Welcome to the Liquidware Community Site.
Current and Future Clients/Partners are Welcome.

Adding fine-grained Workspace Management capabilities to Microsoft Intune


Recent global circumstances have meant that for most organisations, mobile and remote working is now the new norm. Businesses have to adapt as to how they can both enable and manage these users to provide the best user experience. Traditional on-premises tools can be lacking when it comes to deploying applications to these end users, so it makes sense to turn to modern tools built around these scenarios, such as Microsoft Intune. 

With ProfileUnity we can provide a contextual User Environment Management and help give the user experience that those end users require. Traditionally we would deploy ProfileUnity’s client tools utilising group policy, but in this article, we will detail how to utilise Intune to deploy to remote users.


Preparation 

We need 1 Powershell Script and 1 folder to deploy ProfileUnity on Azure AD joined laptops via Intune.

This will be used in Intune to deploy the ProfileUnity installation and configure machine settings.

The contents of LocalGPO.zip will be added to the Tools directory which resides in the ProfileUnity Client Tools and which can be downloaded from the ProfileUnity Console.


Azure Folder Structure

Create the following structure in Azure Blob Storage. This structure is not specifically required to install ProfileUnity via Azure but will help to keep an overview. 

  • config
    • user
  • client 


Azure Storage Credential

Add Azure Storage Credentials in the ProfileUnity Console through a configuration wizard or via Administration > Cloud Storage. You only need 1 Credential. 

Click on the Copy icon and paste the Shared Access Signature (SAS) URL of the Storage Container. 

After you’ve pasted the SAS url click “Copy”. The Azure Storage Credential will be in your clipboard. Update $AzureStorageCredentials variable in Deploy_ProU_Machine.ps1 with the contents of your clipboard.


Message Queue Connection

Get the MqConnectionString from the ProfileUnity Console under “Administration > Client Settings”. Make sure the Message Queue Connection points to an internally and externally reachable FQDN. You can alter the Message Queue Connection by clicking “Manage Message Queue Connection” and changing “localhost” to an FQDN. Ensure the firewall exception for TCP port 5167 is created.

Download the ClientSettings.XML and from the content copy the MqConnectionString value into Deploy_ProU_Machine.ps1 


Configs

Create a configuration in the ProfileUnity Console using the guided configuration wizard and select the Azure template. Deploy the configuration to Config/User folder in Azure. 

Within the configuration you just created, create an Application Launcher Rule and point to Powershell.exe -ExecutionPolicy bypass -File "C:\Program Files\ProfileUnity\Tools\Download_ProU_Configs.ps1"

Create a Shared Access Signature (SAS) for the configuration file. Update Deploy_ProU_Machine.ps1 with this SAS key. 


ProfileUnity Client

Download the “ProfileUnity Client Tools” from your ProfileUnity Management Console 

Extract LocalGPO.zip and put the contents inside client-tools.zip in the Tools directory. 


Upload “client-tools.zip” to Azure under the Client folder. 


Generate a SAS for the “client-tools.zip” file and update the “$Path” variable in the “Deploy_ProU_Machine.ps1” file with the Shared Access Signature information. 

Update the “$FileName” and “$Version” variables as well. The version can be found on the properties of any exe in the client-tools zip file.  


Client installation

If you've performed all steps correctly Deploy_ProU_Machine.ps1 should contain your information in the top section.


Add Deploy_ProU_Machine.ps1 to Intune as described here; 

https://docs.microsoft.com/en-us/intune/apps/intune-management-extension 

NOTE: Make sure to run the script in 64-bit PowerShell host: Select Yes to run the script in a 64-bit PowerShell (PS) host on a 64-bit client architecture

This will install ProfileUnity on all targeted machines.

Sign In or Register to comment.