Crowdstrike Intune Deployment

Falcon Watch Crowdstrike Intune Deployment Guide

Information Technology

If you are looking for a guide for Falcon Watch’s Crowd Strike look no futher. This is a Crowdstrike Intune Deployment Guide!

First and foremost you need Microsoft InTune for your environment, you need to go to https://endpoint.microsoft.com/ and you will need to create your app to deploy with Microsoft Intune.

You will need to make your WindowsSensor.exe a intunewin application so you can host it online.

Using this tool https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool and this guide you can successfully turn the program WindowsSensor.exe into WIndowsSensor.intunewin.

Learn how to Preapare a Win32 App to be uploaded to Microsoft InTune

I created my own folder to create Intune Apps to deploy. The 1 folder is just a place for the file to go, I categorize them later.

After you have your new WindowsSensor.intunewin file you will be ready to upload it to Microsoft InTune.

Head over to Microsoft Endpoint and go to Apps and you will want to create a new app using Win32

Click Next and start uploading your file.

Note: Intune Storage only has about 8 gigabytes you can play around with and is not unlimited.

You will want to fill out the information as you see fit for your environment. It’s not super important what you put into them, but for management reasons. I usually at least put the Version number and simple description on what this app is doing incase I ever have to revisit it.

REALLY IMPORTANT Install and UNINSTALL COMMANDS.

Install Command

  • WindowsSensor.exe /install /norestart /quiet and ProvNoWait=1 CID=XXXXXXXXXXXX

For the Customer CID you will have to PUT your License there! DO NOT LEAVE XXXXXX obviously it will not work.

Uninstall Command

The uninstall command TECHNICALLY doesn’t really matter here cause you can’t simply uninstall Crowdstrike. You will have to do some manually things to do that, which for an endpoint is what you want.

  • msiexec /x {CSAGENTID} /qn

Click next and head over to requirements.

I’ve selected X86 and X64 and the lowest Windows 10 version available.

Click next

On to the Detection Rules.

This is not going to work perfect by any means cause we don’t readily have the information at hand for InTune to properly detect that Crowdstrike is installed. We however can check to see if the folder is installed which intune will allows us to check.

I told it to look for

C:\Program Files\Crowdstrike

Then look for the File CSFalconService

This gives and error but does install

Skip over Dependencies, we don’t need them. We also don’t need the superseding.

Now for assignments. This is where you will be selecting your test group to make sure this is working and installing.

This also will need to be a Cloud Based OU. It will not work with an on-premise Security Group. I had to create my own Azure Group for this to work. This is why there are 2 test groups now.

Now that you’ve got it all ready it is time to check to see if it installs! I hope you have luck with this guide and it helps someone out there like me that needed to do some research to get it to work!