IT Pro: Unattended deployment for Entra ID(Azure AD)-joined computer via MS Intune (Client-side)

The latest Xink application supports Azure AD-joined machines with Azure AD login, not only on-premises AD.

There are few pre-conditions to be met:

  • only joined computers are supported, not linked work accounts;
  • only login email is supported as an employee id, say if a person logs on as john.doe@xink.io, then the employee with email "john.doe@xink.io" must exist in Xink.

How to install

  1. Open Preferences in Xink web admin, select "Download" tab. Download IT: Download Xink Client (.MSI Package).

  2. Generate Domain Authentication token, if you haven't created one before. Or just copy existing token using copy icon.
    Please note that the token is much longer than what is shown on the screen, using copy icon is essential.

  3. Install or deploy XinkClientSetupAD.msi and apply the Xink Token ID to your end user's computer using any software deployment tool.

    The only requirement to make things work is by making sure Xink Client is installed and Xink Token ID is applied in the computer's registry.

    Registry location: HKLM:\SOFTWARE\Policies\Xink\Xink Client AD\ADConfig

SCCM deployment

If you are using SCCM, you may deploy your package and write the registry keys without having to apply the template through GPO. Please refer to this KB.

Lastly please ensure to reboot the target PCs.

Intune deployment

Follow the steps in the Microsoft article below for Software deployment via Intune.
https://docs.microsoft.com/en-us/intune/lob-apps-windows

  1. Please make sure to add the downloaded XinkClientSetupAD.msi

  2. Provide configuration details as stated on the Set app information from the Microsoft article (https://docs.microsoft.com/en-us/intune/lob-apps-windows) and ensure that the DomainAuthToken described in the (step 2 of How to Install above) is added on the Command-line arguments box, followed by /qn tag for a silent installation (users will not be prompted).

    Example:



    Note: For cases of UPN and SMTP mismatch, you may enable the Xink Client registry check by adding the "USEOUTLOOKPROFILENAMEASEMAIL=True" switch at the end of the Command-line arguments.

    Ex:


    Next step: You can set to deploy per groups or devices from this page in the Microsoft Endpoint Manager admin center. Then make sure to press Review+Save after.


    Once you're done with the configuration above, click Next review the App information then press Create to start the deployment, allow for a few hours for the replication to take place on your machines.

  3. Installation of the Xink client is successful on Hybrid-Domain joined device or Azure AD joined devices once 'Xink AD Client' appears on 'Programs and Features' in Control Panel. To confirm that DomainAuthToken is deployed correctly the target device should have the following registry entry.

    The ‘emsclient.exe’ is executed next time the user logs in :
    And signatures get updated and copied to Signatures folder inside user’s profile.

NOTE:  Reboot is required once the MSI package has been installed. 



Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.
Quick 1-on-1 Demo | Ⓒ 2024 Xink