InTune Syncro Install


Are there documents to guide us through installing SyncroMSP via InTune?

Thank you,


Here is a sanitized version of the script I used while testing it. Pull the installer from your own domain first and fall back to a Syncro link second.

## Install SyncroRMM if not already installed
if (-not(Test-Path -Path 'C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe' -PathType Leaf)) {
    $ProgressPreference = 'SilentlyContinue' # Hide irw progress bar to boost speed
    try {
        Invoke-WebRequest -Uri -Outfile $env:temp\SyncroSetup-mspname-0000000.exe
        & $env:temp\SyncroSetup-mspname-0000000.exe --console
    } catch {
        try {
            Invoke-WebRequest -Uri  -Outfile $env:temp\SyncroSetup-mspname-0000000.exe
            & $env:temp\SyncroSetup-mspname-0000000.exe --console --customerid 111111 --policyid 0000000
        } catch {}
1 Like

Posted to my current GitHub dev project. I welcome any pull requests.

1 Like

Thank you – we modified this and used it successfully. It’s fairly mindblowing for Intune to install the RMM agent for us.

You can actually grab the .msi installer and upload it as a LOB application. I have done this for different locations and assigned users to a security group that get them. When the user logs in on a device it pulls the correct one based on folder and installs it. Works quite well.

Hope this helps.

Interesting! This is all brand new to me.


I use different folders in Syncro to separate devices by location. I then grab the installer for that folder (in .msi) and create an app for that location. I have a security group auto assign users based on information in their profile (in my case, state) and assign that to the app, and it auto installs for me if that device is enrolled with Intune, or goes through AutoPilot.

If Syncro is already installed, it will just silently fail to install. I have not had an issue with this method so far.

That’s a really great idea. There is so much power and flexibility with Intune!!

Using a script is more effective than uploading a line A line of business application. With the script you can have the script install correctly for each client or even each asset. We use custom fields in our synchrocustomers and clients to control the installer.

I’m struggling to get this script to work. I guess I’m doing something silly :slight_smile:

If I select the link directly, it downloads the file no bother.

Install SyncroRMM if not already installed

if (-not(Test-Path -Path ‘C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe’ -PathType Leaf)) {
$ProgressPreference = ‘SilentlyContinue’ # Hide irw progress bar to boost speed
try {
Invoke-WebRequest -Uri -Outfile $env:temp\SyncroSetup-MSP_NAME-v1-12345678.exe
& $env:temp\SyncroSetup-MSP_NAME-v1-12345678.exe --console --customerid 98765432 --policyid 12345678
} catch {}

The URI is correct from Syncro. The customer ID & policy ID I get from the command line code supplied in Syncro, though it says folder ID instead of policy ID. It’s the same number on the end of the downloadable file. Have I missed something or got something completely incorrect?

  • 1 having the same issue.

Has anyone tested / used this script since the Policy Inheritance update? Just wondering if that’s why there’s this policy ID vs folder ID confusion?

Sounds like it needs to be updated, I had a script I was using to install the agent via GPO, that still worked after the change it just put devices in the root instead of the correct folder. I say that only to say unless a recent agent update causes the install to fail when the agentID is specified that would not be the only issue.

I have not gotten to managing devices via Intune so I can’t actually help with the real question here.

Edit: it would be a good idea to double check your download url and make sure it actually downloads the agent, and double check your customer ID, and update the line to specify folderID or nothing.

Remember since the PI change every client has unique folderIDs so you’d need to update that var per client and asset group.

As @brandon6 taught me above, we just dumped the actual downloaded MSI a for the proper policy folder of the proper client and it works flawlessly! If Syncro’s agent is already there, it just will throw an error.

So I changed policyid to folderid and it installed. It gives me an UAC prompt (do you want to allow Syncro to make changes etc) that you have to select allow on rather than installing in the background without user interaction. If there’s a way to avoid this, that would be perfect. I’ve got a feeling it would need to be set in Intune as I don’t want these users to not have UAC pop-ups, just for Syncro.

In Syncro go to new asset like your going to be downloading an agent. There are 4 options (exe, MSI, pkg and command line) select Command Line. From here you can get the link to download the agent and it shows you how, the cmd should be something like

SyncroSetup.exe --console --customerid 654321 --folderid 24653

Where customer and folder IDs match your tenant

I still use this script. I had a machine that auto-installed Synco silently as recently as last night. No prompts.

Was it installed from Intune? When I run it locally on my machine I get a UAC box.

Intune is installing the apps as the system user, which will not open any prompts. In fact, end user should not see anything at all on their screen.

1 Like

Do you need to add an argument or just upload the msi file?

In my script, the first try block attempts to download from one of your own servers aka I put mine in AWS S3 or CloudFlare accelerated Wasabi S3 buckets. But you could also just upload them to a folder on your website.

The second attempt uses the URL you are given from Syncro. But you can do it any want you want. I would recommend you test the script before just blindly putting it on Azure.

I would also recommend you enable General Preferences / RMM Settings / Enabled Asset Approval. That way you know when they work and can assign the assets to the correct policy.