Securing

DeployR implements multiple security mechanisms for controlling who can run task sequences. It is recommended that you configure at least one of these:

  • Entra ID authentication. Leverage the Entra ID device flow for the technician to log in using their Entra ID credentials from a phone or other device.

  • Passcode authentication. The technician will log in using a passcode string that has been shared with them by the IT administrator. (Anyone who knows the passcode can use it.)

  • Certificate authentication. In an existing OS, a task sequence can be initiated using an existing certificate for authentication so no manual authentication needs to be performed.

It is also possible to bypass authentication altogether by enabling the "Bypass authentication" setting:

With that configured, no authentication will be required from any user; anyone can run any task sequence.

Note: StifleR currently requires the "Bypass local authentication" setting since it cannot presently authenticate with DeployR. This also means that DeployR and StifleR need to be installed on the same computer.

Also, you will only be able to upload content from the StifleR dashboard running on the DeployR server itself, due to the browser talking directly to the DeployR service for these uploads. (All other communication from StifleR to DeployR happens through the StifleR service.)

These restrictions will be removed in a future update to StifleR.

The DeployR client will try the available authentication mechanisms in this order:

  1. Anonymous

  2. Certificate

  3. Entra ID

  4. Passcode

If none of these are enabled or configured, the device will continue to ask for a passcode but you will not be able to proceed further.

PreviousInstallationNextEntra ID authentication

Last updated