The latest Xink application supports Azure AD-joined machines with Azure AD login, not only on-premises AD.
There are few pre-conditions to be met:
- only joined computers are supported, not linked work accounts;
- only login email is supported as an employee id, say if a person logs on as firstname.lastname@example.org, then the employee with email "email@example.com" must exist in Xink.
How to install
Open Preferences in Xink web admin, select "Download" tab. Download IT: Download Xink Client (.MSI Package).
Generate Domain Authentication token, if you haven't created one before. Or just copy existing token using copy icon.
Please note that the token is much longer than what is shown on the screen, using copy icon is essential.
Install or deploy XinkClientSetupAD.msi and apply the Xink Token ID to your end user's computer using any software deployment tool.
The only requirement to make things work is by making sure Xink Client is installed and Xink Token ID is applied in the computer's registry.
Registry location: HKLM:\SOFTWARE\Policies\Xink\Xink Client AD\ADConfig
If you are using SCCM, you may deploy your package and write the registry keys without having to apply the template through GPO. Please refer to this KB.
Lastly please ensure to reboot the target PCs.
Follow the steps in the Microsoft article below for Software deployment via Intune.
Please make sure to add the downloaded XinkClientSetupAD.msi from Step 1 above.
Provide configuration details as stated in Step 3 on the Microsoft article (https://docs.microsoft.com/en-us/intune/lob-apps-windows) and ensure that the DomainAuthToken described in the (step 2 above) is added on the Command-line arguments box, followed by /qn tag for a silent installation (users will not be prompted).
Add the target group in your Azure AD and wait for few hours.
Installation of the Xink client is successful on Hybrid-Domain joined device or Azure AD joined devices once 'Xink AD Client' appears on 'Programs and Features' in Control Panel. To confirm that DomainAuthToken is deployed correctly the target device should have the following registry entry.
The ‘emsclient.exe’ is executed next time the user logs in :
And signatures get updated and copied to Signatures folder inside user’s profile.