This article will guide you through deploying the Sophos app for managed Windows devices via Intune. You can download the Windows installer file from the Sophos admin console. The installer file is in .exe format so I have used a file-based detection rule.
Things to consider during the packaging of applications
Please specify the source folder: [APP_FOLDER_NAME]
Please specify the setup file: SophosSetup.exe
Please specify the output folder: [OUTPUT_APP_PACKAGE_FOLDER_NAME]
(Refer Win32 Packaging Instructions: https://sysopsinsiders.com/packaging-win32-app-for-intune-upload)
Uploading and Deploying Win32 Package into Intune
Login to Microsoft Intune Admin Center: https://intune.microsoft.com/
Upload the SophosSetup.intunewin win32 file
During the Sophos deployment process, make sure the following Install, Uninstall and Detection Rules parameters are set:
Parameters | Command / Value |
Install Command (Silent) | SophosSetup.exe --quiet |
Uninstall Command (Silent) | %ProgramFiles%\Sophos\Sophos Endpoint Agent\SophosUninstall.exe --quiet |
Detection Rules | Rules format - Manually configure detection rules |
Re-installing/uninstalling Sophos is not easy and depends on how it is configured on end-user devices, which can depend on organisation policies. Usually, one of the features—tamper protection—is configured on Sophos, and due to this, re-installation/uninstallation is not possible without the removal of tamper protection.
Refer to the complete instructions provided regarding uploading and deploying the win32 App to Intune from the link below
https://sysopsinsiders.com/upload-and-deploy-win32-application-using-microsoft-intune/