{"id":2462,"date":"2025-07-02T08:02:37","date_gmt":"2025-07-02T08:02:37","guid":{"rendered":"https:\/\/zecurit.com\/help\/?post_type=docs&#038;p=2462"},"modified":"2025-07-02T08:02:39","modified_gmt":"2025-07-02T08:02:39","slug":"enrollment-via-microsoft-azure","status":"publish","type":"docs","link":"https:\/\/zecurit.com\/help\/asset-management\/device-enrollment\/silent-and-bulk-enrollment\/enrollment-via-microsoft-azure\/","title":{"rendered":"Enrollment via Microsoft Azure"},"content":{"rendered":"\n<p>Zecurit supports seamless deployment of its agent to Azure AD-joined Windows devices, enabling IT admins to manage endpoints across cloud and hybrid environments efficiently. Using Azure-native tools, you can automate and scale agent installation across hundreds or thousands of devices.<\/p>\n\n\n\n<p>This guide provides step-by-step instructions for enrolling Windows devices into\u00a0Zecurit\u00a0using\u00a0Microsoft Azure. You can deploy the Zecurit Agent using one of the following methods:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Method 1: Microsoft Intune Service with Storage Account<\/strong><\/li>\n\n\n\n<li><strong>Method 2: Automation Account with Hybrid Runbook Worker<\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Why Use Azure for Enrollment?<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ideal for cloud-first or hybrid organizations<\/li>\n\n\n\n<li>Supports both <strong>cloud-only<\/strong> and <strong>on-premises devices<\/strong><\/li>\n\n\n\n<li>No user interaction needed<\/li>\n\n\n\n<li>Centralized, policy-driven agent deployment<\/li>\n\n\n\n<li>Scalable to large device fleets<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Method 1: Microsoft Intune with Azure Storage Account<\/h2>\n\n\n\n<p>This method uses Microsoft Intune (Endpoint Manager) to deploy the agent script and binaries hosted in a Azure Storage Account.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisites<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure AD tenant with Intune licensing<\/li>\n\n\n\n<li>Sufficient permissions to deploy applications via Intune<\/li>\n\n\n\n<li>Azure Storage Account (Blob storage)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Steps for Method 1<\/h3>\n\n\n\n<p><strong>Step 1: Download &amp; Extract Agent Files<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Download\u00a0<strong><code>ZecuritAgentStartupScript.zip<\/code><\/strong>\u00a0from the Zecurit portal.<\/li>\n\n\n\n<li>Extract the contents to a local folder.<\/li>\n<\/ol>\n\n\n\n<p><strong>Step 2: Create an Azure Storage Account &amp; Blob<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to the\u00a0<a href=\"https:\/\/portal.azure.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Azure Portal<\/strong><\/a>.<\/li>\n\n\n\n<li>Navigate to\u00a0<strong>Storage Accounts<\/strong>\u00a0>\u00a0<strong>Create<\/strong>.<\/li>\n\n\n\n<li>Configure the storage account with:\n<ul class=\"wp-block-list\">\n<li><strong>Subscription<\/strong>: Select your Azure subscription.<\/li>\n\n\n\n<li><strong>Resource Group<\/strong>: Create new or select existing.<\/li>\n\n\n\n<li><strong>Storage Account Name<\/strong>: Enter a unique name (e.g.,\u00a0<strong><code>zecuritagentstorage<\/code><\/strong>).<\/li>\n\n\n\n<li><strong>Region<\/strong>: Select the closest Azure region.<\/li>\n\n\n\n<li><strong>Performance<\/strong>: Standard.<\/li>\n\n\n\n<li><strong>Redundancy<\/strong>: LRS (Locally Redundant Storage).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click\u00a0<strong>Review + Create<\/strong>\u00a0>\u00a0<strong>Create<\/strong>.<\/li>\n\n\n\n<li>Once deployed, go to\u00a0<strong>Storage Account<\/strong>\u00a0>\u00a0<strong>Containers<\/strong>\u00a0>\u00a0<strong>+ Container<\/strong>.<\/li>\n\n\n\n<li>Name the container (e.g.,\u00a0<strong><code>zecurit-agent<\/code><\/strong>) and set access level to\u00a0<strong>Private<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p><strong>Step 3: Upload Agent Files to Blob Storage<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Navigate to the container and click\u00a0<strong>Upload<\/strong>.<\/li>\n\n\n\n<li>Select all extracted files from\u00a0<strong><code>ZecuritAgentStartupScript.zip<\/code><\/strong>\u00a0and upload them.<\/li>\n<\/ol>\n\n\n\n<p><strong>Step 4: Generate a Shared Access Signature (SAS) Token<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to\u00a0<strong>Storage Account<\/strong>\u00a0>\u00a0<strong>Shared Access Signature<\/strong>.<\/li>\n\n\n\n<li>Configure permissions:\n<ul class=\"wp-block-list\">\n<li><strong>Allowed services<\/strong>: Blob<\/li>\n\n\n\n<li><strong>Allowed resource types<\/strong>: Container, Object<\/li>\n\n\n\n<li><strong>Permissions<\/strong>: Read, List<\/li>\n\n\n\n<li><strong>Start &amp; expiry date<\/strong>: Set a reasonable validity period.