How to Install SCCM Client using Intune for Autopilot Provisioned Devices

This blog discusses how to install an SCCM client using Intune for Autopilot devices. Many Organizations are still using Endpoint Configuration Manager (MECM or SCCM) in their on-prem infrastructure, so most of the organizations will have a co-managed solution.

Microsoft Intune (Endpoint Configuration Manager) has a lot of modern management adaption compared to SCCM; still, administrators prefer to get the best of both sides (Intune and MECM/SCCM). 

This post will explain provisioning a device through Windows Autopilot, installing the SCCM client using Microsoft Intune, and registering the SCCM Client through the Cloud Management Gateway.

You can also use the Tenant Attach feature. Recently, Microsoft has renamed the Co-management to Tenant Attach. Learn how to install SCCM client using Intune for Autopilot provisioned devices.

Patch My PC

Prerequisites – Install SCCM Client using Intune for Autopilot Devices

Let’s install SCCM client using Intune for Autopilot devices. The following are the SCCM client installation prerequisites.

  1. SCCM Client requires CMG (Cloud Management Gateway), it involves the cost of Azure Tenant of your organization.
  2. The user must have the Azure Identity (for Intune Application deployment purposes)
  3. The MECM Client Settings (requires to support CMG communication
    • Cloud Services
      1. Automatically register new Windows 10 or later domain joined devices with Azure Active Directory: Yes
      2. Enable clients to use a cloud management gateway: Yes
  4. Metered Interner connection (either Limit or Allow) based on your CMG scale setup
    • Client communication on metered internet connections: Limit or Allow ( based on your CMG infra setup)
  5. The alternative without CMG, the device would be to connect to the on-prem Configuration Manager via a VPN connection.

More about co-management (https://www.anoopcnair.com/sccm-how-to-setup-co-management-part1-introduction-prerequisites/)

How to Install SCCM Client using Intune for Autopilot Devices
How to Install SCCM Client using Intune for Autopilot Devices

Installing the SCCM Client

There are two methods to install the SCCM client in Microsoft Intune; we can use either Win32 App deployment or Microsoft LOB (Line of Business). Installing the Configuration manager client during the middle of autopilot will break the autopilot process, as the Configuration Manager client becomes the management authority the moment it becomes active.

I have chosen to use Win32 App deployment instead of the LOB, the LOB application having an issue keeping the user at the Autopilot Deployment screen.

Adaptiva

Win32 App Application Creation

Let’s understand how to create Win32 application creation for SCCM client agent installation using Intune. Manual Installation of the SCCM client on Domain Joined Windows 11 PC is straightforward if you connect the device to LAN.

NOTE! – The explanation of the Win32 App (InutneWin) package in the following post Deploy Registry Fix Using Intune Win32 App.

The below steps explain the SCCM client package conversion into Intune Application. SCCM Client Installation using Microsoft Intune – SCCM Client Package conversion command-line execution.

How to Install SCCM Client using Intune for Autopilot Devices
SCCM Client Installation using Microsoft Intune – SCCM Client Package conversion command-line execution – How to Install SCCM Client using Intune for Autopilot Devices

SCCM Client Installation using Microsoft Intune. I have not entered any command-line option.

How to Install SCCM Client using Intune for Autopilot Devices
SCCM Client Installation using Microsoft Intune – SCCM Client package conversion process completed – How to Install SCCM Client using Intune for Autopilot Devices

How to get SCCM Client Installation Parameters

The below steps walkthrough to get the SCCM client installation parameter from the SCCM console.

  1. Launch the Configuration Manager administration console and navigate to

Administration –> Overview –> Cloud Services > Co-management

  1. Select CoMgmgtSettigsProd and right-click select Properties
  1. Select the Enablement tab, click Copy to copy the command line and select OK
How to Install SCCM Client using Intune for Autopilot Devices
SCCM Client Installation using Microsoft Intune – get the SCCM Client command-line parameters – How to Install SCCM Client using Intune for Autopilot Devices

Note: In a few scenarios, SCCM Client installation needs additional parameters.

CMHOSTNAME – This property can specify the address of a cloud management gateway (CMG)
SMSSITECODE – This property specifies a Configuration Manager site to which you assign the client
SMSMP – Specifies an initial management point for the Configuration Manager client to use
AADCLIENTAPPID – Specifies the Azure Active Directory (Azure AD) client app identifier.
AADTENANTID – Specifies the Azure AD tenant identifier
AADRESOURCEURI – Specifies the Azure AD server app identifier
/nocrlcheck – Specifies that a client shouldn’t check the certificate revocation list (CRL) when it communicates over HTTPS with a PKI certificate
CCMHTTPSSTATE – Specify 31 to prevent Certificate Revocation List (CRL) check

Command Line – SCCM Client Application Installation

Command-Line, which I used in the lab environment to test the SCCM client install from Intune, is below. It may require some modifications in your production deployments or scenarios. I would recommend reading Microsoft documentation to have more guidance on this topic.

CCMSETUPCMD (MSI installation?) –  Specifies command-line parameters and properties passed to ccmsetup.exe after ccmsetup.msi installs it. Use this property when bootstrapping the SCCM client using the Intune MDM installation method. Microsoft Intune limits the command line to 1024 characters.

You can get the command line details of your environment from SCCM co-management configuration properties. But I recommend adding some additional parameters like NOCRLCHECK for your lab environment.

More Details – Deploy Install SCCM Client Via Intune – Co-Management (anoopcnair.com)

Create Win32 app SCCM Client Application in Intune

Let’s walk through the Win32 app creation of the SCCM Client application.

Launch the  Microsoft Endpoint Manager admin center. On the Microsoft Endpoint Manager admin center portal, select Apps, and then select Windows.

