Intune

How to Create and Provision Liquit Deployments through Intune 

Topics: Intune, Liquit

In this guide, we’ll explore how to use Liquit Deployments during Autopilot on Windows devices, enabling your end users to access all necessary applications through the Liquit platform. While this process is tailored for Autopilot, with a few modifications, you can deploy the Liquit agent and its deployments via other deployment mechanisms. 

Prerequisites

Before proceeding, ensure that Entra ID is configured as your Identity Source. If not, please follow the instructions at Microsoft Entra ID – Identity Sources to set it up. The steps outlined here were derived from both trial and error and Liquit documentation, particularly the Liquit Agent Bootstrapper deployment with Intune. While these are the steps I followed, your environment may require different settings and customizations. Please consult the documentation for a complete list of settings for your JSON file.  

Note: This guide focuses on configuring the Liquit bootstrapper and agent settings, not Autopilot. 

The term ‘Deployments’ can be ambiguous in IT contexts. For this guide, ‘Deployments’ refers specifically to the section in the Liquit server labeled ‘Deployments.’ 

Step-by-Step Guide to Liquit Deployments through Intune 

Begin by logging into your Liquit portal. We’ll start by configuring and downloading the necessary components. First, create your deployment, which is a collection of packages you intend to deploy to a machine during agent installation. 

  • Create your deployment in Liquit. 
    • In Liquit > Manage > Deployments. 
      • Click Create. 
      • Enter a name for your deployment and Click Next. 
Liquit Deployments through Intune - create deployment
  • Click Finish
  • Once the properties load, proceed with the following steps. 
    • Click Packages. 
    • Search for and add any packages that you would like for this deployment, be sure to specify the “Install” action.
Liquit Deployments through Intune - add packages
  • Click Assignments.
  • Be sure to add an assignment for All Devices and the Production Stage.
Add assignments

Now we will move on to getting the certificates needed for the agent installation. 

Certificates for Liquit Deployments

  • Certificate-based registration is recommended for optimal device registration. The following steps ensure a smooth process. 
    • In Liquit < Manage < Device Registration, follow the below steps: 
      • Click Create. 
      • Keep the “Certificate” section highlighted and click Next. 
Liquit Deployments through Intune - create certificates
  • Name your Certificate and click Next.
Liquit deployments through Intune - Name certificate
  • Select the box for Use a self-signed certificate for device registration and click Next.
Use a self-signed certificate

Give your certificate a name, validity period, and key size. If desired, add a description, then click Next.

Name certificate
  • Click Finish. 
  • When the properties come up, click on Settings. 
  • On the right-hand side, click the button for Download for agent registration button.
Download certificate
  • Save this file for use when creating the Intunewin file. 
  • Export out the three certificates from the Liquit Server and Certificate Management. This may be different from your environment. We need to establish that trust chain between your client and our Liquit server. 
    • IIS Cert you used. 
    • CA Cert for that IIS Cert. 
    • Liquit Self-Signed Cert. 
  • Create three profiles in Intune, one that pushes out the above three certs to devices in their root store Create trusted certificate profiles in Microsoft Intune | Microsoft Learn. 

Download and Create Required Files

  • Create a folder on your C:\ drive (or any folder you choose) to store all the downloaded files. 
  • Navigate to Support – Liquit and download the Agent Bootstrapper and save it in the above folder. 
  • Log in to your Liquit server and click on your user picture in the right-hand corner and click the link to download the agent. Once downloaded, save to above folder, and rename to Agent.exe. 
  • Copy the downloaded certificate file from above to the same folder. 
  • Use Notepad++ (or your choice of editor) to create a Json file named “agent.json” and save it to that same folder. 
  • Create your Json file. At the end of this document is the Json file that I used that you could copy and modify according to your own settings. I’ve highlighted the areas that require modification. Review the remaining settings to determine if further customization is needed. 
    • The Zone will be your zone that you have created. 
    • The certificate thumbprint will be from the certificate you downloaded in Step 1. 
    • The deployment will be the name of the deployment you created in Step 2. 
    • The identity source will be the name of the Identity source you have created for SSO.  
    • The trusted zone is where you would enter your zone name. This can be multiple zones if you have more than one. 
  • Create your IntuneWin file and create your app in Intune. 
    • Follow the documentation guide from Liquit Agent Bootstrapper deployment with Intune to create and upload your package to Intune. 
    • Add ‘/certificate=”AgentRegistration.cer”’ to the install command line so that it copies the certificate you uploaded into the right location so that agent can register correctly with Liquit. 
    • Change the command line for the log to a location that is easily accessible. I used C:\Windows\Temp as my log file location. 
    • Modify the detection method so that instead of using the provided script, you hard code it to look in c:\Program Files\Liquit Universal Agent. 
    • Deploy as required to your autopilot or other devices. 

Achieving a Functional Autopilot Deployment with Liquit Deployments through Intune 

By following these instructions, you should achieve a fully functional Autopilot deployment of applications during device provisioning or initial agent installation.

Note: Ensure port 443 is open on your Liquit server to facilitate communication with clients. After deployment, a device reboot is required to allow the agent to exit deployment mode and restart as a normal process. 

Additional Note: This guide focuses on deploying Liquit on Windows devices. A separate guide for deploying on macOS devices will be published soon.

Happy deploying! 


{ 
    "zone":"https://liquit.corp.viamonstra.com", 
	"promptZone": "Disabled", 
    "registration": { 
        "type": "Certificate", 
		"certificateThumbprint": "1f319334a7357653ded039659953e600e31e6d0f" 
    }, 
    "log": { 
        "level": "Debug", 
		"agentPath": "C:\\Windows\\Temp\\Agent.log", 
		"userHostPath": "C:\\Windows\\Temp\\UserHost.log", 
		"rotateCount": 5, 
		"rotateSize": 1048576 
    }, 
    "deployment": { 
        "enabled": true, 
        "start": true, 
        "context": "device", 
        "cancel": true, 
        "triggers": false, 
        "autoStart": { 
            "enabled": true, 
            "deployment": "Autopilot", 
            "timer": 0 
        } 
    }, 
	"login": { 
		"enabled": true, 
		"sso": true, 
		"identitySource": "MadduxConsulting", 
		"timeout": 4 
	}, 
	"icon": { 
		"enabled": true, 
		"exit": false, 
		"timeout": 30 
	}, 
	"launcher": { 
		"enabled": true, 
		"state": "Default", 
		"start": "Auto", 
		"tiles": true, 
		"minimal": false, 
		"contextMenu": false, 
		"sideMenu": "Tags", 
		"close": true 
	}, 
	"restrictZones": true, 
	"trustedZones": [ 
		"liquit.corp.viamonstra.com" 
	] 
} 
Back to Top