search
Contact UsVisit GuardWare

GuardWare DISCOVER Agent Installation: Scanning Server

hashtag
Overview

In agentless deployments, the DISCOVER Agent can be deployed on a dedicated host or virtual machine, from which it establishes remote sessions with target systems over supported protocols (SSH, SMB, or WinRM) and with Microsoft 365 services via the Graph API using OAuth 2.0. After scanning, the Agent securely transmits results and activity logs to the Management Console for centralised monitoring and reporting.

This guide outlines the system requirements, installation procedures, and verification steps for deploying and configuring the DISCOVER Agent, including registering with Microsoft Entra ID to enable secure access to Microsoft 365 services and setting up remote agentless scanning.

hashtag
System Requirements

Ensure the device meets the following system requirements before installing the DISCOVER Agent:

Component
Requirements

Processor

8 cores or more

RAM

16 GB

Disk Space

Atleast 500 GB

Operating System

Windows 10, Windows 11, Windows Server 2019+

hashtag
1. Download the Agent Installer

  1. Log in to the DISCOVER Management Console.

  2. Navigate to ORGANISATION > Agent Configuration.

  3. Set the LOCATION as well as any other necessary values.

  1. Click Update.

  2. After saving, navigate to RESOURCES > Agent Download.

  3. Click Download MSI and wait for the download to complete.

hashtag
2. Install the DISCOVER Agent

  1. Navigate to where you downloaded the .msi file, place it in a directory or folder of your desired virtual machine or host device, and double-click to launch it.

  2. Select Next and click Install.

The GuardWare DISCOVER Agent installs silently and runs in the background.

To check whether the Agent is running, launch Task Manager (Ctrl + Shift + Esc), then search for GuardWare Scan Utility in the Background processes section.

hashtag
3. Configure Access to Microsoft Services

To scan Exchange Online and SharePoint Online, the DISCOVER Agent must first be registered in Microsoft Entra ID (formerly Azure AD), which provides the Tenant ID, Client ID, and Client Secret, authorising secure access to Microsoft 365 services. Once registered, it can access mailboxes and files to perform scans and remediations.

hashtag
3.1 Set Up Azure App Registration

  1. Log in to Microsoft Azurearrow-up-right using your Microsoft Entra ID (formerly Azure AD) administrator account.

  2. Click App registrations. If the App registrations option is not visible on the dashboard, look for it using the top Search bar.

  1. Click + New registration.

  1. Set the Agent name and select Accounts in this organizational directory only. The name "GuardWare DISCOVER" is used for illustrative purposes only.

  1. Leave the Redirect URI (optional) field empty and click Register.

circle-exclamation

After registration completes, note down the following values:

  • Agent (Client) ID

  • Directory (Tenant) ID

These values are required to configure GuardWare DISCOVER’s connection to SharePoint and Exchange Online; please keep them safe and secure.

  1. In the newly registered GuardWare DISCOVER Agent, go to Certificates & Secrets.

  1. Under the Client Secrets tab, click + New client secret.

  2. Enter the Description (optional), set the Expires, and click Add.

  1. Once the secret is generated, copy the Value (not the Secret ID) and store it securely.

hashtag
3.2 Assign Graph API Permissions

Only Global Administrators or Privileged Role Administrators can grant tenant-wide admin consent for Graph API permissions. Ensure you are signed into your Microsoft Azurearrow-up-right account with the appropriate Microsoft Entra ID (formerly Azure AD) administrator account.

  1. In the newly created Agent, select API Permissions and click + Add a permission.

  1. Under Microsoft APIs, click Microsoft Graph.

  1. Click Agent permissions and from the dropdown, select the following permissions:

Permission
What It Allows

Files.Read.All

Read all files across SharePoint and OneDrive

Files.ReadWrite.All

Read and write all files across SharePoint for remediation

Group.Read.All

Read Microsoft 365 group metadata

GroupMember.Read.All

Read group membership lists

Mail.Read

Read all mailbox content

Mail.ReadBasic.All

Read mail headers and metadata

Mail.ReadWrite

Required to delete/move or mark emails in Exchange Online

MailboxSettings.Read

Access mailbox rules, auto-replies, etc.

Sites.FullControl.All

For full access, including management actions

Sites.Read.All

Read SharePoint site metadata and structure

User.Read.All

Read all user profiles (name, email, role, department)

  1. Click Add permissions and select Grant admin consent for <your_organisation> to apply the permissions.

hashtag
4. Configure Remote Access

GuardWare provides a pre-written PowerShell script to configure remote access for agentless scanning. These scripts enable required services, set permissions, and configure firewall rules.

file-download
4KB
WinRM Configuration.ps1
arrow-up-right-from-squareOpen
file-download
3KB
OpenSSH Configuration.ps1
arrow-up-right-from-squareOpen
Target / Service
Protocol
Port(s)
Direction
Purpose / Notes

Windows Endpoints

WinRM

5985 (HTTP), 5986 (HTTPS)

Outbound

Remote management for scanning.

