Automating with PowerShell: uploading your RMM application to all Intune tenants

This script is based on some earlier work I’ve done for uploading general applications to Intune tenants, but I’ve transformed this into a module to allow a easy synchronization between your RMM system and M365. There’s some prework that’ll need to be performed for each supported RMM system. Check out the Github page for the latest and greatest information as the blog can be outdated.

When you execute this script and you’ve performed the prerequisites the script will automatically upload all of the applications to intune and assign them to the default device group. You might want to manually change the exact group.

As an example, I’ll demonstrate how to use the script with DattoRMM. There’s more supported RMM systems but they pretty much work in the same way; you assign a value of the onmicrosoft domain to each of your clients in your RMM system and we use that to match and login to the right tenant.

Whenever you run the script we remove the old application even if nothing changed – This is done to make sure we overwrite any mistakes you’ve made and we always deploy the latest update from our RMM system.

Fair warning; This module is still under active development and as such, not 100% production ready yet. Wanna help make it ready? check out the Github page here.

Deploying RMM tooling to Intune automatically

Each RMM system has their own function in the module, as the example I’ll use DattoRMM as that is what we use. Check out the Github page for documentation for the other RMM systems. Some of them are still under development though. 🙂

For DattoRMM you’ll have to create a site variable first. you can name this site variable anything you want but I suggest “O365Tenant”. Fill this variable in at all your clients with their OnMicrosoft.com domain name. You can then run the following script to deploy the agent everywhere.

$Params = @{
    ApplicationId       = 'appID'
    ApplicationSecret   = 'appsecret'
    YourTenantID        = 'tenantid'
    RefreshToken        = 'longrefreshtoken'
    DattoURL            = 'https://pinotage-api.centrastage.net'
    DattoKey            = 'DattoAPIKey'
    DattoSecretKey      = 'DattoAPISecret'
    AssignToAllDevices  = $false
    PackageName         = "MyMSP RMM Agent"
    DattoTenantVariable = "O365Tenant"
}
Import-Module "RMMIntuneHelper"
New-DattoRMMApplication @params -Verbose

As you can see, you also have the option to assign it to all devices immediately. This allows you to just set this script up on a schedule to always have your clients get the correct agent.

Deploying other applications to Intune automatically

So I’ve also generalized this to not have to deploy an RMM tool, but any tool you want to use at all clients directly. The generic function checks all tenants under your administration, creates unique intunewin files per tenant and uploads this to each tenant. This allows you to easily upload mandatory applications, for example Adobe Reader, 7Zip, etc. without needing to maintain this at each client separately.

If you add a logo.png file to the installation folder, it’ll also automatically pick that logo up and upload it to each tenant, which allows a pretty icon in the Company Portal. 🙂

You can execute the following code, I’m using 7Zip as my example.

$Params = @{
    ApplicationId        = 'appID'
    ApplicationSecret    = 'appsecret'
    YourTenantID         = 'tenantid'
    RefreshToken         = 'longrefreshtoken'
    PackageName          = "7-Zip"
    PackageVersion       = "1.0"
    packageinstallcmd    = "7z1900-x64.exe /S"
    packageuninstallcmd  = "C:\Program Files\7-Zip\Uninstall.exe /S"
    packagedetectionpath = "C:\program files\7-Zip"
    packagedetectionfile = '7z.exe'
    InstallerPath        = "C:\Intune\7Zip\7z1900-x64.exe"
    AssignToAllDevices   = $false
}
Import-Module "RMMIntuneHelper"
New-GenericApplication @params -Verbose

And that’s it! as always, Happy Powershelling. 🙂

Recent Articles

The return of CyberDrain CTF

CyberDrain CTF returns! (and so do I!)

It’s been since september that I actually picked up a digital pen equivalent and wrote anything down. This was due to me being busy with life but also my side projects like CIPP. I’m trying to get back into the game of scripting and blogging about these scripts. There’s still so much to automate and so little time, right? ;)

Monitoring with PowerShell: Monitoring Acronis Backups

Intro

This is a monitoring script requested via Reddit, One of the reddit r/msp users wondered how they can monitor Acronis a little bit easier. I jumped on this because it happened pretty much at the same time that I was asked to speak at the Acronis CyberSummit so it kinda made sense to script this so I have something to demonstrate at my session there.

Monitoring with PowerShell: Monitoring VSS Snapshots

Intro

Wow! It’s been a while since I’ve blogged. I’ve just been so swamped with CIPP that I’ve just let the blogging go entirely. It’s a shame because I think out of all my hobbies it’s one I enjoy the most. It’s always nice helping others achieve their scripting target. I even got a couple of LinkedIn questions asking if I was done with blogging but I’m not. Writing always gives me some more piece of mind so I’ll try to catch up again. I know I’ve said that before but this time I’ll follow through. I’m sitting down right now and scheduling the release of 5 blogs in one go. No more whining and no more waiting.