Current and Future Clients/Partners are Welcome.
Adding fine-grained Workspace Management capabilities to Microsoft Intune
Recent global circumstances have meant that for most organisations, mobile and remote working is now the new norm. Businesses have to adapt as to how they can both enable and manage these users to provide the best user experience. Traditional on-premises tools can be lacking when it comes to deploying applications to these end users, so it makes sense to turn to modern tools built around these scenarios, such as Microsoft Intune.
With ProfileUnity we can provide a contextual User Environment Management and help give the user experience that those end users require. Traditionally we would deploy ProfileUnity’s client tools utilising group policy, but in this article, we will detail how to utilise Intune to deploy to remote users.
We need 1 Powershell Script and 1 folder to deploy ProfileUnity on Azure AD joined laptops via Intune. Both files are attached to this post.
- Deploy_ProU_Machine_V2.0 (download .TXT file on top of this post and rename to .PS1)
This will be used in Intune to deploy the ProfileUnity installation and configure machine settings.
- LocalGPO.zip (download .ZIP file on top of this post)
The contents of LocalGPO.zip will be added to the Tools directory which resides in the ProfileUnity Client Tools and which can be downloaded from the ProfileUnity Console.
Azure Folder Structure
Create the following structure in Azure Blob Storage. This structure is not specifically required to install ProfileUnity via Azure but will help to keep an overview.
Azure Storage Credential
Add Azure Storage Credentials in the ProfileUnity Console through a configuration wizard or via Administration > Cloud Storage. You only need 1 Credential.
Click on the Copy icon and paste the Shared Access Signature (SAS) URL of the Storage Container.
After you’ve pasted the SAS url click “Copy”. The Azure Storage Credential will be in your clipboard. Update $AzureStorageCredentials variable in Deploy_ProU_Machine.ps1 with the contents of your clipboard.
Message Queue Connection
Get the MqConnectionString from the ProfileUnity Console under “Administration > Client Settings”. Make sure the Message Queue Connection points to an internally and externally reachable FQDN. You can alter the Message Queue Connection by clicking “Manage Message Queue Connection” and changing “localhost” to an FQDN. Ensure the firewall exception for TCP port 5167 is created.
Download the ClientSettings.XML and from the content copy the MqConnectionString value into Deploy_ProU_Machine.ps1
Create a configuration in the ProfileUnity Console using the guided configuration wizard and select the Azure template. Deploy the configuration to Config/User folder in Azure.
Within the configuration you just created, create an Application Launcher Rule and point to Powershell.exe -ExecutionPolicy bypass -File "C:\Program Files\ProfileUnity\Tools\Download_ProU_Configs.ps1"
Create a Shared Access Signature (SAS) for the configuration file. Update Deploy_ProU_Machine.ps1 with this SAS key.
Download the “ProfileUnity Client Tools” from your ProfileUnity Management Console
Extract LocalGPO.zip and put the contents inside client-tools.zip in the Tools directory.
Upload “client-tools.zip” to Azure under the Client folder.
Generate a SAS for the “client-tools.zip” file and update the “$Path” variable in the “Deploy_ProU_Machine.ps1” file with the Shared Access Signature information.
Update the “$FileName” and “$Version” variables as well. The version can be found on the properties of any exe in the client-tools zip file.
If you've performed all steps correctly Deploy_ProU_Machine.ps1 should contain your information in the top section.
Add Deploy_ProU_Machine.ps1 to Intune as described here;
NOTE: Make sure to run the script in 64-bit PowerShell host: Select Yes to run the script in a 64-bit PowerShell (PS) host on a 64-bit client architecture
This will install ProfileUnity on all targeted machines.