How to Set Up Intel® Endpoint Management Assistant (Intel® EMA)



The Intel vPro® platform includes hardware-level manageability for endpoint PCs, provided by Intel® Active Management Technology (Intel® AMT). Intel® Endpoint Management Assistant (Intel® EMA) is modern, cloud-enabled software with integrated Intel® AMT capabilities. You can incorporate it into your existing IT support processes for improved endpoint security, out-of-band access, and better remote management of business desktops virtually anywhere on known networks in your hybrid workplace.

Once you have installed the Intel® EMA server, setting it up to work with Intel® AMT for device management is much the same process, no matter whether the server is installed on premises or in the cloud. In broad strokes, the setup process involves creating a tenant, adding users, defining endpoint groups for the devices that will be managed by the users, and generating agent installation files for the endpoint devices.

Create a Tenant and Add Users

A tenant is a usage space within the Intel® EMA server that represents a particular business entity, such as an organization or location within a company. One Intel® EMA server can support multiple tenants. The users, endpoint groups, and endpoints under one tenant are separate from those under another tenant.

Each tenant needs at least one tenant administrator, which is different than the Intel® EMA global administrator.

The first time you log in with the global administrator credentials, you’ll see a Getting Started screen.

  1. Click Create a tenant, give the new tenant a name and description, and then click Save.
  2. On the left-side panel, click Users, and then click New user to create your first user, the tenant administrator.
  3. You can later add more users as needed, and you can organize them into user groups. All users have access to all endpoints on a tenant, though a user group can be created that has read-only access.

Create Endpoint Groups

Endpoints are the devices that will be managed by the Intel® EMA tenant, and an endpoint group is a set of devices that will all be governed by the same policies and the same Intel® AMT profile. You might, for example, define work-from-home Intel vPro® platform–enabled laptops as an endpoint group, or you might have different groups for your accounting and engineering teams.

Intel® AMT must be set up on your endpoints if you plan to use the out-of-band management features of Intel® EMA. You can set it up automatically as part of creating an endpoint group, but note that first you must have an Intel® AMT public key infrastructure (PKI) certificate and create an Intel® AMT profile.

To create an endpoint group, while logged in as a tenant administrator:

  1. In the Endpoint Groups section, click New endpoint group.
  2. Fill in the Group Name, Group Description, and Password fields, and then, under Group Policy, select all items.
  3. Click Save & Intel AMT autosetup.
  4. On the Save & Intel AMT autosetup screen, select the Enabled check box, and then make sure it shows your Intel® AMT profile and host-based provisioning (HBP) as the activation method.
  5. Enter the Administrator Password, and then click Save.

Figure 1. Enable Intel EMA users with execute rights on endpoints in an endpoint group.

Generate and Install Agent Installation Files

After you’ve created an endpoint group and defined the group policy for that group, you’ll generate a pair of files for installing the Intel® EMA agent on each machine in the group based on your endpoint group configuration.

  1. Select the appropriate Windows service (almost always the 64-bit version), and then click Download.
  2. Click Download beside the Agent policy file.

You’ll need those two files together—EMAAgent.exe and EMAAgent.msh—in order to install the agent on each endpoint machine in the group. (Note: If you need to rename the files, rename them so that they still match.) For an evaluation, you can install the Intel® EMA agent manually using the administrative command emaagent.exe -fullinstall. For production, you will most likely use the software distribution function from your systems-management tool.

Figure 2. Download the two files you'll need to install the Intel EMA agent on each endpoint machine in the endpoint group.

Learn more

To learn more about the Intel vPro® platform, Intel® AMT, and how to use Intel® EMA for remote device management, read the paper, “For IT: A how-to guide to the Intel vPro® Platform.”

Next in the How To vPro video series: How to create an Intel® AMT Profile in Intel® EMA.