AQUILA EDR Deployment Via All devices in Microsoft Intune

Deploying Endpoint Detection & Response (EDR) via Microsoft Intune

Overview

This guide explains how to install an Endpoint Detection & Response (EDR) solution on all devices managed through Microsoft Intune. The process ensures consistent protection across your organization’s endpoints by using Intune’s Endpoint security policies and app deployment features.

Prerequisites

Before beginning, confirm the following:

You have Global Administrator or Intune Administrator rights in Microsoft 365.
Devices are already enrolled and compliant in Microsoft Intune.
You have the installer package (MSI, EXE, or IntuneWin format) for your chosen EDR solution.
(Optional) A test group of devices or users for piloting the deployment.

Step 1: Prepare the EDR Installer

Obtain the official EDR installation package from your vendor.
If the installer is not in .intunewin format, convert it using the Microsoft Win32 Content Prep Tool.

Download tool: GitHub - microsoft/Microsoft-Win32-Content-Prep-Tool: A tool to wrap Win32 App and then it can be uploaded to Intune

Steps for preparing an Installer for Intune (.intunewin format)

Step 1: Download the Packaging Tool

1. 1. Go to Microsoft’s official download page: Win32 Content Prep Tool (GitHub)
  2. Download the ZIP file to your computer.
  3. Right-click the ZIP → Extract All…
  4. Choose a location (for example: C:\IntuneWinAppUtil).

Step 2: Prepare Your Installer Files

1. 1. Create a folder for your installer, for example:
    - C:\Source\EDR
  2. Place your EDR installer inside that folder.
  3. Create another empty folder where the packaged file will be saved, for example:
    - C:\Output

Step 3: Run the Packaging Tool

1. 1. Open the Command Prompt as Administrator:
    - Click Start, type cmd, right-click Command Prompt, and choose Run as administrator.
  2. Go to the folder where you extracted the tool:
    
    cd C:\Folder Name\Microsoft-Win32-Content-Prep-Tool-master
    (Change the "Folder Name" of the Folder you created and copy the code)
  3. Run the tool by typing:
    
    IntuneWinAppUtil.exe
  4. The tool will ask you a few questions. Enter the following:
    - Source folder: type the path to your installer folder (e.g., C:\Source\EDR).
    - Setup file: type the name of the installer (e.g., EDRInstaller.exe).
    - Output folder: type the path to your empty folder (e.g., C:\Output).
    - Catalog folder: just press Enter to skip.

It will then display this after finishing the Conversion.

Step 4: Check the Result
- - Open your output folder (C:\Output).
  - You should now see a file ending in .intunewin, for example:
- - This is the file you’ll upload into Microsoft Intune.

Step 2: Add the EDR App to Intune

Apps

All apps

Create

Select the app type:
- Windows app (Win32) for most EDR installers.
Upload the prepared installer package.
Configure App Information: name, description, publisher.
Set Program Install/Uninstall Commands.
Under Requirements, select OS architecture and minimum version.
(Optional) Add Detection Rules to confirm successful installation.

Documentation: Win32 app management in Microsoft Intune | Microsoft Learn

Step 3: Assign the EDR App to Devices

In the app’s Assignments section:
- Select Required → choose the group containing all corporate devices.
- (Optional) For testing, assign first to a pilot group before rolling out to all devices.
Save and review deployment settings.