I was deploying ZScaler for a customer and we where enroling devices with Azure AD Join. The deployment of the app was fairly easy and it worked well on my test machine but not on during the autopilot process when deploying new machines. After some troubleshooting I realised that the Zscaler was waiting for the user to signing. The app was deployed to the device.
Changed it to user targeting but that didnt get any SSO anyway a logon popup for the user at and at this stage we do not want this.
Still, I want the app pushed to devices and required. We had to get some sort of delay on the install. In this blog I show you how we published the app.
Start by getting the correct MSI from Zscaler and wrap it to Win32 with the content tool. I am not going through here on how to wrap the MSI though.
Publishing the app in Intune
Go to Intune admin portal and Apps then Windows. Click create and add a ‘Windows app (Win32)’.
choose the .intunewim file
Klick ‘Next’ and set the commands. If it was an regular MSI that was wrapped it should be populated for you.
Next is the requirements. Typically we choose 64-bot and the version that we have as minimum in the environment. In this case I chsó0se Windows 10 22H2. In additional requirements click ‘+Add’. Now we are going to add a script that checks whether the Autopilot is finished or not.
Save it click through the following setup pages and assign to the proper groups of devices that you want. Remember to test on a small group first 🙂
Now the Zscaler app is installed as soon as the autopilot process is done. and When the user is signed in it will get the SSO experience.
Autopilot-Finished-Reqs.ps1 for cut’n paste…..
$ProcessActive = Get-Process "WWAHost" -ErrorAction silentlycontinue
$CheckNull = $null -eq $ProcessActive