- 52
- 38 321
Mr B SOE way
Australia
เข้าร่วมเมื่อ 13 เม.ย. 2020
Hi my name is Bernard and I work in IT. I like to showcase on how I do things :)
Windows Autopilot Hybrid Azure AD Join: Create Intune Win32 App Cisco AnyConnect VPN + SBL
This is a setup by step instructions on how to create your Win32 App for Cisco AnyConnect Secure Mobility Client v4.9.040403 + SBL.
Instructions:
1. Have the full installer for Cisco AnyConnect Secure Mobility Client v4.9.040403 (Comes in ZIP)
2. Extract it and copy the required to another folder to create the win32 package.
3. The ones that need to be copied are:
IMPORTANT:
anyconnect-win-4.9.04043-core-vpn-predeploy-k9.msi
anyconnect-win-4.9.04043-gina-predeploy-k9.msi
Optional:
anyconnect-win-4.9.04043-dart-predeploy-k9.msi
anyconnect-win-4.9.04043-umbrella-predeploy-k9.msi
4. Ideally in your folder to create your:
install-AnyConnect.cmd
CustomProfile.xml - server address
OrgInfo.json - ask your network team
preferences_global.xml - custom preferences
Uninstall-AnyConnect.cmd
5. Install the .msi manually on your device and run the following in powershell:
get-wmiobject Win32_Product | sort-object -property Name | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize
Select All then copy and paste to Notepad, locate the Cisco AnyConnect modules.
6. Update your batch files:
For: install-AnyConnect.cmd - update using step 3 (installer names)
For: Uninstall-AnyConnect.cmd - update using the GUID from step 5.
7. Download the Win32 App package if you have done so: github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool
8. Run CMD as admin, then cd to path file and your installer or setup: install-AnyConnect.cmd then output to the same folder (your choice)
9. Navigate to: endpoint.microsoft.com - Apps - Add - Win32 - Upload the .intunewin and put your description.
Install command: install-AnyConnect.cmd
Uninstall command: Uninstall-AnyConnect.cmd
Install Behaviour: System
Device restart behavior: No specific action
Requirements:
OS architecture: x86 x64
Minimium operating system: Windows 10 1607
Detection Rules: Manually configure detection rules
Detection Rules: MSI (GUID from Cisco AnyConnect Secure Mobility Client) mentioned in Step 5.
Assignments: Your devices
10. Navigate to Devices - Enrol devices - Enrollment Status Page:
You can use default or create your own, I have created my own with: ESP - Windows Autopilot Hybrid Azure AD over VPN
In the ESP, this option must be selected:
Block device use until these required apps are installed if they are assigned to the user/device with app: Cisco AnyConnect Secure Mobility Client v4.9.040403 + SBL selected.
Then save and test.
Instructions:
1. Have the full installer for Cisco AnyConnect Secure Mobility Client v4.9.040403 (Comes in ZIP)
2. Extract it and copy the required to another folder to create the win32 package.
3. The ones that need to be copied are:
IMPORTANT:
anyconnect-win-4.9.04043-core-vpn-predeploy-k9.msi
anyconnect-win-4.9.04043-gina-predeploy-k9.msi
Optional:
anyconnect-win-4.9.04043-dart-predeploy-k9.msi
anyconnect-win-4.9.04043-umbrella-predeploy-k9.msi
4. Ideally in your folder to create your:
install-AnyConnect.cmd
CustomProfile.xml - server address
OrgInfo.json - ask your network team
preferences_global.xml - custom preferences
Uninstall-AnyConnect.cmd
5. Install the .msi manually on your device and run the following in powershell:
get-wmiobject Win32_Product | sort-object -property Name | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize
Select All then copy and paste to Notepad, locate the Cisco AnyConnect modules.
6. Update your batch files:
For: install-AnyConnect.cmd - update using step 3 (installer names)
For: Uninstall-AnyConnect.cmd - update using the GUID from step 5.
