Skip to content

Workspace ONE script assignment #461

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
joshdrake wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Workspace ONE script assignment #461

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0afaabe
Fix type in WS1 Credential configuration docs.
joshdrake Nov 18, 2025
49843e7
Update WS1 deployment script docs.
joshdrake Nov 18, 2025
2951122
Merge branch 'main' into josh/ws1-script-assignment
tashian Nov 18, 2025
325d03d
Update capi URI for Intune
tashian Nov 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions tutorials/connect-intune-to-smallstep.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
updated_at: November 06, 2025
updated_at: November 18, 2025
title: Connect Intune to Smallstep
html_title: Connect Microsoft Intune to Smallstep Tutorial
description: Connect Microsoft Intune to Smallstep for Windows device identity. Step-by-step guide for enterprise device trust with MDM integration.
Expand Down Expand Up @@ -132,7 +132,7 @@ In this step, we’ll tie everything together by creating Windows policy to enro
3. Download the Intermediate Certificate
4. Copy and temporarily save the **SCEP server URL** shown on the page, eg. `https://agents.example.ca.smallstep.com/scep/integration-intune-b967f507`
2. Visit [Team Settings](https://smallstep.com/app/?next=/settings/team)
1. Copy and temporarily save the **Team ID** value
1. Copy and temporarily save the **Team Name** and **Team ID** values

### 6. Create a Policy in Intune

Expand Down Expand Up @@ -161,11 +161,11 @@ In this step, we’ll tie everything together by creating Windows policy to enro
2. Team Slug: (paste the Team ID you saved earlier)
3. Certificate URI:
```
capi:store-location=machine;store=My;issuer=Smallstep (<TeamSlug>) Agents Intermediate CA;cn=step-agent-bootstrap
capi:store-location=machine;store=My;issuer=Smallstep (<team-name>) Agents Intermediate CA;cn=step-agent-bootstrap
```
Replace `<TeamSlug>` in the “Certificate URI” with your team’s slug.
Replace `<team-name>` in the “Certificate URI” with your full team name.
If your team was created before October, 2024,
your issuer CA may have a common name without the team slug ("Smallstep Agents Intermediate CA").
your issuer CA may have a common name without the team name ("Smallstep Agents Intermediate CA").
Not sure? Check your [Authority list](https://smallstep.com/app/?next=/cm/authorities).
4. Leave the other settings as is.
5. Choose “OK”
Expand Down
11 changes: 8 additions & 3 deletions tutorials/connect-workspace-one-to-smallstep.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,18 +69,23 @@ Within a few minutes after adding the connection, you should see all of your Wor
2. Choose **Add** and then **Windows**
1. In the General tab, provide a name for the script, such as “Smallstep Agent Enrollment”
2. On the Details tab, ensure the **Language** is “Powershell” and the **Execution Context & Privileges** is “System Context”
3. Use the following snippet as the **Code**, making sure to replace `<team-id>` with the Team ID value you copied from the Smallstep UI earlier.
3. Use the following snippet as the **Code**, making sure to replace `<team-id>` with the Team ID value you copied from the Smallstep UI earlier. `<team-name>` should be replaced with your full Team name shown in the Smallstep dashboard.

```xml
New-Item -Path "HKLM:\Software\Policies\Smallstep"
Set-ItemProperty -Path "HKLM:\Software\Policies\Smallstep" -Name "TeamSlug" -Value "<team-id>"
Set-ItemProperty -Path "HKLM:\Software\Policies\Smallstep" -Name "Certificate" -Value "capi:store-location=machine;store=My;issuer=Smallstep (<team-id>) Agents Intermediate CA;cn=$env:DEVICE_ID"
Set-ItemProperty -Path "HKLM:\Software\Policies\Smallstep" -Name "Certificate" -Value "capi:store-location=machine;store=My;issuer=Smallstep (<team-name>) Agents Intermediate CA;cn=$env:DEVICE_ID"
```

If your team was created before October, 2024,
your issuer CA may have a common name without the team slug ("Smallstep Agents Intermediate CA").
Not sure? Check your [Authority list](https://smallstep.com/app/?next=/cm/authorities).
4. In the Variables tab, click **Add**. Set the variable **Key** to `DEVICE_ID` and the variable **Value** to `{DeviceUuId}`
4. In the Variables tab, click **Add**. Set the variable **Key** to `DEVICE_ID` and the variable **Value** to `{DeviceUuId}`
5. Click **Save** to save the script.
6. Select the newly created script and click the **Assign** button.
7. Name the assignment as desired and select the appropriate Smart Group. Click **Next**.
8. For **Deployment**, select "Run Once Immediately" for the **Triggers**. Click **Add**.
9. Click **Save and Publish**. Click **Publish** on the additional prompt if one is shown.

### 4. Deploy and configure the Smallstep Agent

Expand Down