Deploying Level RMM Using A Microsoft Intune Platform Script.
Streamlining Level RMM deployment across Windows devices using PowerShell and a Microsoft Intune deployment script.
Overview.
Level is a lightweight remote monitoring and management platform for Windows devices. It can be deployed manually, although most organisations prefer to automate installation through device management tooling.
This article explains how to deploy the Level agent using a Microsoft Intune platform script. This approach provides a reliable and centrally managed installation path and ensures that devices are onboarded in a predictable way.
The method described here is suitable for both small scale and full fleet rollouts and is one of the simplest ways to ensure that the Level agent installs silently without user interaction.
Understanding The Level Silent Installer.
Before creating the script, it is important to understand what the Level silent installer does. Level generates an API key which is included in the installation arguments. This key does not provide administrative access to the Level platform. It is used only to enroll the device during installation.
Once the device is enrolled, the key has no further active purpose unless it is reused elsewhere.
The installer file is downloaded from Level directly and is executed by the script on the target device. Intune then reports the success or failure of the script to assist with troubleshooting.
For example:
$args = "LEVEL_API_KEY=XXXXXXXXXXXXXXXXXXXXXXXX";
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
$tempFile = Join-Path ([System.IO.Path]::GetTempPath()) "level.msi";
$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri "https://downloads.level.io/level.msi" -OutFile $tempFile; $ProgressPreference =
'Continue'; Start-Process msiexec.exe -Wait -ArgumentList "/i `"$tempFile`" $args /qn";
This script instructs the device to download the Level MSI installer from the Level content delivery network using TLS version 1.2 in order to ensure a secure connection. The file is written to the system’s temporary directory and then executed through msiexec as a completely silent installation using the /qn switch.
Creating The Platform Script.
Sign in to the Level RMM platform and copy the silent install command for windows. This will look something like the following:
$args = "LEVEL_API_KEY=XXXXXXXXXXXXXXXXXXXXXXXX"; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $tempFile = Join-Path ([System.IO.Path]::GetTempPath()) "level.msi"; $ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri "https://downloads.level.io/level.msi" -OutFile $tempFile; $ProgressPreference = 'Continue'; Start-Process msiexec.exe -Wait -ArgumentList "/i `"$tempFile`" $args /qn";
Create a
.ps1file, paste the silent install command obtained in step 1and save the file. You will need to upload this file to Microsoft Intune in step 7.Sign in to the Microsoft Intune admin center and go to Devices > Scripts and remediations > Platform scripts.
Select
Add, thenWindows 10 and later.Provide a name and description for the script, and choose Next.
On the Script settings blade;
Set
Run this script using the logged on credentialstoNo.Set
Enforce script signature checktoNo.Set
Run script in 64 bit PowerShell HosttoNo.
Upload the Level RMM PowerShell script.
Select Next.
Specify the assignments and choose next. It is recommended to create a dedicated device group for any devices that will be onboarded to Level so the Level agent can be deployed in a controlled and predictable manner.
Select Create.
Post Deployment Verification.
Once the script has been assigned and devices begin to check in, Intune will report whether the script executed successfully. You can review results within the Platform script view in the Intune portal.
You should also sign in to the Level dashboard to confirm that newly onboarded devices appear as expected. After a few minutes each device should report its status, policies should apply and the agent should begin sending telemetry.
If you want a higher level of assurance, you can also create a remediation script within Intune that checks for the presence of the Level service and confirms that the installation has not been removed or disrupted. This can help detect devices where users or third party software have interfered with the agent.
