Since I had my scratches deploying Zscaler Connector App to Windows 10 using Intune and doing silent SSO, I thought it would be nice to share how I achieved it to save you some time.
This is my first post in the community, let me know if this goes somewhere else or if it requires re tagging. I had a rich post with images and links but since I’m new I can’t use more than 2 images and links. Sorry about that.
Beware I’m using ZIA only, but guess this should also work with ZPA.
Also, SAML, SCIM and SSO must be already set up and tested with your Azure AD infrastructure.
That’s outside our scope here, but check the wonderful Zscaler documentation.
You should manually install the agent first to confirm auto-enrolment works.
Once that’s done you’ll create the Intune package and silently enrol your Windows 10 devices.
Shall we begin?
1 - Go to your Azure portal and select Groups
2 - Create a new test group that you will use to deploy Zscaler app
3 - Filled the fields as you see fit
4 - Click MEMBERS and select the devices that will get the agent and confirm with SELECT
5 - Create the group clicking CREATE on the bottom left
Now, to Intune…
6 - Go to https://endpoint.microsoft.com/, Intune’s new home since September 2020.
7 - Select APPS > WINDOWS and click ADD
8 - Select APP TYPE Life-of-business app and click SELECT at the bottom
9 - Upload the MSI file you download from your tenant and click OK. Wait until it is up:
Follow this article if you need help getting your MSI file:
10 - The “Add app” page will be auto-filled.
- Insert “Zscaler” in the Publisher box, as it is required.
*** Command-line arguments are where I had some headaches. In order to work, it must have this single line:**
/quiet CLOUDNAME=yourcloudname USERDOMAIN=your.domain
If you don’t know your cloud name search the KB for “my cloud name”.
Your domain is what you told Zscaler when creating the tenant. You can get it from ADMINISTRATION > COMPANY PROFILE
You can leave the rest as it is if you want or tune it to your requirements.
If you are managing agent updates from the Zscaler tenant you should set “Ignore app version” to YES
11 - Select the group you created at the beginning in ADD GROUP.
12 - Click NEXT and CREATE after confirming everything is OK.
13 - Force an Intune SYNC on your devices in that group, or wait until they automatically do it and they should be onboarded and appear under the Zscaler Mobile Portal.