Sophos Endpoint for Windows Deploy with Intune

This article will guide you through deploying the Sophos app for managed Windows devices via Intune. You can download the Windows installer file from the Sophos admin console. The installer file is in .exe format so I have used a file-based detection rule.

Things to consider during the packaging of applications

Please specify the source folder: [APP_FOLDER_NAME]
Please specify the setup file: SophosSetup.exe
Please specify the output folder: [OUTPUT_APP_PACKAGE_FOLDER_NAME]

(Refer Win32 Packaging Instructions: https://sysopsinsiders.com/packaging-win32-app-for-intune-upload)

Uploading and Deploying Win32 Package into Intune

Login to Microsoft Intune Admin Center: https://intune.microsoft.com/

Upload the SophosSetup.intunewin win32 file

During the Sophos deployment process, make sure the following Install, Uninstall and Detection Rules parameters are set:

ParametersCommand / Value
Install Command (Silent)SophosSetup.exe --quiet
Uninstall Command (Silent)%ProgramFiles%\Sophos\Sophos Endpoint Agent\SophosUninstall.exe --quiet
Detection RulesRules format - Manually configure detection rules

Add Rule Type - File

Path - %ProgramFiles%\Sophos\Sophos UI

File or folder - Sophos UI.exe

Detection method - File or folder exists

Associated with 32-bit app - No

 Re-installing/uninstalling Sophos is not easy and depends on how it is configured on end-user devices, which can depend on organisation policies. Usually, one of the features—tamper protection—is configured on Sophos, and due to this, re-installation/uninstallation is not possible without the removal of tamper protection.

 Refer to the complete instructions provided regarding uploading and deploying the win32 App to Intune from the link below
https://sysopsinsiders.com/upload-and-deploy-win32-application-using-microsoft-intune/

Leave a Reply

Your email address will not be published. Required fields are marked *