Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            TraitWare Windows Passwordless MFA Installer Guide (via Intune) - (Beta)

            Created by Chris Canfield, Modified on Thu, 8 Jan at 3:18 PM by Chris Canfield

            TraitWare Windows Passwordless MFA Agent Installer Guide

            Deployment Key Installation (Manual & Microsoft Intune)


            Note: This is currently in Beta. Reach out to contact@traitware.com if you are interested in being screened as a candidate for use.


            Overview

            This guide covers installing the TraitWare Windows Passwordless MFA agent using a Deployment Key. A deployment key enables device provisioning and optional user registration during installation.
            All command-line options and examples in this document assume a deployment key is being used.

            Note: Installing TraitWare without a deployment key (install-only scenarios) is covered in a separate document and is not included here.

            TABLE OF CONTENTS


            Installation Modes

            When using a deployment key, the installer supports the following modes:

            • Provision only – Provisions the device

            • Provision + user registration – Provisions the device and registers a user

            Installer behavior is determined entirely by the parameters provided.

            Create Deployment Key (TraitWare Console)


            The first step in a remote deployment is to create a Deployment Key. This is used in remote install scripts to automatically register the TraitWare Windows Passwordless MFA agent.



            In the TraitWare Admin Console, navigate to Deploy Endpoints

            Select the Remote Deployment tab

            Click New Remote Deployment


            Name the deployment, select a seat limit, and set the preferred expiration date

            Click Submit



            The key can be copied now or later for use in the deployment steps

            Click Done


            The Deployment Key is available to use 


            Additional options are available after creating the deployment key (Copy/Reovke/Delete)



            Manual Installation (Command Line)

            Installer Rules

            • DEPLOYMENTKEY only → Provision device

            • DEPLOYMENTKEY + user info → Provision device and register user

            • No DEPLOYMENTKEY → Not covered in this guide

            Installer Parameters

            Provisioning

            • DEPLOYMENTKEY
              Required to provision a device.

            User Information

            • USERDOMAIN
              • local → Local Windows user

              • EntraID → Microsoft Entra ID user

            • USEREMAIL
              TraitWare user email
              (Must match the Entra ID email when using USERDOMAIN=EntraID)

            • USERNAME
              Local Windows username (required for USERDOMAIN=local)

            • USERPASSWORD
              Required for Entra ID users
              Optional for some local-user flows

            Local User Options

            (Only applicable when USERDOMAIN=local)

            • CREATELOCALUSER=true
              Creates the local user if it does not exist

              • Password is automatically generated

            • AUTOGENERATEPASSWORD=true
              Validates the existing password and sets a new random password

            • FORCERESETPASSWORD=true
              Resets the local password without validating the old password
              (Only used when AUTOGENERATEPASSWORD is not explicitly set to false)

            • No password flags
              Requires the current password and does not change it

            Example Commands

            Replace placeholder values (< >) with real values.


            Note: Make sure the .msi file name listed in the script is the same version used on the .intunewin installer being used. It is correct to name the .msi file in the script as in the examples. Do NOT rename this to the .intunewin filename.


            It will always have the form: TraitWareInstaller_x_x_x.msi where x is replaced with the version number on the TraitWareInstaller_x_x_x.intunewin file.



            Provision Device Only

            msiexec /i "TraitWareInstaller_2_1_0.msi" /qn /norestart DEPLOYMENTKEY=<deployment-key>


            Provision + Entra ID User

            msiexec /i "TraitWareInstaller_2_1_0.msi" /qn /norestart DEPLOYMENTKEY=<deployment-key> USERDOMAIN=EntraID USEREMAIL=<user-email> USERPASSWORD=<user-password>


            Provision + Local User (Create if Missing)

            msiexec /i "TraitWareInstaller_2_1_0.msi" /qn /norestart DEPLOYMENTKEY=<deployment-key> USERDOMAIN=local USEREMAIL=<user-email> USERNAME=<local-username> CREATELOCALUSER=true


            Provision + Local User (Use Existing Password)

            msiexec /i "TraitWareInstaller_2_1_0.msi" /qn /norestart DEPLOYMENTKEY=<deployment-key> USERDOMAIN=local USEREMAIL=<user-email> USERNAME=<local-username> USERPASSWORD=<current-password>


            Provision + Local User (Force Password Reset)

            msiexec /i "TraitWareInstaller_2_1_0.msi" /qn /norestart DEPLOYMENTKEY=<deployment-key> USERDOMAIN=local USEREMAIL=<user-email> USERNAME=<local-username> FORCERESETPASSWORD=true



            Microsoft Intune Deployment (Intune Console)

            Create the Application

            1. Open Intune Admin Center

            2. Go to Apps → Windows

            3. Click Create

            4. Select Windows app (Win32)

            5. Click Select

            Upload the Package

            1. Upload the .intunewin file

            2. Click OK

            3. Click Next

            App Information

            1. Enter  Publisher (TraitWare, Inc.)

            2. Click Next

            Program Configuration

            1. Paste your install command

            2. Example: 

              msiexec /i "TraitWareInstaller_2_1_0.msi" /qn /norestart DEPLOYMENTKEY=<deployment-key> USERDOMAIN=local USEREMAIL=<user-email> USERNAME=<local-username> CREATELOCALUSER=true


            3. Click Next

            Requirements

            1. Set the minimum supported Windows version

            2. Click Next

            Detection Rules

            1. Click Add

            2. Choose Manually configure detection rules

            3. Rule type: MSI

            4. Use the automatically populated Product Code 

            5. Click OK, then Next

            Dependencies

            • Leave empty

            • Click Next

            Supersedence

            • Leave empty

            • Click Next

            Assignments

            1. Assign the app to users or devices

            2. Example group added

            3. Click Next

            Review & Create

            1. Review configuration

            2. Click Create



            The TraitWare Authentication app is set up. It may take a few moments for it to populate in the list while it is set up. Click refresh to see it.


            Notes

            • Always include /norestart

            • Control restarts using Intune policies

            • Ensure Entra ID user emails exactly match the Entra ID account



            Deployment and Sync


            Intune will automatically sync the TraitWare Endpoint agent to the selected machines and users from the above steps. The time it takes Intune to run a sync can vary depending on many factors.  Often, a restart of the machine will initiate a sync. A sync can also be triggered manually by device or across multiple devices.



            Bulk Device Sync



            Navigate to Devices>Windows. Click Bulk device actions. 



            Select Windows, Physical devices, and Sync from the dropdown menus. Click Next at the bottom of the screen (not pictured).




            Confirm the devices to sync. Click Next.



            Review all settings and click Create.


            Note: it may take time to sync to the user devices. A restart of the devices may prompt the sync to happen faster.



            Single Device Sync


            Navigate to Devices and Windows. Select a single device from the list of devices to sync.



            Select Sync.



            Select Yes to initiate the sync to the single device.


            Note: it may take time to sync to the user device. A restart of the device may prompt the sync to happen faster.



            For any questions, email support@traitware.com.



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0