In this guide I will be deploying Sophos Endpoint via Intune to a Windows 11 AutoPilot device.
Sophos Endpoint is a cloud-based platform that provides centralised management and security for various IT environments. It offers features such as endpoint protection, server security, firewall management, and mobile device management. Sophos Central integrates threat intelligence and automation to defend against cyber threats, streamline security operations, and simplify compliance for businesses.
For the purpose of this guide I have created the following folder structure for ease of use:
Intune App Creator - This is where the IntuneWinAppUtil is located.
-> source
-> {application name} - This is where the downloaded .msi or .exe files are located.
-> output
-> {application name} - This is where the created .intunewin file is stored.
Creating the Intune WIN file
Login to your Sophos Central dashboard, then click on Devices then Installers.
Click on “Download Complete Windows Installer”, this will download the Endpoint Protection installer.
After downloading the installer, copy the installer file to the source folder for where you’re creating the Intune WIN file. In this example I will copy the installer to C:\users\admin\desktop\Intune App Creator\source\sophos endpoint
Once the installer file has downloaded, place this in the source folder for your Intune WIN creator tool.
In my example it was saved to C:\Users\Admin\Desktop\Intune App Creator\source\Sophos Endpoint
Now launch the IntuneWinAppUtil.exe application.
This tool can be downloaded from https://github.com/microsoft/Microsoft-Win32-Content-Prep-Tool
When prompted fill in the paths for the required files/folders. In my example it was:
| Source folder | C:\users\admin\desktop\Intune App Creator\source\sophos endpoint |
| Setup file | C:\users\admin\desktop\Intune App Creator\source\sophos endpoint\sophossetup.exe |
| Output folder | C:\users\admin\desktop\Intune App Creator\output\sophos endpoint |
| Catalog folder | N |
Deploying the app via Intune
Login to the Intune Admin Centre and click on “Apps” then “All apps” then “Add”.
Select the dropdown menu then choose “Windows app (Win32)” and then “Select”.
Click on “Select app package file”.
Click on the browse icon then select the intunewin file from your output folder.
e.g. C:\users\admin\desktop\Intune App Creator\output\Sophos Endpoint\SophosSetup.intunewin
Now you’ll need to fill out the required fields with the information for the app.
Example of information:
| Name | Sophos Central |
| Description | Advanced endpoint protection coupled with a simple, intuitive user experience. |
| Publisher | Sophos Ltd |
| Privacy URL | https://soph.so/oclS8c |
Once you have filled out the required fields, click “Next”.
The next step is to specify the Install and Uninstall commands which Intune will use to install the application. Enter the following commands and leave the rest of the settings as default:
| Install command | SophosSetup.exe –quiet |
| Uninstall command | %ProgramFiles%\Sophos\Sophos Endpoint Agent\uninstallcli.exe |
Click on “Next”.
Select the required operating system architecture and minimum operating system. Then click on “Next”.
For the detection rule choose “Manually configure detection rules” from the dropdown menu.
In the Detection rule menu fill out the following fields:
| Rule type | File |
| Path | %ProgramFiles%\Sophos\Sophos UI |
| File or folder | Sophos UI.exe |
| Detection method | File or folder exists |
| Associated with a 32-bit app on 64-bit clients | No |
After filling out the required fields, click “OK” then “Next”.
Click “Next” on the Dependencies section.
Click “Next” on the Supersedence section.
Within the Assignments section you can chose how the application is made available to devices. In my example I will be making Sophos required for all devices.
Finally click on “Create”.
Verifying the deployment
You can verify the application has been deployed to a device by viewing an enrolled device which the application has been assigned to. Then navigating to the “Managed Apps” section. Here you should see the application and the installation status.
You can also verify the application has been installed by logging into your Sophos Central dashboard, navigating to Devices and looking for the Hostname of a device which has the application assigned to it.
