Microsoft Intune provides a modern and centralized way to manage Windows devices in cloud-first organizations. Zecurit supports agent deployment via Intune Win32 App deployment, enabling a silent and scalable enrollment process for Azure AD-joined endpoints.
This guide walks you through preparing the Zecurit Agent package and deploying it to target devices using Microsoft Intune.
When to use this method
- You’re managing devices with Microsoft Intune (Endpoint Manager)
- Devices are Azure AD joined or Hybrid joined
- You want silent installation without user interaction
- You need to deploy the Zecurit Agent at scale to multiple endpoints
Step 1: Prepare th installation package
- Download the Agent Package
- From the Zecurit portal, download:
ZecuritAgentStartupScript.zip
- From the Zecurit portal, download:
- Extract the Package
- Unzip the file to access:
ZecuritAgentInstaller.msiZecuritAgentStartup.bat- Optional:
InstallZecuritAgent.ps1
- Unzip the file to access:
- Download the Intune Packaging Tool
- Download
IntuneWinAppUtil.exefrom Microsoft’s official GitHub repository: IntuneWinAppUtil GitHub
- Download
- Create a .intunewin Package
- Run the tool and input:
- Source folder: The folder containing the extracted Zecurit files
- Setup file:
ZecuritAgentStartup.bat(or.ps1if using PowerShell) - Output folder: Where the
.intunewinfile will be saved
- Run the tool and input:
IntuneWinAppUtil.exe -c "C:\ZecuritAgent" -s "ZecuritAgentStartup.bat" -o "C:\Output"You now have a deployable ZecuritAgentStartup.intunewin package.
Step 2: Create a deployment policy in Intune
- Sign in to Intune Admin Center https://endpoint.microsoft.com
- Navigate to: Apps → Windows → Add
- In the App type dropdown, select: Windows app (Win32)
- Upload the
.intunewinpackage you created earlier. - Configure the App Information:
- Name:
Zecurit Agent - Description: Silent deployment of Zecurit Agent
- Publisher:
Zecurit - App version: Leave blank or fill as needed
- Name:
- Configure Program Settings:
- Install command:
ZecuritAgentStartup.bat - Uninstall command: (optional)
- Install behavior:
System
- Install command:
- Set Detection Rules:
- Choose File or Registry based detection:
- Example:
- Path:
C:\\Program Files\\ZecuritAgent\\ - File:
zecurit.exe - Detection method:
File exists
- Path:
- Example:
- Choose File or Registry based detection:
This ensures the agent won’t reinstall if it’s already present.
Step 3: Assign the package to target devices
- Navigate to the Assignments section in the app configuration.
- Select one or more Azure AD groups containing the target devices.
- Choose assignment type: Required (for automatic deployment).
You can also configure Availability or Uninstall groups as needed.
Step 4: Deployment and Installation
- The Zecurit Agent will be downloaded and installed silently on the assigned devices.
- A device restart may be required for startup scripts to execute properly.
Once installed, enrolled devices will appear in the Zecurit portal under Devices > All Devices, and begin reporting inventory and software data.
Summary of required files
| File | Purpose |
|---|---|
ZecuritAgentInstaller.msi | Core agent installer |
ZecuritAgentStartup.bat | Startup script to initiate installation |
.intunewin | Intune-compatible package created from the above files |
Troubleshooting tips
- Ensure assigned devices are connected to Intune and not blocked by policy.
- Use Intune App Install Status to track progress per device.
- Check the Device Management Event Log (
Applications and Services Logs → Microsoft → Windows → DeviceManagement-Enterprise-Diagnostics-Provider) for script errors. - Verify detection rule accuracy to avoid repeated deployments.
By following these steps, you can automatically deploy the Zecurit Agent to all Intune-managed Windows devices.