Deployment via Intune
Configure and deploy an application, both on Windows and on MacOS, using Intune.
Passwordless for Windows
Configuring Intune for Windows Deployment
Option 1: Windows App (Win32) (Recommended)
HYPR recommends the HYPR Passwordless for Windows application to be packaged as a Windows app (Win32). The Microsoft article Win32 app management in Microsoft Intune describes the steps involved.
-
Download the HYPR Passwordless client
.zip
package to your environment and unzip the package. The decompressed folder will contain the following content:-
HyprPasswordless_x64-XXXX.msi
(installer; XXXX represents the version) -
hypr.json
(configuration file) -
CustomSkin.zip
(optional, if Advanced Branding is in use)
-
-
Convert the
.msi
and other installations files into a.intunewin
file using the Microsoft Win32 Content Prep Tool:IntuneWinAppUtil -c "[path to directory containing msi and hypr.json file]" -s "[msi filename]" -o "[path to output directory]"
This will produce an output file with a name that looks like
HyprPasswordless_x64-XXXX.intunewin
. -
Login to the Microsoft Intune Admin Center and navigate to Apps > All apps.
-
Click Add.
-
Choose Windows app (Win32), then click Select.
-
Click Select app package file.
-
Click the folder icon button and select the
HyprPasswordless_x64-XXXX.intunewin
file that was generated with the content prep tool. -
Click OK.
-
In the Publisher field, enter HYPR Corp.
-
Additional Information can be added at the discretion of the Intune Manager:
- Information URL:
https://hypr.com/company
- Privacy URL:
https://hypr.com/privacy
- Information URL:
-
Set the other fields as desired and Click the Next button.
-
Click Next.
-
In the Requirements section, set the desired values for the Operating System architecture and Minimum operating system fields and Click the Next button.
-
In the Detection rules section, set the Rules format field to: Manually configure detection rules
-
Click Add to add a new rule.
-
In the new detection rule, set the Rule type field to: MSI. The MSI Product code field will be automatically filled in with the information from the attached package file.
-
Click OK to create the rule and Click Next.
-
Click Next and fill in the Supersedence section according to your needs.
If you're packaging a newer version of HYPR Passwordless, select the previous deployed version and make sure to choose No on Uinstall previous version. This will prevent the installer to remove previously existing registrations and registered devices.
-
Define the list of assigned Windows computers by either selecting Add all users, Add all devices; or by picking one or more named groups via Add group (HYPR Passwordless will be installed on a computer if either the name of the computer or the computer's principal user are listed in the group).
-
After selecting the appropriate assignments, click Next.
-
Review all of the information and ensure the command-line arguments are entered correctly. When everything looks complete, click Create.

Option 2: Windows Line-of-Business (LOB) App
Packing HYPR Passwordless for Windows as an LOB is possible, but it will limit the configuration that can be set up during the installation. If you've any custom parameter that must be set during installation (e.g., proxy servers) or have an Advanced Branding skin, use the recommended Win32 app approach instead.
-
Download the HYPR Passwordless client
.zip
package to your environment and unzip the package. The decompressed folder will contain the following content:-
HyprPasswordless_x64-XXXX.msi
(installer; XXXX represents the version) -
hypr.json
(configuration file) -
CustomSkin.zip
(optional, if Advanced Branding is in use)
-
-
Login to the Microsoft Intune Admin Center and navigate to Apps > All apps.
-
Click Add.
-
Choose Line-of-business app, then click Select.
-
Click Select app package file.
-
Click the folder icon button and select the
HyprPasswordless_x64-XXXX.msi
file that was decompressed from Step 1. -
Click OK.
-
In the Publisher field, enter HYPR Corp.
-
Additional Information can be added at the discretion of the Intune Manager:
-
Information URL:
https://hypr.com/company
-
Privacy URL:
https://hypr.com/privacy
-
-
Click Yes on the Ignore app version combobox.
-
Enter the following information into the command-line arguments:
-
Open the
hypr.json
file that was decompressed in Step 1 and copy the values into the placeholders below -
/q HYPRAPPID="[appID]" HYPRRP="[rpUrl]" HYPRSUPPORT="[supportEmail]" HYPRHASH="[pinningHash]" HYPRINSTALLTOKEN="[installToken]" HYPRTEMPLATE="[certTemplate]"
If you need additional parameters to be passed to the installer, please use the recommended Win32 app approach instead.
-
-
Click Next.
-
Define the list of assigned Windows computers by either selecting Add all users, Add all devices; or by picking one or more named groups via Add group (HYPR Passwordless will be installed on a computer if either the name of the computer or the computer's principal user are listed in the group).
-
After selecting the appropriate assignments Click Next.
-
Review all of the information and ensure the command-line arguments are entered correctly. When everything looks complete, click Create.

Passwordless for macOS
Configuring Intune for macOS Deployment
Unmanaged macOS PKG App (Recommended)
The HYPR Passwordless for Mac application must be installed as an unmanaged application, as it installs components outside of the /Applications
folder. The Microsoft article Add an unmanaged macOS PKG app to Microsoft Intune describes the steps involved.
-
Download the HYPR Passwordless for Mac
.zip
package to your environment and unzip the package. -
Extract the
.pkg
file from thedmg
disk image downloaded in Step 1. On a macOS system, you can double click thedmg
file to mount the disk image and obtain the installer.pkg
file from it. -
Login to the Microsoft Intune Admin Center and navigate to Apps > All apps.
-
Click Add.
-
Choose macOS app (PKG), then click Select.
-
Click Select app package file.
-
Click the folder icon button and select the
HyprPasswordless-x.x.x-Installer.pkg
file that was decompressed from Step 2. -
Click OK.
-
In the Publisher field, enter HYPR Corp.
-
Additional Information can be added at the discretion of the Intune Manager:
-
Information URL:
https://hypr.com/company
-
Privacy URL:
https://hypr.com/privacy
-
-
Click Next.
-
Enter the following text in the post-install script, substituting the content of the
hypr.json
that was decompressed from Step 1 where indicated:#!/bin/sh
TMP=$(mktemp -d /tmp/XXXXXX)
cat <<EOF >$TMP/hypr.json
--> CONTENT OF YOUR `hypr.json` CONFIGURATION FILE <--
EOF
/Library/HYPR/HyprOneService.bundle/Contents/MacOS/HyprOneService -install "$TMP"
rm -rf "$TMP"
exit 0
13 Click Next.
-
Select macOS High Sierra 10.13 as the minimum version.
-
Click Next.
-
Click No on the Ignore app version combo box (HYPR Passwordless for Mac doesn't automatically upgrade, so when a new version is deployed the configuration will have to be updated with the new package and the new version).
-
Click the trash can icon to remove the App bundle ID entries until only the
com.hypr.HyprPasswordless
entry remains in the list (if other entries remain in this list, Intune will keep running the installer). -
Click Next.
-
Define the list of assigned macOS computer by either selecting Add all users, Add all devices; or by picking one or more named groups via Add group (HYPR Passwordless will be installed on a computer if either the name of the computer or the computer's principal user are listed in the group).
-
Click Next.
-
Review the content, and when you are satisfied, click Create.
This configuration will install the HYPR Passwordless client, but it will not force the reboot of the system. The user will have to be instructed to perform a reboot after seeing the HYPR Passwordless client appear on the screen for the first time.