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click\u00a0<strong>Generate SAS and connection string<\/strong>.<\/li>\n\n\n\n<li>Copy the\u00a0<strong>Blob SAS URL<\/strong>\u00a0(e.g.,\u00a0<strong><code>https:\/\/[storageaccount].blob.core.windows.net\/[container]?[SAS-token]<\/code><\/strong>).<\/li>\n<\/ol>\n\n\n\n<p><strong>Step 5: Deploy via Microsoft Intune<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to\u00a0<a href=\"https:\/\/endpoint.microsoft.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Microsoft Intune Admin Center<\/strong><\/a>.<\/li>\n\n\n\n<li>Navigate to\u00a0<strong>Apps<\/strong>\u00a0>\u00a0<strong>Windows<\/strong>\u00a0>\u00a0<strong>Add<\/strong>\u00a0>\u00a0<strong>Windows app (Win32)<\/strong>.<\/li>\n\n\n\n<li>Upload the\u00a0<strong><code>ZecuritAgentInstaller.exe<\/code><\/strong>\u00a0file.<\/li>\n\n\n\n<li>Configure\u00a0<strong>App Information<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Name:\u00a0<strong><code>Zecurit Agent<\/code><\/strong><\/li>\n\n\n\n<li>Description: (Optional)<\/li>\n\n\n\n<li>Publisher: Zecurit<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Configure\u00a0<strong>Program Settings<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Install command:\u00a0<strong><code>ZecuritAgentInstaller.exe \/silent<\/code><\/strong><\/li>\n\n\n\n<li>Uninstall command:\u00a0<strong><code>ZecuritAgentInstaller.exe \/uninstall<\/code><\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Configure\u00a0<strong>Requirements<\/strong>:\n<ul class=\"wp-block-list\">\n<li>OS Architecture: 64-bit<\/li>\n\n\n\n<li>Minimum OS: Windows 10 1809+<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Configure\u00a0<strong>Detection Rules<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Rule type: File<\/li>\n\n\n\n<li>Path:\u00a0<strong><code>%ProgramFiles%\\\\Zecurit\\\\Agent<\/code><\/strong><\/li>\n\n\n\n<li>File:\u00a0<strong><code>ZecuritAgent.exe<\/code><\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Assign the app to\u00a0<strong>Required<\/strong>\u00a0groups (e.g., All Devices or a specific Azure AD group).<\/li>\n\n\n\n<li>Click\u00a0<strong>Review + Create<\/strong>\u00a0>\u00a0<strong>Create<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p>The agent will now deploy to the selected devices.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Verify Deployment<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Once deployed, the Zecurit agent will install silently.<\/li>\n\n\n\n<li>The device will appear in the <strong>Zecurit Dashboard<\/strong> after successful enrollment.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>???? Use Intune logging and Zecurit\u2019s activity log to verify successful deployment.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">Method 2: Automation Account with Hybrid Runbook Worker<\/h2>\n\n\n\n<p>This method uses\u00a0Azure Automation\u00a0and a\u00a0Runbook\u00a0for scalable deployment, including\u00a0Hybrid Runbook Workers\u00a0for on-premises or cloud devices.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisites<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure Automation Account<\/li>\n\n\n\n<li>Hybrid Runbook Worker configured<\/li>\n\n\n\n<li>Azure Storage Account<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Steps for Method 2<\/h3>\n\n\n\n<p><strong>Step 1: Download &amp; Extract Agent Files<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Download\u00a0<strong><code>ZecuritAgentStartupScript.zip<\/code><\/strong>\u00a0from the Zecurit portal.<\/li>\n\n\n\n<li>Extract the contents to a local folder.<\/li>\n<\/ol>\n\n\n\n<p><strong>Step 2: Create an Automation Account<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to\u00a0<a href=\"https:\/\/portal.azure.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Azure Portal<\/strong><\/a>\u00a0>\u00a0<strong>Automation Accounts<\/strong>\u00a0>\u00a0<strong>Create<\/strong>.<\/li>\n\n\n\n<li>Configure:\n<ul class=\"wp-block-list\">\n<li><strong>Name<\/strong>:\u00a0<strong><code>ZecuritAutomation<\/code><\/strong><\/li>\n\n\n\n<li><strong>Subscription<\/strong>: Select your subscription.<\/li>\n\n\n\n<li><strong>Resource Group<\/strong>: Create new or select existing.<\/li>\n\n\n\n<li><strong>Region<\/strong>: Select a supported Azure region.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click\u00a0<strong>Review + Create<\/strong>\u00a0>\u00a0<strong>Create<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p><strong>Step 3: Set Up Hybrid Runbook Worker Group<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the Automation Account, go to\u00a0<strong>Hybrid Worker Groups<\/strong>\u00a0>\u00a0<strong>Add<\/strong>.