Install Falcon Sensor - Browser Extension via Microsoft Intune

IInstall Falcon Sensor - Browser Extension via Microsoft Intune 

Table of Contents

1.    Windows. 3

a.    Install Falcon Sensor. 3

b.    Install Falcon Browser Extension. 7

2.    MacOS. 8

a.    Install Falcon Sensor. 8

b.    Install Falcon Browser Extension

1.    Windows

a.    Install Falcon Sensor

Step 1: Prepare the Falcon Sensor installation file (download from the Sensor downloads page on the Falcon Portal) and the CsUninstallTool uninstall file (Download from the Support and resources -> Tool downloads page on the Falcon Portal).

Step 2: Navigate to Microsoft's GitHub page and download the Microsoft-Win32-Content-Prep-Tool

Step 3: Place the Falcon Sensor installer and CsUninstallTool.exe in the same dedicated folder

Step 4: Open cmd and run the IntuneWinAppUtil.exe tool downloaded in Step 2.

Fill in the information as prompted:

         - Source folder: Path to the folder containing the Falcon Sensor installer and CsUninstallTool

         - Setup file: Name of the Falcon Sensor installation file

         - Output folder: Path where the .intunewim will be saved

         - Specify catalog folder: Enter “N”.

Once the process is complete, a .intunewim file will be saved to the previously specified output path

 

Step 5: Configure in Microsoft Intune

- On the Intune homepage -> Select Apps -> Select All App -> Select Create

- Select App type as Windows app (Win32) -> Click Select

 

- Click Select app package file -> Select the file .intunewim created in the previous step -> Select OK

 

- Fill in the basic App information (Name, Publisher) -> Select Next to continue

 

- In the Program section, enter the Install command and Uninstall command (Replace Installer_filename with the App name from the previous step and the CID from the Sensor download page) -> At Install behavior, select System -> At Device restart behavior, select No Specific Action -> Once configured, select Next

Default Install command template: <installer_filename> /install /quiet /norestart CID=<Customer CID>

 

Default Uninstall command template: CsUninstallTool.exe /quiet

 

- At the Requirements section, select the minimum supported operating system -> Select Next

- At the Rules format -> Select Manually configure detection rules   -> Select +Add -> At the Rule type, select File -> At the Path, enter C:\Program Files\CrowdStrike -> At File or folder, enter CSFalconController.exe -> At Detection method, select File or folder exists -> Select Ok -> Select Next

- You can select Next to skip the Dependencies and Supersedence sections

- Under the Required in the Assignments section, add a specific group or select all users (This setting will force-install the Falcon Sensor on all endpoints within the specified scope) -> Select Next

- Review the settings and select Create to complete

 

b.    Install Falcon Browser Extension

- Windows machines managed by Intune will have the Falcon Browser Extension installed automatically.

2.    MacOS

a.    Install Falcon Sensor

Step 1: Prepare the Falcon Sensor installation file for macOS (download from the Sensor downloads page on the Falcon Portal) and the Falcon MDM Configuration Profile.

- Falcon MDM Configuration Profile for macOS Sonoma and earlier versions: Falcon MDM Configuration Profile for Sonoma and earlier (All MacOS versions).mobileconfig

- Falcon MDM Configuration Profile for macOS Sequoia and later versions: Falcon MDM Configuration Profile for Sequoia and later.mobileconfig

Step 2: Configure the installation Profile in Intune

- On the Intune homepage, select Devices -> Select Configuration -> In the policies tab, select Create -> Select New policy

- Select Platform as macOS -> Select Profile type as Templates -> Select Custom -> Select Create

- Fill in the basic information (Name, Description) -> Select Next

- At the Configuration settings, enter the Custom configuration profile name -> At Deployment channel, select Device channel -> Select the appropriate Configuration profile file downloaded in Step 1 -> Select Next

- At the Assignments section, add the specific groups to apply the profile to -> Select Next

- Review the settings and select Create to complete policy creation

 

Step 3: Configure the App in Intune

- On the Intune homepage, select Apps -> Select All Apps -> Select Create

- At the App Type, select macOS app (PKG) -> Click Select

- Click Select app package file and select the Falcon Sensor installation file for macOS downloaded in the previous step -> Select OK

- Fill in the basic information (Name, Description, Publisher) -> Select Next

- At the Program section, enter the CID configuration script in the Post-install script (replace <Your-CID> with the CID from the Sensor download page) -> Select Next

#!/bin/bash   /Applications/Falcon.app/Contents/Resources/falconctl license <Your-CID>\

- At the Requirements section, select the minimum supported operating system -> Select Next

- You can skip the Detection rules section by selecting Next

- At the Assignments section, add the specific groups/users to install the app under Required -> Select Next

- Review the information, then select Create to complete the app creation

b.    Install Falcon Browser Extension

Step 1: Create a Preference file for Chrome

- Create a new text file and paste the following content into it

<key>ExtensionInstallForcelist</key>     <array>     <string>klicnoclcmhafeeepkpdedpojjlaaflf;https://update-crx.falcon.crowdstrike.com/v2/update.xml</string>     </array>

         - Save the text file with the following name and format: com.google.Chrome.plist

Step 2: Configure the Device policy in Intune:

- On the Intune homepage, select Devices -> select Configuration -> in the tab Policies, select Create -> Select New Policy

- Select Platform as macOS -> Select Profile Type as Templates -> Select Preference file -> Select Create

- Fill in the basic information (Name, Description) -> Select Next

- At the Configuration settings, enter “com.google.Chrome” in the Preference domain name -> Select the file com.google.Chrome.plist created earlier -> Select Next

 

- At the Assignments section, add the specific groups/users to apply the policy to -> Select Next

                    - Review the settings and select Create to complete policy creation