How to Deploy Twingate Clients with Microsoft Intune & Endpoint Manager

Guide to configuring Microsoft Intune & Endpoint Manager to distribute the Twingate Client

There are a number of options available to administrators for deploying the Twingate Client to Windows devices. One of the most popular options is to use Microsoft Endpoint Manager (Intune) to deploy the Twingate Client to managed devices. Microsoft Endpoint Manager provides great flexibility in deploying packages to managed clients.

Another option is to deploy a custom script to install the Twingate Client. This can be useful in environments where Microsoft Endpoint Manager is not available or where a more customized deployment is required.

This guide will cover both of these options, starting with Microsoft Endpoint Manager.

Deploying the Twingate Client with Microsoft Endpoint Manager

At a high level, deploying the Twingate Client with Microsoft Endpoint Manager requires:

  • Creating a package to deploy the Twingate Client.
  • Assigning the package to devices for deployment.

Creating a package to deploy the Twingate Client

1. Review Twingate’s Windows MSI page for the latest MSI information

See the Windows MSI page for the latest MSI information and available deployment options. Please make sure to review the prerequisites and deployment options before proceeding.

2. Download the Twingate Client installer

Download the latest version of the Twingate Client Windows MSI installer.

3. Add Twingate to Endpoint Manager

Open Endpoint Manager and click on the Apps section.

Click the Add button to begin deploying the Twingate Client.

In the Select app type section, browse down to the Other section, choose Line-of-business app and click the Select button.

Click the Select app package file link.

Click the folder icon and browse to the downloaded MSI file.

Once you select the MSI file, the file information should populate. Next, click OK.

Fill out the Publisher and the command line arguments fields. The command-line arguments will reference your Twingate tenant name and allow you to define whether optional updates should be automatically applied. Then, click Next.

Assigning the package to devices for deployment

Set up your target Assignments and click Next.

Review your package settings and click Create to start the roll out.

Deploying the Twingate Client with a custom script

If you are unable to use Microsoft Endpoint Manager or require a more customized deployment, you can deploy the Twingate Client using a custom script. In addition, you can use a custom script to set custom features or configurations that are not available through Microsoft Endpoint Manager.

As an example, we will be deploying the Twingate Client using a PowerShell script. This script will download the Twingate Client MSI installer and install it on the device. It will also install the required .NET Desktop Runtime if it is not already installed.

For this example we will be using a generic script hosted in a public GitHub repository. You can find the script here.

Creating the custom script

Any custom script used to deploy the Twingate Client will need to:

  • Download the Twingate Client MSI installer
  • Check for and optionally install the appropriate .NET Desktop Runtime
  • Install the Twingate Client with the MSI installer

When installing the Client with the MSI installer you can utilize the same command line arguments as you would with Microsoft Endpoint Manager. Use the supplied script as a starting point and modify it as needed for your environment.

Deploying the custom script

To deploy the custom script, we will use Intune’s “Script and remediations” feature. This feature allows you to deploy scripts to devices and run them as needed.

  • Open Microsoft Intune and click on the Devices section
    Devices
    Devices
  • Click on Scripts and remediations and then Platform scripts
    Scripts and remediations
    Scripts and remediations
  • Click on Add and then Windows 10 or later
    Add new script
    Add new script
  • Fill out a name for the script, and a description if desired, then click Next
    Script name and description
    Script name and description
  • On the Script Settings page:
    • Locate the script file on your system and select it
    • Set Run this script using the logged on credentials to No - This is important as the script will need to run with elevated permissions
    • Set Enforce script signature check to No
    • Click Next
      Script settings
      Script settings
  • On the Assignments page select the groups or devices you want to deploy the script to and click Next
    Script assignments
    Script assignments
  • Review the settings and click Add
    Review and add
    Review and add

The script will now be deployed to the selected devices and will run as specified in the script. You can check its progress in the script overview.

Last updated 28 days ago