Crowdstrike Intune Deployment

Falcon Watch Crowdstrike Intune Deployment Guide – Updated 2022

Information Technology

If you are looking for a guide for Falcon Watch’s Crowd Strike using Intune look no further. This is a Crowdstrike Intune Deployment Guide! With this quick and easy How-To guide, you will learn how to install Crowd Strike using Microsoft Intune.

How To Install Crowdstrike using Microsoft Intune

First and foremost you need Microsoft InTune for your environment, you need to go to https://endpoint.microsoft.com/ and you will need to create your app to deploy with Microsoft Intune.

You will need to make your WindowsSensor.exe an intunewin application so you can host it online.

Using this tool https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool and with this how-to guide, you can successfully turn the program WindowsSensor.exe into WIndowsSensor.intunewin.

Learn how to Prepare a Win32 App to be uploaded to Microsoft InTune

 Crowdstrike Intune Deployment

I created my own folder to create Intune Apps to deploy. The 1 folder is just a place for the file to go, I categorize them later.

After you have your new WindowsSensor.intunewin file you will be ready to upload it to Microsoft InTune.

Head over to Microsoft Endpoint and go to Apps and you will want to create a new app using Win32

 Crowdstrike Intune Deployment

Click Next and start uploading your file.

Note: Intune Storage only has about 8 gigabytes you can play around with and is not unlimited.

 Crowdstrike Intune Deployment

You will want to fill out the information as you see fit for your environment. It’s not super important what you put into them, but for management reasons. I usually at least put the Version number and simple description on what this app is doing in case I ever have to revisit it.

REALLY IMPORTANT Install and UNINSTALL COMMANDS.

Install Command

  • WindowsSensor.exe /install /norestart /quiet and ProvNoWait=1 CID=XXXXXXXXXXXX

For the Customer CID, you will have to PUT your License there! DO NOT LEAVE XXXXXX obviously it will not work.

Uninstall Command

The uninstall command TECHNICALLY doesn’t really matter here cause you can’t simply uninstall Crowdstrike. You will have to do some manual things to do that, which for an endpoint is what you want.

  • msiexec /x {CSAGENTID} /qn
 Crowdstrike Intune Deployment

Click next and head over to requirements.

I’ve selected X86 and X64 and the lowest Windows 10 versions available.

Click next

On to the Detection Rules.

This is not going to work perfectly by any means cause we don’t readily have the information at hand for InTune to properly detect that Crowdstrike is installed. We however can check to see if the folder is installed which intune will allows us to check.

I told it to look for

C:\Program Files\Crowdstrike

Then look for the File CSFalconService

This gives an error but does install
  • Skip over Dependencies, we don’t need them. We also don’t need the superseding.

Now for assignments. This is where you will be selecting your test group to make sure this is working and installing.

  • IMPORTANT – This also will need to be a Cloud Based OU. It will not work with an on-premise Security Group. I had to create my own Azure Group for this to work. This is why there are 2 test groups now.

Now that you’ve got it finished, it is time to check to see if it installs! You can check your Crowdstrike Dashboard and verify by the machine name.

I hope you have luck with this guide and it helps someone out there like me that needed to do some research to get it to work!

CrowdStrike Intune Deployment: Conclusion

With this guide, we covered the basic steps on how to create almost any app you want and use intune to install it. You can do similar steps above on just about any application you can think of, I just so happened to have to do this process automatically to install CrowdStrike on all of our non-domain joined laptops and needed to automate a lot of the setup process.

Crowdstrike updates automatically for the most part so whenever you create this app it should last a long time in your repository!

Check out some more stuff around here and consider following below!