Skip to main content

Illumio Install, Configure, and Upgrade Guide 24.2.20

Deploy an Illumio Endpoint VEN as a private app using Intune

This document describes how to use Microsoft Intune to easily deploy the Illumio Endpoint VEN (Virtual Enforcement Node) to remote Intune-managed Windows devices at scale. The process creates a Win32 app package that becomes a Company Portal app. The portal serves as a private app repository for your organization.

Installing Endpoint VENs on your Intune-managed Windows devices allows you to visualize your traffic and secure your corporate assets through policy-driven network segmentation.

STEP 1: Download resources and create folders

  1. Download Illumio Windows VEN release 24.2.x or later from the Illumio Support Portal. For example:

    illumio-ven-24.2.10-1053.win.x64.exe

  2. Download the Microsoft Win32 Content Prep Tool from GitHub. This tool is required to convert the installer into a format suitable for Intune deployment.

  3. Create three folders on your local machine:

    • Source Folder: Containing the Windows VEN.

    • Input Folder: For installation files.

    • Output Folder: Where you'll save the .intunewin file.

STEP 2: Create the .intunewin file

  1. Place the Windows VEN (.exe) into the Input folder.

  2. From a command line, navigate to the directory where you downloaded the Win32 Content Prep Tool.

  3. Run the Prep tool by issuing the following command:

    .\IntuneWinAppUtil.exe -c <path-to-input-folder> -s <Windows-VEN>.exe -o <path-to-output-folder>
STEP 3: Configure the application in Intune

  1. Sign in to Microsoft Endpoint Manager.

  2. Go to the Microsoft Intune Admin Center.

  3. Navigate to Apps > Windows > Add > Windows app (Win32).

  4. Upload the .intunewin file you created in STEP 2.

  5. Enter application information:

    • Name: Illumio Windows VEN

    • Description: Virtual Enforcement Node from Illumio

    • Publisher: Illumio

  6. Set the Installation Command:

    <Windows-VEN>.exe /install /quiet /norestart /log C:\Windows\temp\IllumioEndpointInstall.log MANAGEMENT_SERVER=<PCE_URL> ACTIVATION_CODE=<ACTIVATION_CODE>

  7. Set the Uninstallation Command:

    "C:\Program Files\Illumio\illumio-ven-ctl.exe" unpair saved 

  8. Configure Detection Rules:

    • Rule Type: File

    • Path: %ProgramFiles%\Illumio\illumio-ven-ctl.exe

    • File or Folder Exists: Yes

  9. Set Requirements (e.g., Windows 10 and later).

STEP 4: Assign the application to Windows devices

  1. In the Assignments section, select the groups of devices for VEN deployment.

  2. Set installation intent (required for automatic installation).