<\/li>\n\n\n\n<li>Select\u00a0<strong>Existing Azure VM<\/strong>\u00a0or\u00a0<strong>On-Premises Server<\/strong>\u00a0to install the Hybrid Worker.<\/li>\n\n\n\n<li>Follow Microsoft\u2019s guide to\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/automation\/automation-windows-hrw-install\" target=\"_blank\" rel=\"noopener\"><strong>install the Hybrid Runbook Worker<\/strong><\/a>.<\/li>\n<\/ol>\n\n\n\n<p><strong>Step 4: Upload Agent Files to Blob Storage<\/strong><\/p>\n\n\n\n<p>Follow\u00a0Steps 2 &amp; 3 from Method 1\u00a0to create a Storage Account and upload agent files.<\/p>\n\n\n\n<p><strong>Step 5: Modify &amp; Deploy the Runbook<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the Automation Account, go to\u00a0<strong>Runbooks<\/strong>\u00a0>\u00a0<strong>Create a Runbook<\/strong>.<\/li>\n\n\n\n<li>Name:\u00a0<strong><code>Deploy-ZecuritAgent<\/code><\/strong><\/li>\n\n\n\n<li>Type:\u00a0<strong>PowerShell<\/strong><\/li>\n\n\n\n<li>Paste the modified script (from\u00a0<strong><code>ZecuritAgentStartupScript.zip<\/code><\/strong>) and update:\n<ul class=\"wp-block-list\">\n<li><strong>Storage Blob URL<\/strong>\u00a0(with SAS token)<\/li>\n\n\n\n<li><strong>Target device groups<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click\u00a0<strong>Publish<\/strong>.<\/li>\n\n\n\n<li>Run the\u00a0<strong>Runbook on the Hybrid Worker Group<\/strong>\u00a0to deploy the agent.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Verification &amp; Troubleshooting<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Check Installation<\/strong>:\n<ul class=\"wp-block-list\">\n<li>On a target device, verify\u00a0<strong><code>C:\\\\Program Files\\\\Zecurit\\\\Agent<\/code><\/strong>\u00a0exists.<\/li>\n\n\n\n<li>Check\u00a0<strong>Windows Services<\/strong>\u00a0for\u00a0<strong><code>ZecuritAgent<\/code><\/strong>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Logs<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Agent logs:\u00a0<strong><code>C:\\\\ProgramData\\\\Zecurit\\\\Agent\\\\Logs<\/code><\/strong><\/li>\n\n\n\n<li>Intune logs:\u00a0<strong><code>C:\\\\ProgramData\\\\Microsoft\\\\IntuneManagementExtension\\\\Logs<\/code><\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Common Issues<\/strong>:\n<ul class=\"wp-block-list\">\n<li><strong>403 Forbidden<\/strong>: Ensure SAS token is valid.<\/li>\n\n\n\n<li><strong>Hybrid Worker Offline<\/strong>: Restart the\u00a0<strong><code>HybridService<\/code><\/strong>\u00a0on the worker machine.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Summary: Method Comparison<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Criteria<\/strong><\/th><th><strong>Method 1: Intune + Storage<\/strong><\/th><th><strong>Method 2: Automation + Runbook<\/strong><\/th><\/tr><\/thead><tbody><tr><td>Suitable For<\/td><td>Azure AD devices<\/td><td>Cloud\/on-prem hybrid environments<\/td><\/tr><tr><td>User Interaction<\/td><td>None<\/td><td>None<\/td><\/tr><tr><td>Scalability<\/td><td>High<\/td><td>High<\/td><\/tr><tr><td>Requires Hybrid Workers<\/td><td>\u274c No<\/td><td>\u2705 Yes<\/td><\/tr><tr><td>Admin Complexity<\/td><td>Moderate<\/td><td>Advanced<\/td><\/tr><tr><td>Use Case<\/td><td>Corporate laptops, workstations<\/td><td>Servers, VM fleets, data center assets<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Related Articles<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.notion.so\/help-zecurit-com-21ebe43fb75a80e680ced6bf64f15817?pvs=21\" target=\"_blank\" rel=\"noopener\">Self-Enrollment via Link<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.notion.so\/help-zecurit-com-21ebe43fb75a80e680ced6bf64f15817?pvs=21\" target=\"_blank\" rel=\"noopener\">Enrollment via Intune<\/a><\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"featured_media":0,"parent":2456,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","doc_tag":[],"class_list":["post-2462","docs","type-docs","status-publish","hentry"],"comment_count":0,"_links":{"self":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/types\/docs"}],"replies":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/comments?post=2462"}],"version-history":[{"count":4,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2462\/revisions"}],"predecessor-version":[{"id":2513,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2462\/revisions\/2513"}],"up":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2456"}],"wp:attachment":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/media?parent=2462"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/doc_tag?post=2462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}