Deploying UniFi Endpoint For Windows at Scale
MDM solutions (such as Microsoft Intune) or Group Policy can be used to deploy UniFi Identity Endpoint across Windows devices at scale. The MSI installer supports pre-configured settings to ensure consistent application behavior aligned with organizational policies.
This article outlines the general deployment process and available MSI configuration properties. For an overview of UniFi Identity Endpoint, see this article.
Deploying UniFi Endpoint
To deploy UniFi Endpoint at scale:
- Download the UniFi Endpoint Windows Installer (64-bit MSI) file here.
- Perform a silent installation using
msiexec. - Define the
ORG_DOMAINproperty to ensure that they are associated to your organization's Fabric. - Configure any optional MSI properties from the table below.
- Deploy through your preferred MDM or Group Policy workflow.
The example below performs a silent installation of UniFi Endpoint, pre-configures the example.com domain for enrollment, enables launch at startup, and enforces VPN auto-connect.
msiexec /i "UniFi Endpoint.msi" /quiet /norestart ORG_DOMAIN=example.ui.com LAUNCH_AT_STARTUP=1 CONNECT_VPN_ON_STARTUP=1 ENFORCE_CONFIG_CONNECT_VPN_ON_STARTUP=1MSI Properties
| MSI Property | Registry Value | Default | Locks |
| ORG_DOMAIN | OrgDomain | (empty) | Organization domain for onboarding. When set, the Welcome screen pre-fills this domain so users do not need to enter it manually. Example: example.ui.com. |
| CHECK_UPDATE | CheckUpdate | 1 | Enable automatic update checks. 1 = enabled, 0 = disabled. |
| LAUNCH_AT_STARTUP | LaunchAtStartup | 1 | Launch the application automatically when the user logs in. 1 = enabled, 0 = disabled. |
| CONNECT_WIFI_ON_STARTUP | ConnectWiFiOnStartup | 0 | Automatically connect to the assigned Wi-Fi network on application startup. 1 = enabled, 0 = disabled. |
| CONNECT_VPN_ON_STARTUP | ConnectVpnOnStartup | 0 | Automatically connect to the assigned VPN on application startup. 1 = enabled, 0 = disabled. |
| AUTO_RECONNECT_WIFI | AutoReconnectWiFi | 0 | Automatically reconnect to the assigned Wi-Fi network if the connection drops. 1 = enabled, 0 = disabled. |
| LAUNCH_AFTER_INSTALL | (not persistant) | 0 | Launch UniFi Endpoint immediately after installation completes. The app is launched as the logged-in user with standard (non-elevated) privileges, not as the SYSTEM account that runs the installer. 1 = launch after install, 0 = do not launch. This only affects the single install run; it is not stored as a persistent setting. |
| ADD_DESKTOP_SHORTCUT | (not persistant) | 1 | Create a desktop shortcut for UniFi Endpoint during install. 1 = create shortcut, 0 = do not create shortcut. This only affects the install run; existing shortcuts from previous installs are not removed. |
| INSTALLFOLDER | InstallLocation | %ProgramFiles%\UniFi Identity Standard\ | Installation directory path. |
| ENFORCE_CONFIG_ORG_DOMAIN | EnforceConfigOrgDomain | 0 | Organization domain. 1 = locked, 0 = user can configure. |
| ENFORCE_CONFIG_CHECK_UPDATE | EnforceConfigCheckUpdate | 0 | Auto-update check. When enforced with CHECK_UPDATE=0, manual update checks are also blocked. |
| ENFORCE_CONFIG_LAUNCH_AT_STARTUP | EnforceConfigLaunchAtStartup | 0 | Launch at startup. 1 = locked, 0 = user can configure. |
| ENFORCE_CONFIG_CONNECT_WIFI_ON_STARTUP | EnforceConfigConnectWiFiOnStartup | 0 | Wi-Fi auto-connect on startup. 1 = locked, 0 = user can configure. |
| ENFORCE_CONFIG_CONNECT_VPN_ON_STARTUP | EnforceConfigConnectVpnOnStartup | 0 | VPN auto-connect on startup. 1 = locked, 0 = user can configure. |
Note: Enforced settings are no longer displayed to users in the Settings panel.