Cisco is retiring the Umbrella Roaming Client. Instead the Cisco Secure Client should be used. CSC is used for VPN and other items also so it needs to be done without causing issues for VPN users.
I think the CSC deployment in IB should be updated so we can set Umbrella settings in it.
Hello! We use Cisco Umbrella and have a few clients that also Utilize Cisco VPN. I am 100% sure there is a better solution that what we use… for those who use Cisco VPN & those who do not – such as a flag stating that they use both which will tell the script to whether to run the VPN Config portion of the script for the CORE/VPN module or not, but I have not had the chance to focus on bettering that script – it is planned so that there is only one spot to update the software, but it is on backlog for us at the moment.
Here is how we have this deploying:
-Cisco DART is a separate software (we do this because we also have clients that do not Utilize Cisco VPN so I have the Umbrella software installing DART as a prereq as hinted above and have it applying to the Umbrella only & Umbrella w/VPN softwares, this will go away once the scripts are combined.)
-Cisco Umbrella/CORE(VPN) MSI installer files are packaged in a zip file & installed via script to show only the Cisco VPN & Umbrella modules. NOTE: This has to be updated manually as there is no where to pull the installers from as a dynamic version, but it’s easy to update.
-The install script installs the CORE & Umbrella modules so that both show
-The uninstall script uninstalls CORE/Umbrella/DART.
-There is a software config that requests the info to set the VPN Config file & the Umbrella info for install.
Let me know if you would like me to share the install/uninstall/config info, I can also provide some screenshots to show how I have it set up! 
If you’re still willing to share, I’d love to steal your scripts. Thanks!
Hi there! Been busy! Let me see if I can put this together for you. 
Please note: We have the Cisco AnyConnect/Umbrella hidden from the programs/software list on the devices. You can change that piece of the installer script if you are okay with that appearing. Because of this, the version detection screenshot below will not actually show any software listed.
ALSO: This is for the Umbrella Module & the VPN showing. If you don’t want the VPN to show, you can edit the installation file with the flag to hide it (Cisco’s webportal provides this). And then you just have to remove the bits in the Configuration about the HostName/HostAddress & remove that script.
Zip your CORE & Umbrella MSI files into a zip folder - this will be the software that you put into ImmyBot software creation & when updating the software.
SOFTWARE PAGE:
Software Info:
Version Detection:
Install/Uninstall:
NOTE: We were using the old version of the Cisco Umbrella Roaming client, so we have a pre-req to uninstall that old version. I also have the DART application installing here. Though, with some edits to the below installation script & leaving that MSI file in the ZIP folder, you can just have it install with everything else here.
Configuration Task:
NOTE: The configuration script above, is just the Global script that is available to everyone, so I will not be posting it here.
SCRIPTS:
Installation Script:
Invoke-ImmyCommand {
$InstallerFolder = $($Using:InstallerFolder)
$MSIFolder = Get-ChildItem -Path $InstallerFolder
$InstallerFolder = "$InstallerFolder\$MSIFolder"
$organizationId = $($Using:organizationId)
$fingerprint = $($Using:fingerprint)
$userId = $($Using:userId)
# Create a search pattern to find the MSI file, assuming the base file name starts with 'cisco-secure-client-win'
# allowing for any characters in between
$searchPattern = "cisco-secure-client-win-*.msi"
Write-Host "Installer folder: $InstallerFolder"
# Get all of the MSI files names using the pattern
$msiFiles = Get-ChildItem -Path $InstallerFolder -Filter $searchPattern
Write-Host "MSI Files: $msiFiles"
# Check that the MSI files are found
# Note: if you are adding any other modules including the DART module, you will need to change this number.
if (!($msiFiles.Count -eq 2)) {
throw "Expected MSI installers not found in $InstallerFolder"
}
# As we are looking for specific MSI files, we find them with the below scripts
# They are written to the console for debugging purposes.
$AnyConnectMSI = $msiFiles | ? {$_.FullName -like "*vpn*"}
Write-Host = "AnyConnect: $AnyConnectMSI"
$UmbrellaMSI = $msiFiles | ? {$_.FullName -like "*umbrella*"}
Write-Host = "Umbrealla: $UmbrellaMSI"
# Log file path is hardcoded as per the requirement
$logFilePath = "C:\programdata\Cisco-Secure-Client-output.log"
# Core AnyConnect VPN Application
try {
# Construct the command to run with the specified flags
$installCommandAC = "msiexec /package `"$InstallerFolder\$AnyConnectMSI`" /norestart /passive LOCKDOWN=1 /lvx* `"$logFilePath`""
# Execute the installation
Write-Output "Running installation command: $installCommandAC"
$executionResult = Start-Process -FilePath "cmd.exe" -ArgumentList "/c $installCommandAC" -Wait -PassThru
# Check the result of the installation
if ($executionResult.ExitCode -eq 0) {
Write-Output "Installation completed successfully."
