Deploy Skyhigh Client Using Intune

​This topic provides step-by-step instructions for deploying the Skyhigh Client (SC) on Windows using Microsoft Intune. It also explains how to monitor the SC status, which ensures the Client is functioning seamlessly across managed devices. 

► Deploy the Skyhigh Client on Windows

Steps for Validating SC Deployment and Monitoring the Status of the Skyhigh Client 

• Enroll the Device
• Deploy Skyhigh Client and Apply Policy 
• Create an SC Compliance Script to Monitor SC Status 

Enroll the Device 

Enrolling the device in Microsoft Intune helps you in enabling centralized management, enforcing policies, and remotely deploying the SC.

1. Navigate to Settings > Accounts > Access work or school > Add a work or school account.
2. Enter the user’s credentials to link the device to the organization’s domain. 

Deploy Skyhigh Client and Apply Policy  

Deploying the Skyhigh Client and applying the policies on managed devices ensures consistent security enforcement and effective traffic control.

Prerequisites 

1. Active Intune subscription.
2. Intune-managed device.

Deploy Skyhigh Client

1. Download the Skyhigh Client version using this link.
2. Log in to the Intune Admin portal using this link.
3. From the menu, select Apps.
   
   
4. Select the platform as Windows.
   
   
5. Click Create.
   
   
6. In the App Type field, select Line-of-business app.
   
   
7. Click Next.
8. Browse and select the Skyhigh Client MSI file from the App package file.

NOTE: The Scpinstaller.x64.msi represents the application package of Skyhigh Client. The app package filename will be renamed accordingly in the future release.​​​​​

9. Click OK.
10. Enter the following settings:
    • Name = Skyhigh Client
    • Description = Skyhigh Client 
    • Publisher = Skyhigh Security
    • Ignore app version = Yes
    • Category = Other app
    • Show this as a featured app in the Company Portal = Yes
    • Developer= Skyhigh Security
    • Owner = Skyhigh Security
    • Logo = Select the Skyhigh Security Logo 
      
      
11.  Click Review + save.
12. In the Assignment tab, add All Devices for Required and All users for Available for enrolled devices.
    
    
     
13. Click Next.
14. Review the app details and click Create.
    
    
    The apps created are displayed in the app section of the Intune Admin portal. 
    
    

OPG File Deployment 

1. Create a folder by navigating C:\Config_files\. in the local machine. 
2. Export the.opg policy file from the  Skyhigh Security Tenant.
3. Rename the  .opg file to scppolicy.opg
4. Copy the file scppolicy.opg to C:\Config_files\
5. Create the following .bat files by navigating  C:\Config_files\:
   1. copy.bat
   2. del.bat
6. Copy the following code to copy.bat file. 
   
7. Copy the following code to del.bat file.
   

 C:\Config_files\ contains these 3 files:

     

8. Download the IntuneWinAppUtil.exe File using the link.
9. Create a folder by navigating C:\Temp\Build\ in the local machine. 
10. Run the IntuneWinAppUtil.exe in CMD with admin permissions.
11. Run the following settings in the CMD prompt :

The output looks like this: 

12. Ensure that the copy.intunewin file are created in C:\Temp\Build\.
    
    The OPG deployment package generated can be utilized with Intune to configure the SCP policy.

13. Login to Intune Admin Portal.
14. Click Create.
15. Select Windows app (Win32) In the App type.
    
    
16. Click Next.
17. Browse and select the copy.intunewin file from the App package file.

18. Enter the following settings:
    • Name = Skyhigh OPG
    • Description = Skyhigh Proxy Config
    • Publisher = Skyhigh Security
    • App version = 5.0.0
      
      
19. Click Next.
20. Select Install command and Uninstall command files in the Program tab.
    
    
21. Click Next.
22. Select Operating system architecture and the Minimum operating system in the Requirements tab.
    
    
23. Click Next.
24. Select Manually configure detection rules in the Detection rules tab.
    
    
25. Click Next.
26. Review the dependencies, if added in the Dependencies tab.
    
    
27. Click Next.
28. Review the Supersedence, if added in the Supersedence tab.
    
    
29. Click Next.
30. Add All users for Required and All devices for Available for enrolled devices, in the Assignments tab.
    
    
31. Click Next.
32. Review the policy details and click Create.
    
    

The SCP client and the corresponding OPG file are automatically deployed to the Intune-managed device.

Create an SC Compliance Script to Monitor SC Status 

The creation of a compliance script by Intune helps in monitoring the SC, which provides the real-time functionality status for managed devices.

NOTE: Download the scripts using this link. 

1.  Login to Intune Admin portal.
2. Navigate to Devices > Compliance > Scripts > Add > select Windows 10 and later.
   
   
3. In the Basics tab, add Name, Description, and Publisher as Skyhigh Security.
   
   
4. Click Next.
5. In the Detection script field, add the script.
   
   
6. Click Next.
7. In the Review+create tab, review the compliance script and click Create.
   
   

The newly created configuration is displayed under Devices > Compliance.

8. Navigate to Devices > Compliance > Policy> Create Policy > select platform as Windows 10 and later.
   
   
9. Click Create.
10. Enter Name and Description in the Basics tab. 
    
    
11. Click Next.
12. In Compliance settings, select Required as Custom Compliance and select the script created in step 7. 
    
    
13. Upload the validation.json script.
    
    
14. Click Next.
    
    
15. Select All users and All devices In the Assignments tab. 
    
    
16. Click Next.
17. Review the Windows 10/11 compliance policy and click Create.
    
    SC compliance status is found under Devices > Windows devices > select the device > Device compliance.
    
    

NOTE: 

 

 

• To uninstall SC, see Uninstall SC from Managed Devices using Intune
• To upgrade SC, see Upgrade SC on Managed Devices using Intune
• To disenroll a device, see Disenrollment of Managed Devices in Intune