This script is based on some earlier work I’ve done for uploading general applications to Intune tenants, but I’ve transformed this into a module to allow a easy synchronization between your RMM system and M365. There’s some prework that’ll need to be performed for each supported RMM system. Check out the Github page for the latest and greatest information as the blog can be outdated.

When you execute this script and you’ve performed the prerequisites the script will automatically upload all of the applications to intune and assign them to the default device group. You might want to manually change the exact group.

As an example, I’ll demonstrate how to use the script with DattoRMM. There’s more supported RMM systems but they pretty much work in the same way; you assign a value of the onmicrosoft domain to each of your clients in your RMM system and we use that to match and login to the right tenant.

Whenever you run the script we remove the old application even if nothing changed – This is done to make sure we overwrite any mistakes you’ve made and we always deploy the latest update from our RMM system.

Fair warning; This module is still under active development and as such, not 100% production ready yet. Wanna help make it ready? check out the Github page here.

Deploying RMM tooling to Intune automatically

Each RMM system has their own function in the module, as the example I’ll use DattoRMM as that is what we use. Check out the Github page for documentation for the other RMM systems. Some of them are still under development though. 🙂

For DattoRMM you’ll have to create a site variable first. you can name this site variable anything you want but I suggest “O365Tenant”. Fill this variable in at all your clients with their OnMicrosoft.com domain name. You can then run the following script to deploy the agent everywhere.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

$Params = @{
    ApplicationId       = 'appID'
    ApplicationSecret   = 'appsecret'
    YourTenantID        = 'tenantid'
    RefreshToken        = 'longrefreshtoken'
    DattoURL            = 'https://pinotage-api.centrastage.net'
    DattoKey            = 'DattoAPIKey'
    DattoSecretKey      = 'DattoAPISecret'
    AssignToAllDevices  = $false
    PackageName         = "MyMSP RMM Agent"
    DattoTenantVariable = "O365Tenant"
}
Import-Module "RMMIntuneHelper"
New-DattoRMMApplication @params -Verbose

As you can see, you also have the option to assign it to all devices immediately. This allows you to just set this script up on a schedule to always have your clients get the correct agent.

Deploying other applications to Intune automatically

So I’ve also generalized this to not have to deploy an RMM tool, but any tool you want to use at all clients directly. The generic function checks all tenants under your administration, creates unique intunewin files per tenant and uploads this to each tenant. This allows you to easily upload mandatory applications, for example Adobe Reader, 7Zip, etc. without needing to maintain this at each client separately.

If you add a logo.png file to the installation folder, it’ll also automatically pick that logo up and upload it to each tenant, which allows a pretty icon in the Company Portal. 🙂

You can execute the following code, I’m using 7Zip as my example.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

$Params = @{
    ApplicationId        = 'appID'
    ApplicationSecret    = 'appsecret'
    YourTenantID         = 'tenantid'
    RefreshToken         = 'longrefreshtoken'
    PackageName          = "7-Zip"
    PackageVersion       = "1.0"
    packageinstallcmd    = "7z1900-x64.exe /S"
    packageuninstallcmd  = "C:\Program Files\7-Zip\Uninstall.exe /S"
    packagedetectionpath = "C:\program files\7-Zip"
    packagedetectionfile = '7z.exe'
    InstallerPath        = "C:\Intune\7Zip\7z1900-x64.exe"
    AssignToAllDevices   = $false
}
Import-Module "RMMIntuneHelper"
New-GenericApplication @params -Verbose

And that’s it! as always, Happy Powershelling. 🙂