Note: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

Overview

This knowledge base article provides a high-level overview on how to use Microsoft Intune to deploy the Sophos Central Windows endpoint software.

The steps below are provided with the assumption that Intune has already been used to deploy packages to Windows endpoints and you are already familiar with the general workflows described.

The following sections are covered:

• Table of Contents

  • Overview
  • What to do 
    • Create the .intunewin file from the Sophos Central installer file
    • Create the Win32 app within Intune
  • Endpoint deployment
  • Related information
  
  
  

Applies to the following Sophos product(s) and version(s)
Central Windows Endpoint
Sophos Endpoint Security and Control

What to do 

Create the .intunewin file from the Sophos Central installer file

Note: It is recommended to deploy using AutoPilot from Windows enrollment

1. Create the following folders using a Command Prompt with admin privilege:
   
   
   1. md C:\Temp
   2. md C:\Temp\IntunePackageSource
   3. md C:\Temp\IntunePackageOutput
   4. md C:\Temp\Intune-Win32-App-Packaging-Tool-master
2. From your Sophos Central account, download SophosSetup.exe and save it at C:\Temp\IntunePackageSource.
3. From Github, download the Microsoft Win32 app packaging tool (IntuneWinAppUtil.exe) and save it at C:\Temp\Intune-Win32-App-Packaging-Tool-master.
4. Using a Command Prompt, run the packaging tool from the specified folder.
5. When prompted, specify the following:
   
   
   • Source folder: C:\Temp\IntunePackageSource
   • Setup file: SophosSetup.exe
   • Output folder: C:\Temp\IntunePackageOutput
   • Catalog folder: N

The message INFO File 'C:\Temp\IntunePackageOutput\SophosSetup.intunewin' has been generated successfully will be displayed. 

Create the Win32 app within Intune

1. Log in to your Azure AD tenant with an account with the required access to manage Intune.
2. Search for and click Intune.
3. In the left navigation column, click Apps.
   
   
   
4. In the opened Apps section click All Apps.
5. Click on the Add button.
6. Click the drop-down for app type then select Windows app (Win32) followed by select.
   
   
7. From the App information tab select SophosSetup.intunewin file from C:\Temp\IntunePackageOutput then click OK.
8. The app information can then be configured as follows:
   
   
   • Name: Sophos Central
   • Description: Advanced endpoint protection coupled with a simple, intuitive user experience
   • Publisher: Sophos Ltd
   • Information URL: www.sophos.com/.../sophos-central.aspx
   • Privacy URL: www.sophos.com/.../product-privacy-info.aspx



9. Enter the install and uninstall commands in the Program tab, then click Next.
   
   
   • Install command: SophosSetup.exe --quiet
     
     Note: For more information on the available command-line options, please see: Sophos Central Endpoint: Installer command line options for Windows and Mac.
     
     
   • Uninstall command: %ProgramFiles%\Sophos\Sophos Endpoint Agent\uninstallcli.exe
   • Leave the return codes and scope (tags) as default 
     
     
     
10. Enter the OS architectures you wish to deploy from the Requirements tab, then click Next.
11. Enter the detection rule in the Detections Rule by selecting Manually configure detection rules from the Rules format drop-down menu
    and enter the following parameters, then click the Ok button followed by the Next button.
    
    • Rule type: File
    • Path: %ProgramFiles%\Sophos\Sophos UI
    • File or folder: Sophos UI.exe
    • Detection method: File or folder exists.



    
    
    
12. Once your app is ready and you are on the Assignments tab, assign it to a ‘Required’ group by clicking on Add Group to assign the
    application to your group, then click Next.
    Note: This will be installed automatically on enrolled devices.
    
    
    
13. Review the details of your app and click on create.
14. From Apps section you will now see the newly created application.
    
    

Endpoint deployment

Once your endpoint is configured and enrolled with Windows Autopilot the software will automatically deploy to your device. The end-user may see the following notifications if these were configured in the above application creation.



The end-user will also see the Sophos endpoint Agent icon in the system tray:

Related information

• Intune Standalone - Win32 app management
• Sophos Central Admin: Endpoint protection deployment methods
• SophosZap: Frequently Asked Questions

Sign up to the Sophos Support Notification Service to get the latest product release information and critical issues.