Extended Guide

Onboard the RealmJoin Portal

Onboarding onto the RealmJoin Portal will establish the initial connection to RealmJoin. Administrators will be able to choose from the Quick or Advanced Setup once complete. This guide continues with the Advanced Setup path.

Proceed with the Advanced Setup

Use Advanced Setup to deploy RealmJoin with granular permission control. You can add or remove permissions later with the RealmJoin PowerShell module.

Establish Group Permissions

Assign RealmJoin access through Entra groups.

Use built-in roles for standard access or create custom roles for stricter control.

Set up the RealmJoin Agent

Install the RealmJoin Agent on Windows devices to unlock agent-based features such as application lifecycle management, RealmJoin ESP, LAPS, notifications, AnyDesk integration, audit tasks, and compliance checks.

If you do not need the agent, continue to the next relevant step.

Set up optional RealmJoin Agent add-ons

Enable optional add-ons that require additional configuration after the agent is installed.

Use this step if you want to extend the agent with:

• LAPS for managed local admin accounts, password rotation, and secure password storage

• AnyDesk Integration for remote support workflows directly from RealmJoin Portal

If you do not need these add-ons, continue to the next step.

Connect Azure Automation

Connect Azure Automation to enable runbooks and remediation scripts.

These features automate recurring administrative tasks, reduce manual effort, and improve traceability.

Connect Azure Log Analytics Workspace

Connect a Log Analytics Workspace to store RealmJoin audit data and runbook execution logs.

This also enables integrations such as Windows Update for Business reporting.

Deploy Packages

RealmJoin Portal provides and maintains a large library of ready-to-use packages for Windows and macOS.

When deploying packages, first decide whether the application should be delivered through Microsoft Intune or through the RealmJoin Agent. This depends on your deployment model and whether you want to use agent-based features.

For new applications, start with a pilot group before assigning packages broadly. If a newer package version is available, you can test it as a Preview before promoting it into production. Once validation is complete, you can enable update automation for ongoing lifecycle management.

If a required application is not available in the Package Store, use Packaging Requests to request a generic, custom, or organic package for your environment.

A typical rollout is: import package → configure assignments → test with pilot users or devices → enable automation.

Configure optional platform features

After the core setup is complete, you can enable additional features for daily operations.

Workplace Cloud Storage connects an Azure Storage Account to the RealmJoin Portal. Once connected, administrators can:

• Manage favorites for Edge and Google Chrome

• Store backgrounds and other files with a publicly accessible URL

• Store Outlook signature templates

Self Service Forms are a convenient way to collect structured data from users. This can be used to let users report incidents or indicate changes, like the need for a new workplace setup in an office.

Group namespaces assist the RealmJoin Portal in sorting groups into different categories based off a specified prefix. The RealmJoin Portal includes default group namespaces, however additional namespaces may be added.

The Software Report aggregates data from the RealmJoin Agent and Intune to provide a list of all applications, their versions and the method of deployment.