Other Endpoints

SSH

22

Outbound

Remote scanning by the DISCOVER Agent.

File Shares / SMB

SMB

445

Outbound

Access to on-premises file shares.

Cloud Services (Exchange/SharePoint)

HTTPS

443

Outbound

DISCOVER Agent access to Microsoft 365 via Graph API / SharePoint REST API.

If you prefer to configure remote access manually, you can refer to the GuardWare DISCOVER Remote Access Configuration Manual Setup.

hashtag
4.1 Deploy Script from Microsoft Intune

To deploy the script from Microsoft Intune, ensure that target devices are enrolled in Microsoft Intune with administrative access, are running Windows 10 or 11 (version 1607 or later, excluding Home and S Mode), are joined to Microsoft Entra ID, and have internet connectivity without firewall or proxy restrictions. Devices must also have .NET Framework 4.7.2 or later installed.

  1. Open a web browser on your Windows device and go to Microsoft Intune admin centerarrow-up-right. Sign in using your administrator credentials.

  2. In the left navigation pane, go to Devices > Scripts and remediations > Platform scripts and click +Add.

  1. Enter a Name for your script (e.g., Configure SSH), add an optional Description, and click Next.

4. Click the folder icon and upload the provided PowerShell script.

  • Set to No to run as System (recommended for admin-level operations like remote access).

  • Enforce script signature check: Enable only if your script is digitally signed.

  • Run the script in 64-bit PowerShell: Set to Yes for most modern systems, then click Next.

  1. If your organisation uses scope tags for role-based access control, add them here and click Next.

  2. Under Included groups, click Add groups and select the Microsoft Entra ID (formerly Azure AD) user or device groups you want to target (e.g., remote worker devices).

  1. Optionally, configure Excluded groups and click Next.

  1. Review your configuration, then click Create to deploy the script.

hashtag
4.2 Deploy Script from Group Policy Management Console (GPMC)

To deploy the PowerShell script using Group Policy, use the Group Policy Management Console (GPMC) to assign the script to Windows devices joined to your AD (Active Directory) domain. The script runs automatically on target devices according to the policy type.

  1. Press Windows + R, type gpmc.msc, and press Enter to open the Group Policy Management Console (GPMC).

  1. In the GPMC console, navigate to the Organizational Unit (OU) that contains the target devices.

  2. Right-click the OU and select Create a GPO in this domain, and Link it here.

  1. Enter a name for the GPO (e.g., Remote Access Configuration) and click OK.

  1. Right-click the newly created GPO and select Edit to open the Group Policy Management Editor.

  1. To deploy the script as a Startup script (runs as System), navigate to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown) > Startup.

  1. Click Add, then Browse to select your PowerShell script, or enter the network path if stored on a shared location, and click OK to save.

  1. To deploy the script as a Logon script (runs as the logged-in user), navigate to User Configuration > Policies > Windows Settings > Scripts (Logon/Logoff) > Logon.

  1. Click Add, then Browse to select your PowerShell script and click OK to save.

  1. Close the editor, then ensure the GPO is linked to the correct OU that contains the target devices.

  2. On a target device, open Command Prompt and run gpupdate /force to apply the new policy immediately, or wait for the next automatic Group Policy refresh.

Once deployed, the script executes on target devices based on the assigned policy type (Startup or Logon) and automatically applies the intended configuration.

hashtag
4.3 Deploy the Script Locally

To deploy the script locally, first configure SSH sessions to open in PowerShell instead of the default Command Prompt for compatibility.

  1. Open Run and type regedit to open the Registry Editor.

  1. Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH.

  1. Check for a string-value file named DefaultShell.

  2. If the file is not there, right-click on a space and select New > String Value.

  1. Name the value DefaultShell and open it.

  2. Set the value data as C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe. Modern systems may prefer C:\Program Files\PowerShell\7\pwsh.exe if PowerShell Core is supported.

  1. Click Start and type PowerShell.

  2. Right-click on it and select Run as administrator.

  1. Assuming the script is in your Downloads folder, type the following commands in PowerShell sequentially:

  1. Press Enter, type the filename along with its extension. e.g.:.\<WinRM Configuration.ps1>, and press Enter again.

  1. Close PowerShell.

hashtag
Uninstall the DISCOVER Agent

Before proceeding, ensure you have administrative privileges and have backed up any necessary configuration files or data.

triangle-exclamation

Please follow the given instructions carefully, as failing to uninstall properly can cause residual files to remain in your system, leading to registry errors, wasted storage space, and potential conflicts if you reinstall the agent later.

  1. Double-click the installer to launch the GuardWare DISCOVER Server Setup Wizard.

  2. Click Next.

  1. Select Remove and on the next page, click Remove.

  1. Wait for the process to complete. You may be prompted to restart your device to complete the uninstallation.

PreviousGuardWare DISCOVER Agent Installation: Endpoint DevicesNextManagement Console Quick Start Guide

Last updated