This article explains how to deploy the CrowdStrike Falcon agent on macOS and Windows devices using FleetDM and Factorial IT MDM. You will learn how to download the installation packages from the CrowdStrike admin console, retrieve your CustomerID, import the packages into FleetDM, configure the installation scripts, and create compliance policies for both operating systems.
Prerequisites
- Factorial IT MDM properly configured and operational
- Access to the Crowdstrike admin console
- Access to your FleetDM instance : https://yourdomain.mdm.getprimo.com
Deploy Crowstrike Falcon agent
Step 1: Download the installation files and retrieve the CustomerID
- Log in to the Crowdstrike admin console
- Navigate to Host setup and management → Deploy → Sensor downloads
- Download the following files:
- macOS: .pkg installer
- Windows: .exe installer
- Copy your CustomerID (also referred to as CID), which will be required to activate the agent after installation
Step 2: Import the installation files into FleetDM
- Import the macOS package
- In FleetDM, go to Software → Add Software → Custom Package
- Click Upload package and select the previously downloaded .pkg file
- Click Save
- Import the Windows package
- In FleetDM, go to Software → Add Software → Custom Package
- Click Upload package and select the previously downloaded .exe file
- Click Save
Step 3: Add the installation commands with the CustomerID
- macOS install script
- In the configuration for the macOS .pkg package, locate the Install script field (show advanced options)
- Add the following line at the end of the scripte (replace CustomerID with your actual CID):
/Applications/Falcon.app/Contentes/Resources/falconctl license CustomerID- Click Save changes.
- Windows install script
- In the configuration for the Windows .msi package, locate the install script field (show advanced options)
- Copy/paste this in the install script (replace CustomerID with your actual CID):
$exeFilePath = "${env:INSTALLER_PATH}"try {# Add argument to install silently# Argument to make install silent depends on installer,# each installer might use different argument (usually it's "/S" or "/s")$processOptions = @{ FilePath = "$exeFilePath" ArgumentList = "/install /quiet /norestart CID=CustomerID" PassThru = $true Wait = $true} # Start process and track exit code$process = Start-Process @processOptions$exitCode = $process.ExitCode# Prints the exit codeWrite-Host "Install exit code: $exitCode"Exit $exitCode} catch { Write-Host "Error: $_" Exit 1}- Copy/paste this script as Uninstall script
# Fleet extracts name from installer (EXE) and saves it to PACKAGE_ID# variable$softwareName = $PACKAGE_ID# It is recommended to use exact software name here if possible to avoid# uninstalling unintended software.$softwareNameLike = "*$softwareName*"# Some uninstallers require a flag to run silently.# Each uninstaller might use different argument (usually it's "/S" or "/s")$uninstallArgs = "/S"$machineKey = ` 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*'$machineKey32on64 = ` 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'$exitCode = 0try {[array]$uninstallKeys = Get-ChildItem ` -Path @($machineKey, $machineKey32on64) ` -ErrorAction SilentlyContinue | ForEach-Object { Get-ItemProperty $_.PSPath }$foundUninstaller = $falseforeach ($key in $uninstallKeys) { # If needed, add -notlike to the comparison to exclude certain similar # software if ($key.DisplayName -like $softwareNameLike) { $foundUninstaller = $true # Get the uninstall command. Some uninstallers do not include # 'QuietUninstallString' and require a flag to run silently. $uninstallCommand = if ($key.QuietUninstallString) { $key.QuietUninstallString } else { $key.UninstallString } # The uninstall command may contain command and args, like: # "C:\Program Files\Software\uninstall.exe" --uninstall --silent # Split the command and args $splitArgs = $uninstallCommand.Split('"') if ($splitArgs.Length -gt 1) { if ($splitArgs.Length -eq 3) { $uninstallArgs = "$( $splitArgs[2] ) $uninstallArgs".Trim() } elseif ($splitArgs.Length -gt 3) { Throw ` "Uninstall command contains multiple quoted strings. " + "Please update the uninstall script.`n" + "Uninstall command: $uninstallCommand" } $uninstallCommand = $splitArgs[1] } Write-Host "Uninstall command: $uninstallCommand" Write-Host "Uninstall args: $uninstallArgs" $processOptions = @{ FilePath = $uninstallCommand PassThru = $true Wait = $true } if ($uninstallArgs -ne '') { $processOptions.ArgumentList = "$uninstallArgs" } # Start process and track exit code $process = Start-Process @processOptions $exitCode = $process.ExitCode # Prints the exit code Write-Host "Uninstall exit code: $exitCode" # Exit the loop once the software is found and uninstalled. break }}if (-not $foundUninstaller) { Write-Host "Uninstaller for '$softwareName' not found." # Change exit code to 0 if you don't want to fail if uninstaller is not # found. This could happen if program was already uninstalled. $exitCode = 1}} catch { Write-Host "Error: $_" $exitCode = 1}Exit $exitCode- Click Save changes
Step 4: Create compliance policies in FleetDM
Create two separate policies to confirm that the CrowdStrike agent is installed on both macOS and Windows devices.
4.1 macOS policy
- In FleetDM, go to Policies > Add Policy.
- Use the following query:
SELECT 1 FROM apps WHERE bundle_identifier = 'com.crowdstrike.falcon';- Name the policy: CrowdStrike installed (Windows)
- Save the policy.
4.2 Windows policy
- In FleetDM, go to Policies > Add Policy.
- Use the following query:
SELECT 1 FROM programs WHERE name = 'Falcon';- Name the policy: CrowdStrike installed (macOS)
- Save the policy.
Step 5: Assign the application to the compliance policies
- In FleetDM, go to Policies.
- Click on Manage automations > Software.
- Select the policies you just created and assigned the corresponding Software
Congratulations, you just deployed CrowdStrike !