7. Download the Win32 App package if you have done so: github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool
8. Run CMD as admin, then cd to path file and your installer or setup: install-AnyConnect.cmd then output to the same folder (your choice)
9. Navigate to: endpoint.microsoft.com - Apps - Add - Win32 - Upload the .intunewin and put your description.
Install command: install-AnyConnect.cmd
Uninstall command: Uninstall-AnyConnect.cmd
Install Behaviour: System
Device restart behavior: No specific action
Requirements:
OS architecture: x86 x64
Minimium operating system: Windows 10 1607
Detection Rules: Manually configure detection rules
Detection Rules: MSI (GUID from Cisco AnyConnect Secure Mobility Client) mentioned in Step 5.
Assignments: Your devices
10. Navigate to Devices - Enrol devices - Enrollment Status Page:
You can use default or create your own, I have created my own with: ESP - Windows Autopilot Hybrid Azure AD over VPN
In the ESP, this option must be selected:
Block device use until these required apps are installed if they are assigned to the user/device with app: Cisco AnyConnect Secure Mobility Client v4.9.040403 + SBL selected.
Then save and test.
มุมมอง: 6 464
วีดีโอ
Windows Autopilot (SP7) - Part 5 - Welcome to Navitas Pty Ltd + MFA
มุมมอง 4273 ปีที่แล้ว
After the systemreset in Part 4, this will load to the login screen showing: "Welcome to Navitas Pty Ltd" Login in with: Username: first.lastname@navitas.com Password: Login password There is an additional step here that includes MFA prompt, once off. Device will restart and bring you to the login screen. This is where we wait for 20 mins for the Cisco LOB to get installed as I am doing it from...
Windows Autopilot (SP7) - Part 6 - Cisco LOB and Login
มุมมอง 4513 ปีที่แล้ว
After enrolling the device in Part 5, I have waited 20 mins for the Cisco AnyConnect LOB (Logon Before Module), I have also restarted the computer which loads with 'Just a moment' for about a few minutes. At the login screen, you will see 'Network Sign-In' showing in the bottom right hand side. Click on that icon and it will bring you to Cisco AnyConnect VPN, select your options: Group: NAVITAS...
Windows Autopilot (SP7) - Part 4 - Upgrading OS & Systemreset
มุมมอง 2013 ปีที่แล้ว
After assigning the deployment profile in Part 3. For the purpose of this video, I will show you on how to upload your OEM to do the full autopilot reset. Take this as an example, where the device is shipped with Home OEM (because of cheaper), with Windows Autopilot you will need at least: Enterprise, Pro or Education License installed on the device to kick it off. As I have inserted the USB on...
Windows Autopilot (SP7) - Part 3 - Update & Assign Profiles
มุมมอง 1923 ปีที่แล้ว
After the device hash has been uploaded to the tenant from Part 2. It is defaulted to the 'Azure AD Join' Profile. By going to: endpoint.microsoft.com - Devices - Enroll devices - Devices - Enter in Serial number of device. Pressing another tab, select Groups - Search for Autopilot Hybrid Azure AD Join. Add the members in there to pick up the groups. This will automatically assign that serial n...
Windows Autopilot (SP7) - Part 2 - Assigning Profiles
มุมมอง 3243 ปีที่แล้ว
After exporting and importing the hash from Part 1. By going to: endpoint.microsoft.com - Devices - Enroll devices - Devices - Enter in Serial number of device. You will see the device profile showing up as "Not Assigned". To trigger the device to pick up quicker, you can select 'Sync' then refresh to see the changes. Give it within 1 to 5 mins.
Windows Autopilot (SP7) - Part 1 - Export and Import into Tenant
มุมมอง 2673 ปีที่แล้ว
In Part 1 of this video, I will be showing you how to export and import the hardware hash into the tenant. Just a summarization: Device has been removed from tenant. Removed this hash from tenant. Device has been reinstalled with Windows 10 Pro which brings me to the OOBE phase. I press Shift F10 which will load to CMD, in the vidoe: wmic bios get serialnumber - shows the serial number systemin...
