Intune EXE Deployment Guide 11\"\/><figcaption>Deploy CrowdStrike using Intune \u2013 Validate CrowdStrike Installation Status from Control Panel Fig.11<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Troubleshooting Win32 App References<\/strong><\/h2>\n\n\n\n<p>For troubleshooting Intune client-side events, you can refer to three logs incase you experience any issue while deploying CrowdStrike using Intune.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>IntuneManagementExtension.log<\/strong>: Tracks the Intune Management extension component events.<\/li><li><strong>AgentExecuter<\/strong>: Track any PowerShell execution events.<\/li><li><strong>ClientHealth.log<\/strong>:\u00a0 Track client-health related events.<\/li><\/ul>\n\n\n\n<p>Ref: <a href=\"https:\/\/www.anoopcnair.com\/deploy-crowdstrike-using-intune-exe-deployment\/\">Deploy CrowdStrike Using Intune EXE Deployment Guide HTMD Blog (anoopcnair.com)<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.usmanghani.co\/deploy-crowdstrike-falcon-agent-using-intune\/\">Deploy CrowdStrike Falcon Agent Using Intune (usmanghani.co)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CrowdStrike is a cloud-based next-generation antivirus, EDR (endpoint detection and response) solution. You can deploy CrowdStrike in your infrastructure via a single lightweight agent. This post will discuss how we can install CrowdStrike falcon agent \/ Sensor using Intune on Azure Ad joined devices. Login to CrowdStrike Portal and download the agent. You can use <a class=\"read-more\" href=\"https:\/\/SUMMALAI.COM\/?p=4628\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1185,1249,10,9,569,14],"tags":[1503,1502,1504],"class_list":["post-4628","post","type-post","status-publish","format-standard","hentry","category-autopilot-intune","category-azure-microsoft","category-microsoft","category-networks","category-others","category-windows-7-8-10","tag-deploy-crowdstrike-falcon-sensor-intune","tag-deploy-crowdstrike-falcon-sensor-via-intune","tag-deploy-falcon-sensor-using-intune"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4628","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4628"}],"version-history":[{"count":1,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4628\/revisions"}],"predecessor-version":[{"id":4629,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4628\/revisions\/4629"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4628"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4628"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4628"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}