AQUILA EDR Mass Deployment Via Microsoft Intune

Deploying Endpoint Detection & Response (EDR) via Microsoft Intune

Overview

This guide explains how to install an Endpoint Detection & Response (EDR) solution on all devices managed through Microsoft Intune. The process ensures consistent protection across your organization’s endpoints by using Intune’s Endpoint security policies and app deployment features.

Prerequisites

Before beginning, confirm the following:

• You have Global Administrator or Intune Administrator rights in Microsoft 365.

• Devices are already enrolled and compliant in Microsoft Intune.

• You have the installer package ( IntuneWin format) for your chosen EDR solution.
  

---

Step 1: Prepare the EDR Installer

1. Obtain the official EDR installation package (MSI) from AQUILA

2. If the installer is not in .intunewin format, convert it using the Microsoft Win32 Content Prep Tool.

Download tool: GitHub - microsoft/Microsoft-Win32-Content-Prep-Tool: A tool to wrap Win32 App and then it can be uploaded to Intune

Steps for preparing an Installer for Intune (.intunewin format)

Download the Packaging Tool

1. Go to Microsoft’s official download page: Win32 Content Prep Tool (GitHub)

2. Download the ZIP file to your computer.

3. Right-click the ZIP → Extract All…

4. Choose a location (for example: C:\IntuneWinAppUtil).

Prepare Your Installer Files

1. 1. 1. Create a folder for your installer, for example:

         • C:\2. Source\EDR

      2. Place the Master installer inside that folder. Place also here the script files.

         • Master-Installer.ps1
           

         

         
         

          

      3. Create another empty folder where the packaged file will be saved, for example:

         • C:\3. Output

Run the Packaging Tool

1. Go to the folder where you extracted the tool and run it

2. The tool will ask you a few questions. Enter the following:

• Source folder: type the path to your installer folder. Click the path and copy. (e.g., C:\Source\EDR).

• Setup file: type the name of the Master Script and include its file type (e.g., Master-Installer.ps1).

• Output folder: type the path to your empty folder. Click the path and copy. (e.g., C:\3. Output).

• Catalog folder: just press Enter to skip.

Check the Result

• • • Open your output folder (C:\Output).

    • You should now see a file ending in .intunewin, for example:

    • This is the file you’ll upload into Microsoft Intune.
  •  

    

Step 2: Add the EDR App to Intune

Sign in to the Microsoft Intune admin center → https://intune.microsoft.com

• Go to Apps.

• Windows App

• Add

1. Select the app type:

• • Windows app (Win32) for most EDR installers.

    

2. Upload the prepared installer package. 

• Find and upload the .intune file on the Output folder from earlier.

3. Configure App Information: name, description, publisher.

4. Set Program Install/Uninstall Commands.

• Install Command:

powershell.exe -ExecutionPolicy Bypass -File .\Master-Installer.ps1

• Uninstall command:

-Open the PowerShell as Administrator.

-Get the Product Code of Aquila Agent by running this command on PowerShell.

$msiPath = "C:\Path\To\Aquila Agent.msi"
$installer = New-Object -ComObject WindowsInstaller.Installer
$database = $installer.OpenDatabase($msiPath, 0)
$view = $database.OpenView("SELECT Value FROM Property WHERE Property='ProductCode'")
$view.Execute()
$record = $view.Fetch()
$record.StringData(1)

• For Example, this is now your Uninstall Command:

msiexec /x "{Product Code}" /quiet /norestart

5. Under Requirements, select OS architecture and minimum version.

6. Add Detection Rules to confirm successful installation. 

Option A: MSI Product Code (recommended if you know it)

• Rule type: MSI

• MSI product code: {Aquila Agent Product code} (Please refer to 4. on how to get the Aquila Agent Product Code:)

Option B: File exists

• Rule type: File

• Path: C:\Program Files\Aquila Agent

• File or folder: Aquila Agent.exe

• Detection method: File or folder exists

Option C: Registry key

• Rule type: Registry

• Path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\"{Aquila Product Code}"

  • This is how to get the Aquila Product Code.
  • This is now the path to input: "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\"{Product Key}" 

    

• Value: DisplayName → check exists or equals “Aquila Agent”

7. Set Dependencies

8. Supersedence

9. Assignments

• Required

  • Intune automatically installs the app on targeted devices.

  • Perfect for your Elastic/Aquila Agent deployment.

• Available for enrolled devices

  • Users can see the app in Company Portal and install it manually.

  • Good for optional apps or testing.
    

• Uninstall

  • Used if you want to remove the app from certain groups.

10. Review + Create

Step 3: Monitor Deployment

1. In the Intune admin center, go to Apps → select your EDR app.

2. Check Device install status to confirm successful installations.

   

  If you need further assistance, kindly contact our technical support at support@cytechint.com for prompt assistance and guidance.