This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Latest KB's] Sophos Central Windows Endpoint: Sophos Central Windows Endpoint: Deploying using Microsoft Intune

Hi Community,

This article provides a high level overview on how to use Microsoft Intune to deploy the Sophos Central Windows endpoint software.

The steps are provided with the assumption that Intune has already been used to deploy packages to Windows endpoints and you are already familiar with the general workflows described.

Cheers,

Karlos

This thread was automatically locked due to age.

rachel kaira over 7 years ago

This reply was deleted.

Developer at gulberg islamabad and capital smart city
- Karlos over 7 years ago in reply to rachel kaira
  
  My pleasure!
  
  Cheers,
  
  Karlos
  
  Karlos
  Community Support Engineer | Sophos Technical Support
  Knowledge Base | @SophosSupport | Sign up for SMS Alerts
  If a post solves your question use the 'This helped me' link.
BrianBagley over 6 years ago

I've followed the steps outlined in the article, and I am able to deploy Sophos Central to devices by way of InTune.

But, the install is not reported or detected successfully. Subsequently, InTune attempts to download and install Sophos regularly. Additionally, I'm not able to apply the app to my Windows AutoPilot devices, because the install is reported as failing, so that entire process fails as a result.

Are there some more specifics we need to look at with the detection portion, or in the response codes?
- Shweta over 6 years ago in reply to BrianBagley
  
  Hi BrianBagley
  
  When it is failing, what is a specific error it is showing? Anything under event logs?
  
  Shweta
  
  Community Support Engineer | Sophos Technical Support
  Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
  If a post solves your question use the 'Verify Answer' link.
  
  The New Home of Sophos Support Videos! - Visit Sophos Techvids
  - BrianBagley over 6 years ago in reply to Shweta
    
    I don't recall anything specific, I'll push the app again to see what happens.
    
    I'm starting to wonder if it has to do with 32/64 bit settings and the detection item setting for 32bit on 64bit.
    
    I was going to try setting the app as just 64 bit, and leave the 32bit app on 64bit OS off.
  - Shweta over 6 years ago in reply to BrianBagley
    
    Hi BrianBagley
    
    The article goes over the process in which you can specify the architecture of the machine. Please find this section attached below:
    
    Under the header "Creating the Win32 app within Intune" check step 10:
    
    10. Enter the operating system architectures you wish to deploy to, e.g. 64-bit and 32-bit and minimum operating system, then click OK.
    
    At this point is where you can specify a 64-bit deployment. Kindly try to push it again, and check for the error you are receiving which would be more helpful for us.
    
    Shweta
    
    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  - BrianBagley over 6 years ago in reply to Shweta
    
    Well, this has been weird. I've spent the last couple of days tweaking the App Config settings in InTune to try and push the install again, but it never wanted to push to my test device.
    
    Finally, I downloaded a fresh SophosSetup.exe, converted it with the InTuneWinUtil app, then uploaded it to Intune using the existing App Config.
    
    This time it pushed to the device, and reported a successful install.
    
    So, maybe there was an error with the installer I downloaded about a month ago?
    
    Do the current installers still expire after a period of time?
  - DianneY over 6 years ago in reply to BrianBagley
    
    Hello BrianBagley
    
    Thanks for your update! Installers do expire in a way since the SophosSetup.exe file may be updated on some level after some time. It is recommended that if you are encountering any installation issues it would be best to start with downloading a new SophosSetup installer file to use for your deployment.
  - Brendan Main over 6 years ago in reply to DianneY
    
    Have been troubleshooting this with Microsoft Intune support team for 3 weeks now and still getting nowhere with them as they don't even understand how their own Intune management extension agent detection rules work
  - Brendan Main over 6 years ago in reply to Brendan Main
    
    Sophos article path and file they specify doesn’t work with Intune, once updated to the below Intune detects the file successfully, don’t know why probably bug as Microsoft Intune team are still investigating
    
    Path: C:\Program Files (x86)\Sophos\AutoUpdate
    
    File: SophosUpdate.exe
  - Jasmin over 6 years ago in reply to Brendan Main
    
    Hi Brendan Main
    
    Thank you for the information on this.
    
    Please let us know the solution of the issue once it has been investigated by Microsoft Intune team, so it can be useful to other users.
    
    Regards,
    
    Jasmin
    Community Support Engineer | Sophos Support
    Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link
  - BrianBagley over 6 years ago in reply to Brendan Main
    
    Ours is now working fine just as specified in the article, using the Sophos UI.exe for the file exists detection. Just ran AutoPilot process on a system, and Sophos is there. I'll probably have to update the installer in another week or so, seems like they expire after a month, rather than three months as they did in the past.
  - Jasmin over 6 years ago in reply to BrianBagley
    
    Hi BrianBagley
    
    Glad to know that your issue has been resolved.
    
    The installer gets refreshed for around 1 month because of implementing a new feature and also for security reasons.
    
    Regards,
    
    Jasmin
    Community Support Engineer | Sophos Support
    Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link