Note: For organizations deploying to a large number of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as Windows Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to corecdn.threatlocker.com and apps.threatlocker.com
Note: This article is based on documentation from Microsoft and has not been verified by the ThreatLocker team.
To deploy ThreatLocker using Intune, follow the steps below.
Getting the PowerShell Script
Step 1:
Log into the ThreatLocker Portal. Make sure you are managing the correct organization or switch organizations using the ‘Organizations’ page. Select the ‘Devices’ page and select ‘Install Computer’.
Step 2:
Select ‘’Manual Deployment’ from the dropdown labeled ‘Select your deployment method’, then select the computer group the machine will belong to. Download the PowerShell Script for the selected group.
Adding the PowerShell Script into Microsoft Intune
Step 1:
Sign into Intune and navigate to Devices > Windows > Scripts and remediations > Platform scripts > Add
Step 2:
In the ‘Basics’ section, insert a name for your script. This can be named anything. Additionally, you can provide a description for the script. Select ‘Next’.
Step 3:
Within ‘Script settings’, use the ‘File Explorer’ icon to locate the script location. Select ‘No’ on all options underneath ‘Script Location’, then select ‘Next’.
Step 4:
In ‘Assignments’, define the scope of where you want this script to execute. In this example, we will be deploying to All Devices. You can optionally add groups to exclude as well. Select 'Next'.
Step 5:
In ‘Review + add’, review your setup and ensure all settings are set correctly. Select the ‘Add’ button at the bottom of the page.
After adding the script, please give your endpoints a reboot in order for ThreatLocker to install. Intune can take up to 15 minutes after the reboot to deploy the ThreatLocker deployment script to your endpoints.