Loading...

Enroll Windows Sandbox in Intune and use it as test device instead of a Virtual Machine


In this post I will show you how to enroll Windows Sandbox in Intune and use it as a test device instead of using a Virtual Machine.


Context

- You want to use a test device for Intune

- You don't want to use a VM

- You want to use a Windows Sandbox

- You want to deploy Proactive Remediation, apps...


Use Windows Sandbox and Intune

Windows Sandbox is an awesome feature that allows you to use an isolated enrivonment from the host OS and test things in it.

You can for instance test an EXE, MSI or a PowerShell script with no impact on the host computer.

You can find a tool I built allowing you to test things (PS1, VBS, EXE, MSI, Intunewin, extract zip) in Windows Sandbox directly from a right-click on the file. See there the post about this solution.

So why not using it to test things you're implementing in Intune ?

Indeed, you can test easily Win32 application, PowerShell script, Proactive Remediation...

However, be aware that Sandbox is not really working like a real OS on computer so you may have some difference.


Enroll Windows Sandbox

Once you close the Sandbox, it will be cleared, meaning you will have to repeat the enroll step.

I will publish on next week, a post about how to automate this and enroll Sandbox automatically 😁


Now let's see how to proceed:

1. Open Windows Sandbox

2. Click on the Start menu

3. Go to Access Work and school


4. Click on Connect


5. Type your user name and password


6. Sandbox will be enrolled


7. Wait a bit and it will be available in Intune


You can also run a PowerShell command to open access work and school with appropriate account.

See the command below:

See below the result:



Check enrollment

1. Go to the Sandbox

2. Go to C:\ProgramData\Microsoft

3. You will find folder IntuneManagementExtension


4. Go to Services

5. You will find Microsoft Intune ManagementExtension



Behavior after closing Sandbox

When you close the Sandbox, the Sandbox is still listed in Intune but you can not manage it anymore.

Once you open it again and re-enroll it, you'll be able to manage it again in Intune.


See below the Windows Sandbox when it's still used:


See below the Windows Sandbox when it's closed:


See below the Windows Sandbox after open it and re-enroll it:



Deploy things on the Sandbox

Create a group fo it

1. Go to Group

2. Create a group Sandbox

3. Add the current Windows Sandbox


Deploy Win32app

For all Win32 examples below will proceed as following:

1. Go to your Win32 app

2. Go to Properties

3. In assignment add the group sandbox as required


In the below example I will test with a Win32 app that will install MDT.

See below notification from the Sandbox:


See below result from the Control panel:



In the below example I will test with a Win32 app that will install Notepad++.

You will get as notification as before.

See below result from the Control panel:



In the below example I will test with a Win32 app that will display a toast notification header.

See below notification from the Sandbox:



Deploy Proactive Remediation script

We will proceed as below:

1. Go to the script to test

2. Go to Properties

3. In assignment add the group sandbox

4. Go to the Windows Sandbox

5. Restart the service Microsoft Intune ManagementExtension

6. Go to C:\Windows\IMECache\HealthScripts

7. The Proactive Remediation script should be there

Windows_Sandbox 2246604966556613711

Enregistrer un commentaire

Accueil item

Award

Join me soon

Join me soon

Endpoint Manager award

Mes articles en français

Author of Books

PowerShell GUI & WPF Group

PowerShell GUI & WPF Group

Join the FPSUGR

Join the FPSUGR

Stats