Use this guide to help you get your Windows PCs managed by the Microsoft Intune client software.
Before you start
Before you start installing the Intune client software, read the topic Resolve GPO and Microsoft Intune policy conflicts to understand what must be in place to install the client correctly and then return to these instructions.
Get the client installed
Use these steps get the client installed:
Then use one or more of the following methods to get the client installed:
If you no longer need to manage a computer with Intune, you can retire the computer, which also removes the client software from the computer. For more information, see Common Windows PC management tasks with the Microsoft Intune computer client.
To download the client software
In the Microsoft Intune administration console, click Admin > Client Software Download
On the Client Software Download page, click Download Client Software and save the Microsoft_Intune_Setup.zip package containing the software to a secure location on your network.
The Intune client software installation package contains information about your account. If unauthorized users gain access to the installation package, they can enroll computers to the account that is represented by its embedded certificate.
Extract the contents of the installation package to the secure location on your network.
Do not rename or remove the ACCOUNTCERT file that is extracted or the client software installation will fail.
To manually deploy the client software
On a computer, browse to the folder where the client software installation files are located, and then run Microsoft_Intune_Setup.exe to install the client software.
The status of the installation is displayed when you hover over the icon in the taskbar on the client computer.
To automatically deploy the client software by using Group Policy
In the folder that contains the files Microsoft_Intune_Setup.exe and MicrosoftIntune.accountcert, run the following command to extract the Windows Installer-based installation programs for 32-bit and 64-bit computers:
Microsoft_Intune_Setup.exe/Extract <destination folder>
Copy the Microsoft_Intune_x86.msi file, the Microsoft_Intune_x64.msi file, and the MicrosoftIntune.accountcert file to a network location that can be accessed by all computers to which the client software is to be installed.
Do not separate or rename the files or the client software installation will fail.
Use Group Policy to deploy the software to computers on your network.
For more information about how to use Group Policy to automatically deploy software, see your Windows Server documentation.
Install the Microsoft Intune client software as part of an image
You can deploy the Intune client software to computers as part of an operating system image by using the following example procedure as a basis:
Copy the client installation files, Microsoft_Intune_Setup.exe and MicrosoftIntune.accountcert to the %Systemdrive%\Temp\Microsoft_Intune_Setup folder on the reference computer.
Create the WindowsIntuneEnrollPending registry entry by adding the following command to the SetupComplete.cmd script:
%windir%\system32\reg.exe add HKEY_LOCAL_MACHINE\Software\Microsoft\Onlinemanagement\Deployment /v WindowsIntuneEnrollPending /t REG_DWORD /d 1
Add the following command to setupcomplete.cmd to run the enrollment package with the /PrepareEnroll command-line argument:
The SetupComplete.cmd script enables Windows Setup to make modifications to the system before a user logs on. The /PrepareEnroll command-line argument prepares a targeted computer to be automatically enrolled in Intune after Windows Setup finishes.
Put SetupComplete.cmd in the %Windir%\Setup\Scripts folder on the reference computer.
Capture an image of the reference computer and then deploy this to targeted computers.
When the targeted computer restarts at the completion of Windows Setup, the WindowsIntuneEnrollPending registry key is created. The enrollment package checks whether the computer is enrolled. If the computer is enrolled, no further action is taken. If the computer is not enrolled, the enrollment package creates a Microsoft Intune Automatic Enrollment Task.
When the automatic enrollment task runs at the next scheduled time, it checks the existence of the WindowsIntuneEnrollPending registry value, and it tries to enroll the targeted PC in Intune. If the enrollment fails for any reason, the enrollment is retried the next time the task runs. The retries continue for a period of one month.
The Intune Automatic Enrollment Task, the WindowsIntuneEnrollPending registry value, and the account certificate are deleted from the targeted computer when the enrollment is successful or after one month.
Monitor and validate successful client deployment
Use one of the following procedures to help you monitor and validate successful client deployment.
To verify the installation of the client software from the Microsoft Intune administrator console
In the Microsoft Intune administration console, click Groups > All Devices > All Computers.
Scroll down the list of computers to find managed computers that are communicating with Intune, or to search for a specific managed computer by typing the computer name, or any part of the name, in the Search devices box.
Examine the status of the computer in the bottom pane of the console, and resolve any errors.
To create a computer inventory report to display all enrolled computers
In the Microsoft Intune administration console, click Reports > Computer Inventory Reports.
On the Create New Report page, leave all fields as the default values (unless you want to apply filters), and click View Report.
The Computer Inventory Report page opens in a new window that displays all computers that are successfully enrolled in Intune.
Click any column heading in the report to sort the list by the contents of that column.