UEM Agent I: Windows
Distribute UEM Agent
With the power of Matrix42 Unified Endpoint Management, you can benefit from combining the capabilities of a modern enterprise mobility management solution with all the capabilities that the classic lifecycle management provides. With a hybrid management it is very easy to provide a streamlined onboarding process for new employees on macOS or Windows 10/11 platform devices, where devices will be shipped to employees to utilize an Out-of-the-box enrollment with the Apple Device Enrollment Program or Windows Autopilot to a modern management layer (Silverback) and the fulfillment of classic management scenarios (Empirum), like installations of legacy applications. This ensures an easy starting process for new employees which is very easy to handle, fast and quite unique in the Secure Unified Endpoint Management market. In such scenarios the device is set up and configured with Silverback, which will be leveraged to install the Empirum Agent on top. The following guide describes the steps and configuration to achieve co-managed devices with Matrix42 Secure Unified Endpoint Management.
With the Unified User Experience, the following steps can be easily performed as described here in an automated way.
Requirements
- Computers require Windows 10 1803 or later
- The UEM Agent Platform (x64) must match the used Windows version (x64)
- The UEM Agent must be able to connect to the Empirum (depot) server. Usually this will be done via https
- Empirum should be prepared for automatic assignments in order to automate the process of assigning and activating computers
Download UEM Agent
- Open Matrix42 Marketplace and perform a login
- Navigate to Empirum
- Navigate to Add-Ons
- Navigate to UEM Agent Windows
- Right click the UEM Agent Icon and save it your files (optional)
- Click Details and Downloads
- Download the latest UEM Agent
- Unzip the package
- Open the unzipped folder and navigate to
- Empirum\Configurator\Packages\Matrix42\UEM Agent Windows\MSI\
- Open the version folder
- Here you will find the 64-bit and 32-bit *.msi package
Integrate UEM Agent
Add to App Portal
- Open Silverback Management Console
- Login with Administrative credentials
- Navigate to App Portal
- Select Windows
- Press New Application
- Change Scope to Device
- Enter as Name e.g. Matrix42 UEM Agent
- Enter a description
- Select Choose File
- Navigate to your unzipped folder and select your platform version
- Double click the *.msi package
- Upload your icon (optional)
- Press the edit box for Installation Parameters
- Enter your adjusted installation parameters
- e.g. with the sample MSI installation parameters:
/quiet /l*v "c:\Windows\Temp\UEMAgentMSI.log" Server="empirum.imagoverum.com" User="IV\agentuser" Password="C1125447A6305BB8259495B37C348B3464D31A5AB7B888387E8021388FD1B1FF335CB5094D9D9444B3D2CBB27AB6EE9242A56121F8CCC0B2" Protocol="https" Port="443"
The password is encrypted with the Empirum tool Empcrypt
- Press OK
- Enable Automatically push to managed devices
- Press Save
- Wait until the uploading process is finished
Create a Tag
- Navigate to Tags
- Click New Tag
- Enter a name, e.g. Matrix42 UEM Agent
- Under Enabled Features enable Apps
- Under Device Types enable Windows
- Enable Auto Population (optional)
- Press Save
With activation of the Auto Population checkbox, all Windows devices will receive this tag when they check-in. You can use also a more granular configuration for Auto Population for the tag assignment. Please note that it is recommend first to assign the Tag later manually to some test devices, before starting an automatic roll-out with this tag.
Add Matrix42 UEM Agent
- Navigate to Apps
- Select Assign More Apps
- Select Matrix42 UEM Agent
- Click Add Select Apps
- Press Save & Close
Assign Tag (optional)
If you have not enabled the Auto Population for the Tag, navigate now to Definition, press Associated Devices and assign devices by selecting the Attach More device option. As an alternative navigate to the Devices Tab, locate your device and use the quick action to assign the Tag manually.
Initialize and Review
Perform a device sync
- On your Windows 10/11 Device
- Press Start
- Open Settings
- Select Accounts
- Press Access work or school
- Open the Silverback Profile
- Press Info
- Scroll Down to Device sync status and perform a sync
Review Agent Installation
- After the Device sync the device should have the Tag assigned in Silverback Management Console
- Review the Tag Assignment in Silverback (optional)
- The agent will now be transferred to the device. It may take some time. Please be patient
- Reopen the Silverback Profile to see under Applications the status
- e.g. EnforcementCompleted
- e.g. DownloadInProgress
- Check hidden folder on device for C:\EmpirumAgent
- After a couple of time the Empirum Agent icon should appear on the bottom right
If Windows UAC is switched on, the UEM Agent will started automatically after a restart.
Next Steps
- Learn how to set up a Co-Managed macOS Device