AQUILA EDR Deployment Via All devices in Microsoft Intune
Deploying Endpoint Detection & Response (EDR) via Microsoft Intune
Overview
This guide explains how to install an Endpoint Detection & Response (EDR) solution on all devices managed through Microsoft Intune. The process ensures consistent protection across your organization’s endpoints by using Intune’s Endpoint security policies and app deployment features.
Prerequisites
Before beginning, confirm the following:
-
You have Global Administrator or Intune Administrator rights in Microsoft 365.
-
Devices are already enrolled and compliant in Microsoft Intune.
-
You have the installer package (MSI, EXE, or IntuneWin format) for your chosen EDR solution.
-
(Optional) A test group of devices or users for piloting the deployment.
Step 1: Prepare the EDR Installer
-
Obtain the official EDR installation package from your vendor.
-
If the installer is not in .intunewin format, convert it using the Microsoft Win32 Content Prep Tool.
Download tool: GitHub - microsoft/Microsoft-Win32-Content-Prep-Tool: A tool to wrap Win32 App and then it can be uploaded to Intune
Steps for preparing an Installer for Intune (.intunewin format)
- Step 1: Download the Packaging Tool
-
-
-
Go to Microsoft’s official download page: Win32 Content Prep Tool (GitHub)
-
Download the ZIP file to your computer.
-
Right-click the ZIP → Extract All…
-
Choose a location (for example:
C:\IntuneWinAppUtil).
-
-
- Step 2: Prepare Your Installer Files
-
-
-
Create a folder for your installer, for example:
-
C:\Source\EDR
-
-
Place your EDR installer inside that folder.
-
Create another empty folder where the packaged file will be saved, for example:
-
C:\Output
-
-
-
- Step 3: Run the Packaging Tool
-
-
-
Open the Command Prompt as Administrator:
-
Click Start, type
cmd, right-click Command Prompt, and choose Run as administrator.
-
-
Go to the folder where you extracted the tool:
(Change the "Folder Name" of the Folder you created and copy the code)cd C:\Folder Name\Microsoft-Win32-Content-Prep-Tool-master -
Run the tool by typing:
IntuneWinAppUtil.exe -
The tool will ask you a few questions. Enter the following:
-
Source folder: type the path to your installer folder (e.g.,
C:\Source\EDR). -
Setup file: type the name of the installer (e.g.,
EDRInstaller.exe). -
Output folder: type the path to your empty folder (e.g.,
C:\Output). -
Catalog folder: just press Enter to skip.
-
-
-
- It will then display this after finishing the Conversion.
- Step 4: Check the Result
-
-
Open your output folder (
C:\Output). -
You should now see a file ending in
.intunewin, for example:
-
-
-
This is the file you’ll upload into Microsoft Intune.
-
-
Step 2: Add the EDR App to Intune
-
Sign in to the Microsoft Intune admin center → https://intune.microsoft.com
-
Go to:
- Apps
- All apps
- Create
-
Select the app type:
-
Windows app (Win32) for most EDR installers.
-
-
Upload the prepared installer package.
-
Configure App Information: name, description, publisher.
-
Set Program Install/Uninstall Commands.
-
Under Requirements, select OS architecture and minimum version.
-
(Optional) Add Detection Rules to confirm successful installation.
Documentation: Win32 app management in Microsoft Intune | Microsoft Learn
Step 3: Assign the EDR App to Devices
-
In the app’s Assignments section:
-
Select Required → choose the group containing all corporate devices.
-
(Optional) For testing, assign first to a pilot group before rolling out to all devices.
-
-
Save and review deployment settings.
Documentation: Win32 app management in Microsoft Intune | Microsoft Learn
Step 4: Monitor Deployment
-
In the Intune admin center, go to Apps → select your EDR app.
-
Check Device install status to confirm successful installations.
-
If errors occur, review installation logs via the Intune Management Extension on endpoints.
Documentation: Monitor app information and assignments - Microsoft Intune | Microsoft Learn