Deployment via Intune

Configure and deploy an application, both on Windows and on MacOS, using Intune.

Passwordless for Windows

Configuring Intune for Windows Deployment

Option 1: Windows App (Win32) (Recommended)

HYPR recommends the HYPR Passwordless for Windows application to be packaged as a Windows app (Win32). The Microsoft article Win32 app management in Microsoft Intune describes the steps involved.

1. Download the HYPR Passwordless client .zip package to your environment and unzip the package. The decompressed folder will contain the following content:

   • HyprPasswordless_x64-XXXX.msi (installer; XXXX represents the version)

   • hypr.json (configuration file)

   • CustomSkin.zip (optional, if Advanced Branding is in use)

2. Convert the .msi and other installations files into a .intunewin file using the Microsoft Win32 Content Prep Tool:

   IntuneWinAppUtil -c "[path to directory containing msi and hypr.json file]" -s "[msi filename]" -o "[path to output directory]"

   This will produce an output file with a name that looks like HyprPasswordless_x64-XXXX.intunewin.

3. Login to the Microsoft Intune Admin Center and navigate to Apps > All apps.

4. Click Add.

5. Choose Windows app (Win32), then click Select.

6. Click Select app package file.

7. Click the folder icon button and select the HyprPasswordless_x64-XXXX.intunewin file that was generated with the content prep tool.

8. Click OK.

9. In the Publisher field, enter HYPR Corp.

10. Additional Information can be added at the discretion of the Intune Manager:

    • Information URL: https://hypr.com/company
    • Privacy URL: https://hypr.com/privacy

11. Set the other fields as desired and Click the Next button.

12. Click Next.

13. In the Requirements section, set the desired values for the Operating System architecture and Minimum operating system fields and Click the Next button.

14. In the Detection rules section, set the Rules format field to: Manually configure detection rules

15. Click Add to add a new rule.

16. In the new detection rule, set the Rule type field to: MSI. The MSI Product code field will be automatically filled in with the information from the attached package file.

17. Click OK to create the rule and Click Next.

18. Click Next and fill in the Supersedence section according to your needs.

    If you're packaging a newer version of HYPR Passwordless, select the previous deployed version and make sure to choose No on Uinstall previous version. This will prevent the installer to remove previously existing registrations and registered devices.

19. Define the list of assigned Windows computers by either selecting Add all users, Add all devices; or by picking one or more named groups via Add group (HYPR Passwordless will be installed on a computer if either the name of the computer or the computer's principal user are listed in the group).

20. After selecting the appropriate assignments, click Next.

21. Review all of the information and ensure the command-line arguments are entered correctly. When everything looks complete, click Create.

Option 2: Windows Line-of-Business (LOB) App

note

Packing HYPR Passwordless for Windows as an LOB is possible, but it will limit the configuration that can be set up during the installation. If you've any custom parameter that must be set during installation (e.g., proxy servers) or have an Advanced Branding skin, use the recommended Win32 app approach instead.

1. Download the HYPR Passwordless client .zip package to your environment and unzip the package. The decompressed folder will contain the following content:

   • HyprPasswordless_x64-XXXX.msi (installer; XXXX represents the version)

   • hypr.json (configuration file)

   • CustomSkin.zip (optional, if Advanced Branding is in use)

2. Login to the Microsoft Intune Admin Center and navigate to Apps > All apps.

3. Click Add.

4. Choose Line-of-business app, then click Select.

5. Click Select app package file.

6. Click the folder icon button and select the HyprPasswordless_x64-XXXX.msi file that was decompressed from Step 1.

7. Click OK.

8. In the Publisher field, enter HYPR Corp.

9. Additional Information can be added at the discretion of the Intune Manager:

   • Information URL: https://hypr.com/company

   • Privacy URL: https://hypr.com/privacy

10. Click Yes on the Ignore app version combobox.

11. Enter the following information into the command-line arguments:

    • Open the hypr.json file that was decompressed in Step 1 and copy the values into the placeholders below

    • /q HYPRAPPID="[appID]" HYPRRP="[rpUrl]" HYPRSUPPORT="[supportEmail]" HYPRHASH="[pinningHash]" HYPRINSTALLTOKEN="[installToken]" HYPRTEMPLATE="[certTemplate]"

    If you need additional parameters to be passed to the installer, please use the recommended Win32 app approach instead.

12. Click Next.

13. Define the list of assigned Windows computers by either selecting Add all users, Add all devices; or by picking one or more named groups via Add group (HYPR Passwordless will be installed on a computer if either the name of the computer or the computer's principal user are listed in the group).

14. After selecting the appropriate assignments Click Next.

15. Review all of the information and ensure the command-line arguments are entered correctly. When everything looks complete, click Create.

Passwordless for macOS

Configuring Intune for macOS Deployment

Unmanaged macOS PKG App (Recommended)

The HYPR Passwordless for Mac application must be installed as an unmanaged application, as it installs components outside of the /Applications folder. The Microsoft article Add an unmanaged macOS PKG app to Microsoft Intune describes the steps involved.

1. Download the HYPR Passwordless for Mac .zip package to your environment and unzip the package.

2. Extract the .pkg file from the dmg disk image downloaded in Step 1. On a macOS system, you can double click the dmg file to mount the disk image and obtain the installer .pkg file from it.

3. Login to the Microsoft Intune Admin Center and navigate to Apps > All apps.

4. Click Add.

5. Choose macOS app (PKG), then click Select.

6. Click Select app package file.

7. Click the folder icon button and select the HyprPasswordless-x.x.x-Installer.pkg file that was decompressed from Step 2.

8. Click OK.

9. In the Publisher field, enter HYPR Corp.

10. Additional Information can be added at the discretion of the Intune Manager:

    • Information URL: https://hypr.com/company

    • Privacy URL: https://hypr.com/privacy

11. Click Next.

12. Enter the following text in the post-install script, substituting the content of the hypr.json that was decompressed from Step 1 where indicated:

    #!/bin/sh
    TMP=$(mktemp -d /tmp/XXXXXX)
    cat <<EOF >$TMP/hypr.json
    --> CONTENT OF YOUR `hypr.json` CONFIGURATION FILE <--
    EOF
    /Library/HYPR/HyprOneService.bundle/Contents/MacOS/HyprOneService -install "$TMP"
    rm -rf "$TMP"
    exit 0

13 Click Next.

14. Select macOS High Sierra 10.13 as the minimum version.

15. Click Next.

16. Click No on the Ignore app version combo box (HYPR Passwordless for Mac doesn't automatically upgrade, so when a new version is deployed the configuration will have to be updated with the new package and the new version).

17. Click the trash can icon to remove the App bundle ID entries until only the com.hypr.HyprPasswordless entry remains in the list (if other entries remain in this list, Intune will keep running the installer).

18. Click Next.

19. Define the list of assigned macOS computer by either selecting Add all users, Add all devices; or by picking one or more named groups via Add group (HYPR Passwordless will be installed on a computer if either the name of the computer or the computer's principal user are listed in the group).

20. Click Next.

21. Review the content, and when you are satisfied, click Create.

Give It the Boot

This configuration will install the HYPR Passwordless client, but it will not force the reboot of the system. The user will have to be instructed to perform a reboot after seeing the HYPR Passwordless client appear on the screen for the first time.