How to Deploy Twingate Clients with Microsoft Intune & Endpoint Manager
Guide to configuring Microsoft Intune & Endpoint Manager to distribute the Twingate Client
There are a number of options available to administrators for deploying the Twingate Client to Windows devices. One of the most popular options is to use Microsoft Endpoint Manager (Intune) to deploy the Twingate Client to managed devices. Microsoft Endpoint Manager provides great flexibility in deploying packages to managed clients.
Another option is to deploy a custom script to install the Twingate Client. This can be useful in environments where Microsoft Endpoint Manager is not available or where a more customized deployment is required.
This guide will cover both of these options, starting with Microsoft Endpoint Manager.
Deploying the Twingate Client with Microsoft Endpoint Manager
At a high level, deploying the Twingate Client with Microsoft Endpoint Manager requires:
- Creating a package to deploy the Twingate Client.
- Assigning the package to devices for deployment.
Creating a package to deploy the Twingate Client
1. Review Twingate’s Windows MSI page for the latest MSI information
See the Windows MSI page for the latest MSI information and available deployment options. Please make sure to review the prerequisites and deployment options before proceeding.
2. Download the Twingate Client installer
Download the latest version of the Twingate Client Windows MSI installer.
3. Add Twingate to Endpoint Manager
Open Endpoint Manager and click on the Apps section.
Click the Add button to begin deploying the Twingate Client.
In the Select app type section, browse down to the Other section, choose Line-of-business app and click the Select button.
Click the Select app package file link.
Click the folder icon and browse to the downloaded MSI file.
Once you select the MSI file, the file information should populate. Next, click OK.
Fill out the Publisher and the command line arguments fields. The command-line arguments will reference your Twingate tenant name and allow you to define whether optional updates should be automatically applied. Then, click Next.
Assigning the package to devices for deployment
Set up your target Assignments and click Next.
Review your package settings and click Create to start the roll out.
Deploying the Twingate Client with a custom script
If you are unable to use Microsoft Endpoint Manager or require a more customized deployment, you can deploy the Twingate Client using a custom script. In addition, you can use a custom script to set custom features or configurations that are not available through Microsoft Endpoint Manager.
As an example, we will be deploying the Twingate Client using a PowerShell script. This script will download the Twingate Client MSI installer and install it on the device. It will also install the required .NET 6 Core Runtime if it is not already installed.
For this example we will be using a generic script hosted in a public GitHub repository. You can find the script here.
This script is provided as an example and should be reviewed and tested before deploying in a production environment.
Creating the custom script
Any custom script used to deploy the Twingate Client will need to:
- Download the Twingate Client MSI installer
- Check for and optionally install .NET 6 Core Runtime
- Install the Twingate Client with the MSI installer
When installing the Client with the MSI installer you can utilize the same command line arguments as you would with Microsoft Endpoint Manager. Use the supplied script as a starting point and modify it as needed for your environment.
Deploying the custom script
To deploy the custom script, we will use Intune’s “Script and remediations” feature. This feature allows you to deploy scripts to devices and run them as needed.
- Open Microsoft Intune and click on the Devices section
Devices - Click on Scripts and remediations and then Platform scripts
Scripts and remediations - Click on Add and then Windows 10 or later
Add new script - Fill out a name for the script, and a description if desired, then click Next
Script name and description - On the Script Settings page:
- Locate the script file on your system and select it
- Set Run this script using the logged on credentials to No - This is important as the script will need to run with elevated permissions
- Set Enforce script signature check to No
- Click Next
Script settings
- On the Assignments page select the groups or devices you want to deploy the script to and click Next
Script assignments - Review the settings and click Add
Review and add
The script will now be deployed to the selected devices and will run as specified in the script. You can check its progress in the script overview.
If your organization uses Windows 10/11 Enterprise E3 or E5 licenses then you may want to consider using a remediation script to ensure that the Twingate Client is installed and running on all devices. This will allow you to automatically deploy the Twingate Client to devices that are not compliant with your organization’s security policies.
Check out the Microsoft remediations documentation for more information.
Last updated 5 days ago