Deployment with Microsoft Intune

This guide covers the necessary steps to deploy the SenseOn Universal Sensor to Windows devices using Microsoft Intune.

Recommended: Deploy via the SenseOn Install Command

The simplest way to deploy via Intune is to wrap the SenseOn PowerShell install command in a script and deploy it as a Win32 app. This always installs the latest published version of the Universal Sensor and does not require packaging an MSI.

Step 1: Copy your install command

1. Log in to SenseOn.
2. Navigate to Settings > Universal Sensor.
3. Copy the Windows install command. It has the structure:

$env:SENSEON_INSTALLER_KEY="<your-installer-key>"; iwr -useb https://<your-tenant>.senseon.io/install.ps1 | iex

Optional: Verify the install script checksum

If your security policy requires checksum verification before executing remote scripts, verify the script on your admin workstation before creating the package:

# Step 1: Download the script
Invoke-WebRequest -UseBasicParsing -Uri "https://<your-tenant>.senseon.io/install.ps1" -OutFile install.ps1
# Step 2: Verify the checksum (compare against the value shown in Settings > Universal Sensor)
Get-FileHash install.ps1 -Algorithm SHA256

If the hash matches, the script is genuine. In Step 2 below, replace the Invoke-WebRequest ... | Invoke-Expression line with the contents of the verified install.ps1, keeping the $env:SENSEON_INSTALLER_KEY line in place.

Step 2: Create the install script

Save the command as Install.ps1 in a folder such as C:\Temp\SenseOn:

$ErrorActionPreference = "Stop"
$env:SENSEON_INSTALLER_KEY = "<your-installer-key>"
Invoke-WebRequest -UseBasicParsing -Uri "https://<your-tenant>.senseon.io/install.ps1" | Invoke-Expression

Step 3: Package the script with the Intune Win32 Content Prep Tool

Use the same Microsoft Win32 Content Prep tool as in the legacy flow:

• Source folder: C:\Temp\SenseOn
• Setup file: Install.ps1
• Output folder: C:\Temp

The output .intunewin package is what you upload to Intune.

Step 4: Configure the Win32 app in Intune

1. Open the Endpoint Manager portal and go to Apps > Windows > Add.
2. Select Windows app (Win32) and upload your .intunewin package.
3. Configure as follows:
   • Install command: powershell.exe -ExecutionPolicy Bypass -File Install.ps1
   • Uninstall command: powershell.exe -ExecutionPolicy Bypass -Command "Get-Package -Name 'SEE' | Uninstall-Package -Force"
   • Install behaviour: System
   • Operating system architecture: 64-bit
   • Minimum operating system: Windows 10 1903 (or later, as required)
4. Set the Detection rule to a File rule:
   • Path: C:\Program Files\senseon-see
   • File or folder: senseon-agent.exe
   • Detection method: File or folder exists
5. Assign the app to the appropriate Azure AD group of target devices.

Step 5: Verify deployment

Once Intune reports the app as installed on a device:

1. Log in to SenseOn and navigate to Digital Estate > Devices.
2. Confirm the device appears with a recent Last Seen timestamp.

If the device does not appear, see Troubleshooting.