Wipe & Setup Managed iPhone Device (DEP)
มุมมอง 563 ปีที่แล้ว
Wipe & Setup Managed iPhone Device (DEP)
Creating MS 365 Apps Configuration File (https://config.office.com/)
มุมมอง 2814 ปีที่แล้ว
Creating MS 365 Apps Configuration File (config.office.com/) Downloading MS 365 Apps for Enterprise
Unattended Export & Import via SCCM Task Sequence
มุมมอง 2784 ปีที่แล้ว
This is part 3 of exporting and importing the hardware hash into our tenant.
Unattended Export & Import via SCCM Scripts Part 2
มุมมอง 654 ปีที่แล้ว
This is part 2 of using the SCCM 'Scripts' function to export and import the hardware hash
Unattended Export & Import via SCCM Scripts Part 1
มุมมอง 1014 ปีที่แล้ว
This is part 2 of using the SCCM 'Scripts' function to export and import the hardware hash
Windows Autopilot Hybrid Azure AD Join over VPN Support with (-Online) (-GroupTags)
มุมมอง 3874 ปีที่แล้ว
Instructions - Press shift f10 to load to Command Prompt - Type in: Powershell then press Enter - Type in: set-executionpolicy unrestricted -force then press Enter - Type in: install-script get-windowsautopilotinfo then press Enter - Select 'Y' and press Enter for all 3 prompts - Type in: get-windowsautopilotinfo.ps1 -GroupTag "Hybrid AADJ' -online then press Enter - When the prompt shows up, t...
Windows Autopilot Hybrid Azure AD over VPN Support - Part 2
มุมมอง 1.3K4 ปีที่แล้ว
Today I kicked off Windows Autopilot Hybrid Azure AD over VPN Support using a Microsoft Surface Pro 7. - I waited 20 minutes for the device to receive the partial installations especially Cisco AnyConnect Start Before Logon Module, then I restarted the device - The 'Network Sign-In' showed up, this is where I clicked on which loaded to Cisco AnyConnect Secure Mobility Client, logged in with my ...
Windows Autopilot Hybrid Azure AD over VPN Support - Part 1
มุมมอง 1.5K4 ปีที่แล้ว
Today I kicked off Windows Autopilot Hybrid Azure AD over VPN Support using a Microsoft Surface Pro 7. - Hardware Hash already has been exported and imported into our tenant. - System Reset has reset back to the default factory settings - During the OOBE stage, I have selected my language, region, keyboard layout. - Login with my credentials, approve it via Microsoft Authenticator
Windows Autopilot Hybrid Azure AD over VPN - Part 5 Shortcut
มุมมอง 2094 ปีที่แล้ว
Windows Autopilot Hybrid Azure AD over VPN - Part 5 Shortcut
Windows Autopilot Hybrid Azure AD over VPN Support - Part 4
มุมมอง 1.1K4 ปีที่แล้ว
Windows Autopilot Hybrid Azure AD over VPN Support - Part 4
Windows Autopilot Hybrid Azure AD over VPN Support - Part 3
มุมมอง 9244 ปีที่แล้ว
Windows Autopilot Hybrid Azure AD over VPN Support - Part 3
Windows Autopilot Hybrid Azure AD over VPN Support - Part 2
มุมมอง 7424 ปีที่แล้ว
Windows Autopilot Hybrid Azure AD over VPN Support - Part 2
Windows Autopilot Hybrid Azure AD over VPN Support - Part 1
มุมมอง 5K4 ปีที่แล้ว
Windows Autopilot Hybrid Azure AD over VPN Support - Part 1
Windows Autopilot - Part 4: Fresh Restart (Wipe)
มุมมอง 2584 ปีที่แล้ว
Windows Autopilot - Part 4: Fresh Restart (Wipe)
Windows Autopilot - Part 3 Windows Hello for Business Setup & First Login
มุมมอง 4524 ปีที่แล้ว
Windows Autopilot - Part 3 Windows Hello for Business Setup & First Login
Windows Autopilot - Part 2 OOBE, First Enrollment & Windows Hello for Business Face Recognition.
มุมมอง 1K4 ปีที่แล้ว
Windows Autopilot - Part 2 OOBE, First Enrollment & Windows Hello for Business Face Recognition.
