Overview
When deploying Beyond Identity (BI) with Microsoft Intune, specific considerations are essential for maintaining version control and preventing installation redundancies.
Issue Summary
Beyond Identity relies on a Globally Unique Identifier (GUID) within its installed package to track version control. However, using .intunewin to package and deploy Beyond Identity can alter the package GUID, thus disrupting the version control system. This change can lead to two key issues:
1. Multiple Installations: If the deployment configuration is not precise, it can lead to redundant installations.
2. Loss of Version Control: Altered GUIDs prevent Beyond Identity from detecting updates correctly, making it challenging to control and track the installed version.
Why Version Control Fails with .intunewin
When Intune packages the Beyond Identity installer, it modifies the GUID used for version tracking. Since Beyond Identity’s version control is GUID-dependent, any change to the GUID disrupts the system’s ability to recognize updates or maintain version history. This limitation can prevent our version control feature from detecting if Beyond Identity is up-to-date or if a previous version is already installed.
Recommended Deployment Approach
For accurate version tracking and to prevent redundant installations, it is ideal to avoid .intunewin and directly deploy Beyond Identity using methods that retain the package’s original GUID. This could involve:
•Using MSI deployment (if available) or
•Deploying through alternative solutions that allow the GUID to remain unchanged, ensuring version control remains functional.
Deployment Using .intunewin: Key Considerations and Workarounds
If using .intunewin packaging is essential for your deployment, consider the following best practices:
1. Redeployment for Updates: Since version control will not work automatically, updates should be managed by redeploying the package when a new version is available. This approach effectively overrides the existing installation. (It will uninstall the previous version and then install the new one.)
2. Configure Precise Detection Rules: Customize Intune’s detection rules within the .intunewin package settings to prevent redundant installations. Detection rules can check for the presence of a specific file or registry key that remains constant across versions, ensuring only one instance of Beyond Identity is installed.
Summary of Key Point
Aspect Recommendation
Preferred Deployment Method: Use MSI or another method that retains the GUID for best results.
Using .intunewin: Avoid if possible; redeployment is necessary for updates.
Redundant Installations: Configure precise detection rules to prevent.
Version Control: Will not work with .intunewin unless GUID is unchanged.
Conclusion
Using .intunewin to deploy Beyond Identity can be effective but requires careful setup and monitoring. For full version control and to avoid multiple installations, alternative methods are preferable. However, if .intunewin must be used, ensure configuration best practices are followed, and plan for manual redeployment to keep installations up to date.