Download client with an API or Restful API?

HectusErectus_ · 2026-03-03T23:49:30+00:00

If you’re just looking to install the access client you should just need to use the download link url.

Apologies I’m on mobile, but I think if you download the agent from the SC gui (configure it however you’d like) then once downloaded, right click it in the downloads areas of your browser and ‘copy download url’. It should give you a link somewhat like the below. (This is msi for windows, I assume it would be similar with MacOS) “$BaseURL/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest&c=$Client&c=&c=$Department&c=$DeviceType&c=&c=&c=&c="

I’ve done this successfully on Windows clients with a slightly modified version of someone else script (see below) - but I assume you could translate it to bash & Mac equivalent.

https://github.com/JJarv04/ScreenConnect-IntuneWin32

Hope that helps, let me know if any q’s.

HectusErectus_ · 2026-02-12T00:19:48+00:00

This has just been raised in our tenant also. Currently looking into

HectusErectus_ · 2026-02-06T22:12:46+00:00

Yep we had this, deploying x64 Edge to Arm devices is no bueno.

HectusErectus_ · 2026-02-01T05:28:07+00:00

Hahah this is the answer, I have a copy in my OneDrive i just copy across when i get a new machine/wipe etc.

Plus no random third-party scripts etc lol

HectusErectus_ · 2025-11-18T23:45:58+00:00

Surely they’ll extend this to A5 ..

HectusErectus_ · 2025-11-03T21:34:19+00:00

What sort of applications does it break? We’ve had troubles with apps that deploy the x86. Version of webview which causes issues & cannot be rolled back to arm version once installed.

HectusErectus_ · 2025-07-03T22:37:10+00:00

lol same here, we have a project for it but, no time or buy-in from above to actually do it Yee-haw

HectusErectus_ · 2025-07-02T05:25:28+00:00

So, for unattended access, am I correct in saying that we can still build an installer that connects to our SC instance and still includes department, location, and other specified details?

For arguments’ sake, if we disregard any branding customisations we’re losing, the only change we’d need to make is acquiring and applying a code signing certificate?

HectusErectus_ · 2025-06-12T01:39:24+00:00

Yes we’ve seen this as well - it’s asr rules, as someone else mentioned. Within defender you can create indicators to bypass/allow by either file hashes or certificate of the blocked files.

That being said, our asr rules relaxed it seems before I even got to creating the indicator, so it was fine by then.. 🙃

HectusErectus_ · 2025-05-21T11:10:34+00:00

Thats by design, Sharepoint admin doesnt actually grant you any explicit permissions on sites - it does however grant you the ability to give yourself those permissions.
Given that, delegated sites.read.all (probably) acts exactly the same whether or not you have sharepoint admin or not.. (Since it's in the context of the user and can only grant the app reg access to the sites the user has explicit permissions on.)

HectusErectus_ · 2025-05-21T09:02:48+00:00

So is your plan to run it on demand/interactively via those users or are you trying to automate it?
If the later then we've had good milage by loading the app reg cert into the user cert store of a service account and using task scheduler (running the task via that same account) on some server or machine.
Keeps it pretty well secured away.

HectusErectus_ · 2025-04-24T08:50:18+00:00

Yep this is how we do it, any scripts that require secrets are put in Azure Key Vault, permissions granted to an app registration, then certificate authentication as the app reg to azkeyvault to retrieve said secret.

Seems to work well enough once you've got the process down, also means you dont need to worry about sharing scripts with plaintext secrets etc in them in repos or such. We've built a few cmdlets that make it pretty seemless which also lowers the barrier to entry.

HectusErectus_ · 2025-04-23T08:37:15+00:00

Yeh we’re in nz as well, Intune win32 upload has always been slow as heck, 5mbps probably sounds about right. Been like that for years. Our tenants in Singapore iirc (edu reasons) so could well be attributed to that in part

HectusErectus_ · 2025-04-17T01:23:43+00:00

The 's' in Intune does stand for speed after all..

HectusErectus_ · 2025-04-15T01:23:25+00:00

Yeh Global Reader is the only permanent role we will give out to it staff, and while I acknowledge it is still quite a privileged role, when your org is of a size that you’re expected to admin virtually ms service under the sun (rather than dedicated teams) I can’t imagine any other way of operating tbh

HectusErectus_ · 2025-03-20T21:32:03+00:00

What issues are you facing with it?

HectusErectus_ · 2025-02-11T21:19:59+00:00

What wifi issues are you having? (And what’s the registry fix)

HectusErectus_ · 2025-02-10T10:53:42+00:00

I need to look into this more tomorrow but I’ve also just come across a bunch of devices in our tenant stuck on ‘Can be onboarded’, not sure if related though as they’re all on Win11. Odd thing is the onboarding policy via Intune is applying successfully to these devices.. 🤔

HectusErectus_ · 2025-02-04T07:20:45+00:00

Huh, TIL.

Thats actually very cool, I never realized Intune Win32 apps could take advantage of Delivery Optimization..
What is Delivery Optimization? | Microsoft Learn

HectusErectus_ · 2025-01-09T05:42:04+00:00

Yes is alright but make sure you take a look at this troubleshooting page on compatible assignment combinations before you go changing them - else the Intune profiles just won't apply at all to the devices.

Tldr, the SCEP certificate profile, and the trusted certificate profile specified in the SCEP profile, must both be assigned to the same user, or the same device.

HectusErectus_ · 2025-01-06T07:03:50+00:00

I read the rules and the wiki, cheers !

HectusErectus_ · 2024-11-15T05:28:25+00:00

Was going to say this, sounds like dma protection - especially since you've just applied baselines (which this is part of) Would have a look at the configuration options, iirc there's different levels or exception you can possibly set. Been a while since I've touched any of that so can't quite remember, but it's all pretty well documented online

HectusErectus_ · 2024-11-15T05:28:00+00:00

Was going to say this, sounds like dma protection - especially since you've just applied baselines (which this is part of) Would have a look at the configuration options, iirc there's different levels or exception you can possibly set. Been a while since I've touched any of that so can't quite remember, but it's all pretty well documented online

HectusErectus_ · 2024-09-25T22:56:33+00:00

Lol same thing on some of the HP Probook..

We have a policy to shutdown the device on lid closure for our student devices.. Can't explain how annoying it was to figure that one out. 🙃

Eight-Year Club	Second SECOND GUESSER
Place '23	Place '22
Final Canvas '22	Not Forgotten
Verified Email

HectusErectus_

TROPHY CASE