Deploy Elastic Agent with Microsoft Intune
Author
Hilton D
Date Published
In my previous story I shared how any organisation can go from having zero security visibility to having a wealth of contextual information in less than a day.
In this article I’m going to share a small Powershell script that can be used with any management tool to deploy Elastic Agent to a whole fleet of Windows systems. Using this tool an administrator can easily deploy Elastic Agent to 10 or 1000 systems without breaking a sweat!
Here is an overview of what the script does:
Checking to see if it has run before and if the deployment version is current (using the registry)
Downloading and installing Elastic Agent
Enrolling the system using an enrolment token
Here is the link to the script on Github :
github.com
Assuming you have a fleet of Windows systems enrolled in Microsoft InTune (and you have Elastic stack up and running — either in Elastic Cloud or on-prem) you will need to :installElasticAgent/installElasticAgent.ps1 at main · hilt86/installElasticAgent
Powershell script to deploy Elastic Agent. Contribute to hilt86/installElasticAgent development by creating an account…
Grab an enrolment token and fleet server URL from Kibana > Fleet
Modify the $enrollmentToken and $fleetUrl variables in the script
Add and upload the script under Devices > Scripts in Microsoft Endpoint Manager admin centre (https://endpoint.microsoft.com)
Assign it to an Azure Active Directory security group (use a pilot group first in a test environment!)
Once you’ve done that your endpoints will start to appear in Kibana under Fleet > Agents!
Now you can get busy designing detection rules that will provide you with accurate, relevant and actionable information about the security posture of your fleet!
Image courtesy Zach Vessels on Unsplash
Elastic Defend is the quickest way to achieve comprehensive visibility of your fleet and cloud platforms from a cyber security perspective.