Windows Autopilot - Part 1 Continue Export & Import Hardware Hash into Microsoft Intune
มุมมอง 1464 ปีที่แล้ว
Windows Autopilot - Part 1 Continue Export & Import Hardware Hash into Microsoft Intune
Windows Autopilot - Part 1 Install Autopilot Module
มุมมอง 1394 ปีที่แล้ว
Windows Autopilot - Part 1 Install Autopilot Module
Windows Autopilot - Part 6 Device Reset from the Console
มุมมอง 1034 ปีที่แล้ว
Windows Autopilot - Part 6 Device Reset from the Console
Windows Autopilot - Part 5 Upgrade Feature Windows 10 2004
มุมมอง 1344 ปีที่แล้ว
Windows Autopilot - Part 5 Upgrade Feature Windows 10 2004
Windows Autopilot - Part 4 Follow Up from Part 3
มุมมอง 364 ปีที่แล้ว
Windows Autopilot - Part 4 Follow Up from Part 3
Windows Autopilot - Part 3 OOBE, First Login and Setup
มุมมอง 5414 ปีที่แล้ว
Windows Autopilot - Part 3 OOBE, First Login and Setup
Windows Autopilot - Part 2 Export & Import Hardware Hash + System Reset
มุมมอง 1.2K4 ปีที่แล้ว
Windows Autopilot - Part 2 Export & Import Hardware Hash System Reset
The first part of the vid in the part one I couldn't even understand u near the end when u were talking about a powershift key or sumthing. Can u tell me it so i can understand better
Hi Mr B , how can i get in touch with you ? need your assistance with cisco AnyConnect BFL for my auto pilot ? I am stuck. :(
Thank you for this, it was really helpful. Don't give up on making more videos.
Hi Mr. B, any chance you have instructions on how to setup and deploy any connect device certificate for intune autopilot hybrid azure AD join over VPN + SBL? Thank you.
Sorry for not replying, I don't monitor this channel - add me on www.linkedin.com/in/bernard-mah/
Could you please share the steps we've to do from the Cisco side? Thanks
I don't have those steps unfortunately with me.
Hi Mr. B Could you share the source AnnyConnect installer? Thank you!
Hi Parker, I won't have the Cisco AnyConnect Installers unfortunately. That was dated as version 4.9 (back in 2020).
Can you please provide some links or instructions on how this can be done ?
Amazing Mr. Autopilot !! Really enjoyed all your Autopilot videos Today !! Great Content !! Hope to see moRe videos to come !!
Sorry guys, since leaving my last job I haven't been checking this. Please reach out to me www.linkedin.com/in/bernard-mah and I will be happy to give you the instructions.
does any one know what that Code is before the path on the command-install file ? %~dpo something what is that ? what should be there
Excellent video!!
Thank you :)
Great video man. have you made any video on how to install crowdstrike sensor?
Where can we find the script? Is it a custom script or available in internet?
What does your install.cmd code look like
@@cccn714 where did you find the .cmd syntax? It's hard to see it in the video.
Well done, sir!
Cheers!
I would also recommend downloading vmware workstation + a screen capture software (Like OBS) as an easier way to make future videos/tutorials! You can get an evaluation Windows 10 Enterprise ISO from microsoft and use it to create a VM, it would probably be a lot easier than holding a phone the whole time haha
Prefer to show the real content :)
FYI, new video has been created for your Cisco AnyConnect + SBL :) And I do use OBS to capture my videos.
@jumprs (the Navitas SOE Team) is my work account, but I am also on Reddit. www.reddit.com/u/imasianbrah/? I am on there often most times during my non work hours.
Hey man I saw your video on this channel about VPN support for Hybrid Join using cisco anyconnect, and while doing other research I also saw your comment here: oofhours.com/2020/06/23/windows-autopilot-user-driven-hybrid-azure-ad-join-which-vpn-clients-work/ Could you explain how you packaged the Cisco Anyconnect app with SBL to get it to show on the logon screen?
I can do a video shortly on that, it's pretty straight forward.