Deploying the Datto RMM Agent using Microsoft Intune

You will need a script for each site you wish to deploy Agents to. The generic script you need is below, but must be customized for each site. Perform the following steps to create and customize the script.

1. Copy and paste this script block into a text editor:

$Platform="<Paste your platform name here>"
$SiteID="<paste your Site ID here>" 
<# 
Datto RMM Agent deploy by MS Azure Intune 
Designed and written by Jon North, Datto, March 2020 
Download the Agent installer, run it, wait for it to finish, delete it 
#> 
# First check if Agent is installed and instantly exit if so
If (Get-Service CagService -ErrorAction SilentlyContinue) {Write-Output "Datto RMM Agent already installed on this device" ; exit} 
# Download the Agent
$AgentURL="https://$Platform.centrastage.net/csm/profile/downloadAgent/$SiteID" 
$DownloadStart=Get-Date 
Write-Output "Starting Agent download at $(Get-Date -Format HH:mm) from $AgentURL"
try {[Net.ServicePointManager]::SecurityProtocol=[Enum]::ToObject([Net.SecurityProtocolType],3072)}
catch {Write-Output "Cannot download Agent due to invalid security protocol. The`r`nfollowing security protocols are installed and available:`r`n$([enum]::GetNames([Net.SecurityProtocolType]))`r`nAgent download requires at least TLS 1.2 to succeed.`r`nPlease install TLS 1.2 and rerun the script." ; exit 1}
try {(New-Object System.Net.WebClient).DownloadFile($AgentURL, "$env:TEMP\DRMMSetup.exe")} 
catch {$host.ui.WriteErrorLine("Agent installer download failed. Exit message:`r`n$_") ; exit 1} 
Write-Output "Agent download completed in $((Get-Date).Subtract($DownloadStart).Seconds) seconds`r`n`r`n" 
# Install the Agent
$InstallStart=Get-Date 
Write-Output "Starting Agent install to target site at $(Get-Date -Format HH:mm)..." 
& "$env:TEMP\DRMMSetup.exe" | Out-Null 
Write-Output "Agent install completed at $(Get-Date -Format HH:mm) in $((Get-Date).Subtract($InstallStart).Seconds) seconds."
Remove-Item "$env:TEMP\DRMMSetup.exe" -Force
Exit

2. Copy the platform name of your Datto RMM account and paste it between the quotes of the $Platform="<Paste your platform name here>" line. The platform name is at the start of the URL; it will be Pinotage or Merlot (EMEA), Concord, Vidal, or Zinfandel (NA), or Syrah (APAC).
   
3. Copy the target site ID and paste it at the end of the SiteID=<paste your Site ID here> line. To find the site ID, refer to Site ID in Editing a site.
   

EXAMPLE  

NOTE  The ID column is displayed by default, but may have been removed from your view. If this is the case, you can add it via the Column Chooser. Refer to List of sites and Column Chooser field definitions.

NOTE  If you have a large number of sites, you may find it easier to download the list. You can do this with the site variable import template. Refer to Import Site Variables in Global Settings.

4. Save the resulting script as a file with the extension .ps1. Repeat this process for each site you want to deploy Agents to.

NOTE  Ensure the files are saved with the .ps1 extension. If you have hidden file extensions, it may be that your text editor will append a .txt extension that you will not be able to see.

You will need a script for each site you wish to deploy Agents to. The generic script you need is below, but must be customized for each site. Perform the following steps to create and customize the script.