# Install Umbrella Module if AnyConnect installed Successfully
Try {
# Construct the command to run
$installCommandU = "msiexec /package `"$InstallerFolder\$UmbrellaMSI`" /norestart /passive LOCKDOWN=1 ARPSYSTEMCOMPONENT=1 /lvx* `"$logFilePath`""
# Execute the installation
Write-Output "Running installation command: $installCommandU"
$executionResult = Start-Process -FilePath "cmd.exe" -ArgumentList "/c $installCommandU" -Wait -PassThru
# Check the result of the installation
if ($executionResult.ExitCode -eq 0) {
Write-Output "Installation completed successfully."
} else {
throw "Installation failed with exit code $($executionResult.ExitCode)."
}
# Define the paths directly
$umbrellaDirectory = 'C:\ProgramData\Cisco\Cisco Secure Client\Umbrella'
$orgInfoPath = "$umbrellaDirectory\OrgInfo.json"
Write-Host "Org ID: " $organizationId
Write-Host "Fingerprint: " $fingerprint
Write-Host "UserID: " $userId
# Construct the JSON content
$jsonContent = @{
organizationId = $organizationId
fingerprint = $fingerprint
userId = $userId
}
# Convert to JSON
$jsonData = ConvertTo-Json -InputObject $jsonContent -Depth 3
# Write the JSON data to OrgInfo.json
$jsonData | Set-Content -Path $orgInfoPath -Encoding utf8 -Force
} catch {
Write-Host "Installation of Umbrella module failed, exiting script."
exit
}
} else {
throw "Installation failed with exit code $($executionResult.ExitCode)."
}
} catch {
Write-Host "Installation of AnyConnect MSI failed, terminating script."
exit
}
}
Uninstall Script:
NOTE: This also uninstalls the DART app, you can always remove this as needed.
$Umbrella = "Cisco Secure Client - Umbrella"
$AnyConnect = "Cisco Secure Client - AnyConnect VPN"
$Dart = "Cisco Secure Client - Diagnostics and Reporting Tool"
$AnyConnectSoftware = Detect-Software -SoftwareSearchString $AnyConnect | ? {$_.UpgradeCode -ne ""}
$AnyConnectUpgrade = $AnyConnectSoftware | Select -ExpandProperty "UpgradeCode"
#Write-Host $AnyConnectSoftware
#Write-Host $AnyConnectUpgrade
#Try to Uninstall the Umbrella Module
Try {
Write-Host "Uninstalling: $Umbrella"
Uninstall-Software -DisplayName $Umbrella
#Try to Uninstall the DART Tool
try {
Write-Host "Uninstalling: $Dart"
Uninstall-Software -DisplayName $Dart
#Try to Uninstall the AnyCoonnect VPN Module
try {
Write-Host "Uninstalling: $AnyConnect"
Uninstall-Software -UpgradeCode $AnyConnectUpgrade
} catch {
Write-Host "$AnyConnect uninstall failed."
}
} catch {
Write-Host "$Dart uninstall failed."
}
} catch {
Write-Host "$Umbrella uninstall failed."
}
#Cleanup Files
Write-Host "Cleaning up Cisco Folders/Files."
Invoke-ImmyCommand {
$PDPath = "$($env:ProgramData)\Cisco"
$PFPath = "C:\Program Files (x86)\Cisco"
if (Test-Path $PDPath) {
Write-Host "$PDPath Exits"
Remove-Item -Path $PDPath -Recurse -Force -Confirm:$false
}
if (Test-Path $PFPath) {
Write-Host "$PFPath Exits"
Remove-Item -Path $PFPath -Recurse -Force -Confirm:$false
}
}
Hope this helps!!