How to Install SCCM Client using Intune for Autopilot Devices
How to Install SCCM Client using Intune for Autopilot Devices

On the Windows App page, select Add to create the application.
On the right corner, Select the app type page, select the App type drop-down menu, choose Windows App (Win32).

How to Install SCCM Client using Intune for Autopilot Provisioned Devices 1
How to Install SCCM Client using Intune for Autopilot Devices – SCCM Client Installation using Microsoft Intune – Select the Windows App (Win32) type.

Click Select to start creating the application.

SCCM Client Installation using Microsoft Intune - Select the Windows  App (Win32) type
SCCM Client Installation using Microsoft Intune – Select the windows App (Win32) to start the app creation – SCCM Client Installation using Microsoft Intune – Select the Windows App (Win32) type

On the Add App page, choose the Select app package file option.
In the right corner App package file page, Select the Browse button to choose the SCCM Intune file type.

How to Install SCCM Client using Intune for Autopilot Devices
How to Install SCCM Client using Intune for Autopilot Devices

Browse and select the ccmsetup.intunewin file and click Open.

How to Install SCCM Client using Intune for Autopilot Devices
SCCM Client Installation using Microsoft Intune – select ccmsetup Intune file – How to Install SCCM Client using Intune for Autopilot Devices

Ensure the cmsetup.intunewin file is selected, and click OK to continue creating the application.

How to Install SCCM Client using Intune for Autopilot Provisioned Devices 2
SCCM Client Installation using Microsoft Intune – Creation of an application

On the Application Information tab, input the required information and select Next.

How to Install SCCM Client using Intune for Autopilot Devices
SCCM Client Installation using Microsoft Intune – Application Information – How to Install SCCM Client using Intune for Autopilot Devices

On the Program tab,

Enter the SCCM Client install parameter in the Install command column. Refer to the How to get SCCM Client Installation Parameters topic.

Enter the SCCM client uninstall parameter in the Uninstall command column. Select System as Install behavior. Select Next to continue to the next step.

How to Install SCCM Client using Intune for Autopilot Devices
SCCM Client Installation using Microsoft Intune – Program Information

Select the listed options as a prerequisite to installing the SCCM client on the Requirements tab.
Select Next.

How to Install SCCM Client using Intune for Autopilot Devices
SCCM Client Installation using Microsoft Intune – Requirements Information – How to Install SCCM Client using Intune for Autopilot Devices

On the Detection rules tab, I have chosen MSI for SCCM Client installation; you can select the detection rule based on your requirement.

Rule Format: Manually configure detection rules
Rule Type: MSI
MSI product code: <SCCM Client MSI product code>
MSI Product version check: No

To get the MSI product for SCCM, execute the PowerShell script on the SCCM client-installed windows computer.
Get-WmiObject Win32_Product | Where-Object {$_.Name -eq “Configuration Manager Client”}

How to Install SCCM Client using Intune for Autopilot Devices
SCCM Client Installation using Microsoft Intune – Detection Rule Information – How to Install SCCM Client using Intune for Autopilot Devices
How to Install SCCM Client using Intune for Autopilot Devices
How to Install SCCM Client using Intune for Autopilot Devices

On the Dependencies tab, select Next.

On the Supersedense (preview) tab, select Next.

How to Install SCCM Client using Intune for Autopilot Devices
How to Install SCCM Client using Intune for Autopilot Devices

On the Scope tags tab, I haven’t chosen the scope tab; if required, select your option. Select Next.

How to Install SCCM Client using Intune for Autopilot Devices
How to Install SCCM Client using Intune for Autopilot Devices

On the Add App tab, choose the Required > Add group option.
In the right corner, Select the groups tab, Select the AAD group, and click Select.
Click Next on the Add app tab.

I recommend deploying the SCCM client during Autopilot provisioning devices to the User group instead of the Device dynamic group. If the SCCM Client is deployed to the device group, it will break the Autopilot process to prioritize the SCCM client role of policy assignments.

How to Install SCCM Client using Intune for Autopilot Provisioned Devices 3
SCCM Client Installation using Microsoft Intune – Assignment Information

On the Review + create tab, review the SCCM Client installation properties, select Create to complete the Intune application.

SCCM Client Installation using Microsoft Intune - Review + create Information
How to Install SCCM Client using Intune for Autopilot Devices

I would thank Joy and Rajul for guiding SCCM client installation and related issues from the Microsoft Endpoint Manager admin center.

Reference

Intune Win32 App Troubleshooting Client Side Process Flow – https://www.anoopcnair.com/intune-win32-app-troubleshooting/

Author

Kannan C S is a Technical Architect with more than 15 years of experience in the IT domain. He has worked on various technologies like Windows server administration, SCCM, SCOM, and Desktop Engineering domains. For the last 10 years, he has worked in Microsoft SCCM, focusing on Configuration Manager and Intune technologies.

5 thoughts on “How to Install SCCM Client using Intune for Autopilot Provisioned Devices”

  1. Hi,
    Could you please let me know, how do you create a dynamic group in AAD which populates all new provisioned device?
    Thanks,

    Reply
  2. Hi Anoop,

    Nice article.
    Is it possible to deploy the configmgr client for autopilot hybrid ad join device without CMG?
    If yes, how can we acheive this?

    Thank you,

    Reply
  3. Hi Anoop,

    I think using the MSI ProdCode is problematic, because once client is upgraded it will not longer be TRUE, causing this Win32 app to retrigger on every device. I’d suggest [to others] to use these two in combination:
    1. CCMExec.exe exists [file check]
    2. CCMExec service “Start” value [reg check]

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.