1. Copy and paste this script block into a text editor:

#!/bin/bash
Platform=<Paste your platform name here>
SiteID=<paste your Site ID here>
# Datto RMM Agent deploy designed and written by Jon North, Datto, March 2021
# Download the Agent installer, run it, wait for it to finish, delete it
# First check if Agent is already installed and instantly exit if so
if [ -d "/Applications/AEM Agent.app" ] ; then
echo "Datto RMM Agent already installed on this device" ; exit
fi
# Output target site ID and timestamp
echo "Target site ID: $RMMSiteID"
echo "Current date and time is `date`"
AgentFilename='/tmp/DRMMSetup_'$(date +"%Y-%m-%d_%H-%M")
# Download the Agent
curl -o $AgentFilename.zip https://$Platform.centrastage.net/csm/profile/downloadMacAgent/$SiteID
# Unzip and install the Agent
mkdir $AgentFilename
unzip -a -o $AgentFilename.zip -d $AgentFilename
installer -pkg "$AgentFilename/AgentSetup/CAG.pkg" -target /
rm $AgentFilename.zip
rm -rf $AgentFilename
exit

IMPORTANT  If you are creating the script on a Windows device, ensure you use Unix-style newline characters or the script will fail to run on your macOS devices. Native Windows applications Notepad and Wordpad cannot do this, but the freeware application Notepad++ is able to. In the Edit menu, select EOL Conversion and then Unix (LF), NOT Macintosh (CR):


2. Copy the platform name of your Datto RMM account and paste it at the end of the Platform=<Paste your platform name here> line. The platform name is at the start of the URL; it will be Pinotage or Merlot (EMEA), Concord, Vidal, or Zinfandel (NA), or Syrah (APAC).
   
3. Copy the target site ID and paste it at the end of the SiteID=<paste your Site ID here> line. To find the site ID, refer to Site ID in Editing a site.
   

EXAMPLE  


4. Save the resulting script as a file with the extension .bash. Repeat this process for each site you want to deploy Agents to.

NOTE   Ensure the files are saved with the .bash extension. If you have hidden file extensions, it may be that your text editor will append a .txt extension that you will not be able to see.

NOTE  The ID column is displayed by default, but may have been removed from your view. If this is the case, you can add it via the Column Chooser. Refer to List of sites and Column Chooser field definitions.

NOTE  If you have a large number of sites, you may find it easier to download the list. You can do this with the site variable import template. Refer to Import Site Variables in Global Settings.

For each customer whose Datto RMM site you will deploy to, you need to create a Device or User Group within the Microsoft Intune portal.

If your customer has Azure AD Premium, you should be able to create a Dynamic group that self-updates; if not, you must create an Assigned group that you must populate and update/maintain manually. For a Dynamic group, we recommend setting the Membership Rule as follows:

• Property: deviceOSType
• Operator: Contains
• Value: Windows or mac as appropriate

Full instructions on creating groups in Microsoft Intune can be found in the following Microsoft article: Add groups to organize users and devices.

1. In the Microsoft Intune portal for the customer, select Devices. Then, in the Policy section, select Scripts:
   
   

2. Click Add at the top and from the drop-down list, select Windows 10 or macOS as appropriate:
   
   

3. Give the script a name and optional description. Click Next at the bottom.
   

4. Click the icon next to the Script location field and browse to where you saved your PowerShell or Bash/Shell script:
   
   

5. For Windows, ensure that you set the following three options to NO:
• Run this script using the logged on credentials
• Enforce script signature check
• Run script in 64-bit PowerShell host

6. For macOS, ensure you set Run script as signed-in user to NO. The other three options should remain as Not configured.
   • Hide script notifications on devices
   • Script frequency
   • Max number of times to retry if script fails
   
7. Click Next.
   
8. Assign the script to the correct group for the devices you are deploying to. Click Select groups to include or Add groups as applicable, then select the group you created previously from the list on the right:
   
   
9. Click Next and confirm your configuration in the review screen that appears.
10. Click Add to deploy the script to the devices in the group. The Datto RMM Agents will be installed when the script is run, which will be on the next sync.
    

Full information about deploying PowerShell scripts to enrolled Windows 10 devices within Microsoft Intune can be found in the Microsoft article here: Use PowerShell scripts on Windows 10/11 devices in Intune. Full information about deploying Bash and Shell scripts to enrolled macOS devices within Microsoft Endoint Manager can be found in the Microsoft article here: Use shell scripts on macOS devices in Intune.