Navigation

  • Home

    • Documentation

    Agent Changelog

    User-facing changes to the Autopilot Monitor agent, newest first. Only includes changes that affect agent behavior on the device.

    May 2026

    • Agent V2 is now the primary production line — V2 replaces V1 as the default install. Existing V1 devices keep working; new installs ship the V2 build (bootstrap script and binary renamed from .V2 to standard)
    • Health Scripts lifecycle monitoring — detection, remediation, and post-remediation phases are each captured as separate timeline events with a live "script running" indicator before the result lands
    • Apps still installing when ESP-Apps times out are flagged as "likely stuck" instead of disappearing from the timeline — admins now see the app name and a hedged outcome
    • ASR / EDR-blocked install handoff no longer strands devices — runtime spawn fails soft and the BootTrigger task picks the agent back up on next reboot
    • Hello-disabled enrollments now complete reliably — the Classic v1 path no longer deadlocks waiting for a Hello signal that will never arrive (previously ran into the 6h max-lifetime timer)
    • AccountSetup must truly succeed before Hello can trigger completion — prevents premature enrollment_complete when AccountSetup actually failed
    • Hybrid User-Driven (HAADJ) enrollment-completion gaps closed — more completion paths recognized, fewer sessions stuck in the timeout fallback
    • TPM PSS unsupported is reported as a distinct distress reason — older devices (e.g. Surface Book 1 with 2015-era Infineon TPM firmware) that can't do RSA-PSS now get a clear failure category instead of a generic Schannel error
    • Intune dual-stack certificate selection fix — on devices with both MDM and MMP-C client certs, the agent now picks the correct Microsoft Intune MDM Device CA cert and avoids backend chain-validation rejection
    • Client certificate rejections surface with structured backend warnings and V2 distress cert-context (thumbprint, subject, issuer, validity) — easier to diagnose mTLS auth failures
    • Tenant ID resolution falls back to the CloudDomainJoin registry (TenantInfo + JoinInfo) when the Enrollments key is empty — covers pre-Type-6 enrollments and MS-Organization-Access cert paths
    • Event-driven Tenant ID wait via RegistryWatcher — agent reacts to registry changes during pre-enrollment instead of polling
    • Desktop Arrival Detector liveness signals (started / first-poll / no-candidate) help distinguish "agent dead post-reboot" from "user never logged in" in sessions that time out without a desktop_arrived
    • Detailed shutdown reasons — when the agent exits unexpectedly (Ctrl+C, process exit, unhandled exception, runtime host exit) the cause is recorded in the timeline
    • Prior-run crash is surfaced in the next session via a "death rattle" event, so a mid-enrollment agent crash is visible instead of silently lost
    • V2 diagnostics ZIP is size- and count-capped with streaming output — no more multi-gigabyte uploads on long or noisy sessions
    • Diagnostics ZIP now includes the State and Spool folders for richer post-mortem analysis
    • Agent log files rotate at a size cap — no unbounded growth on long-running devices
    • New "Submit Logs" page — admins can upload diagnostics files for analysis even when no active session exists on the device
    • Delivery Optimization breakdown adds MCC (Microsoft Connected Cache) and LinkLocal sources across download_progress and do_telemetry events
    • Software inventory now correctly enumerates Azure AD and personal MSA user profiles (these SIDs were previously skipped)
    • Hardware spec event reports VM detection — security analyze rules skip VMs to avoid false-positive vulnerability reports
    • Bootstrap --install mode preserves an existing bootstrap-config.json instead of clobbering customer settings on re-install
    • Optional "enrollment started" webhook fires at session registration — opt-in notification at the very start of an enrollment

    April 2026

    • Delivery Optimization monitoring — agent tracks Windows DO download activity (OS level) during app installs and reports download performance metrics per application
    • ConfigMgr co-management detection — agent detects Configuration Manager client presence and reports co-management status with confidence scoring
    • Non-whitelisted hardware detection with optional admin alerts when devices with unapproved hardware models enroll
    • IME version change tracking — Intune Management Extension version updates are recorded
    • Hello for Business skip detection — agent now distinguishes between Hello setup being completed, timed out, or explicitly skipped
    • User-profile-aware diagnostics — gather rules and diagnostics log paths can reference the logged-on user profile directory
    • Improved vulnerability matching accuracy using fuzzy Jaro-Winkler scoring
    • Faster agent startup through optimized initialization flow
    • ESP provisioning status verification before enrollment completion — agent checks category outcomes and waits up to 30s for pending results to settle
    • Structured error codes (exit codes, HRESULT) extracted from IME log patterns and included in timeline events
    • Dual-hash integrity verification — ZIP package hash checked at download, separate EXE hash verified at runtime against backend to detect post-installation tampering
    • Vulnerability matching improvements — confidence levels, platform-aware filtering, and exclude patterns for more accurate reports
    • Vulnerability reports now available during pre-provisioning (White Glove) sessions
    • More reliable enrollment summary dialog launch with desktop fallback strategy
    • PowerShell script output is now fully captured in the timeline (multi-line output was previously truncated)
    • More reliable bootstrap and download handling with improved timeout and rate-limit behavior
    • Agent reports self-update events so updates are visible in the session timeline
    • Emergency channel — agent can send distress signals when it detects critical failures
    • ESP "resumed" event is now only emitted for Hybrid Join scenarios (avoids noise on other paths)
    • Improved crash recovery — completion state is persisted so the agent can resume correctly after an unexpected restart

    Late March 2026

    • Agent crash detection — crashes are automatically detected and reported to the backend
    • SHA-256 integrity verification for agent downloads (bootstrapper + self-updater verify hash before install)
    • Reboot tracking — reboots during enrollment are now tracked and visible in the timeline
    • NTP time sync check with clock skew warning when device time is significantly off
    • Automatic timezone detection and configuration
    • SecureBoot certificate collection for security posture reporting
    • IME process watcher — detects when the Intune Management Extension starts or stops
    • Network change detection — captures network adapter changes during enrollment
    • Agent self-update mechanism — outdated agents in the field update themselves automatically
    • Unrestricted mode option (per-tenant) to disable most guard rails
    • Notification system reworked — supports Teams (legacy + Workflow), Slack, and custom webhooks

    Mid March 2026

    • Software inventory collection with automatic vulnerability correlation (CVE matching)
    • Hardware specification event — detailed hardware info collected and reported
    • Agent shutdown event — clean shutdown is now explicitly tracked
    • Postponed app detection and handling during enrollment
    • Self-deploying mode detection and event tracking
    • Enrollment summary dialog shown on the device after enrollment completes
    • ESP provisioning status tracking — catches non-IME errors like certificate failures
    • PowerShell script execution tracking during enrollment
    • Clock skew detection with geo-location failure reporting
    • Community analyze rules support

    Early March 2026

    • Bootstrap session support — monitoring starts before MDM enrollment (during OOBE)
    • ESP configuration detection — identifies ESP settings on the device
    • TPM info collection for device details
    • Activity-aware idle timeout replaces fixed 4-hour collector limit (default: 15 min idle)
    • Reliable session end-detection for all deployment scenarios (user-driven, pre-provisioning, hybrid)
    • Network performance data collection (latency, throughput)
    • Geographic location support via IP-based lookup
    • Emergency break — remote kill switch to stop agents
    • Automatic retry on transient backend errors
    • Custom User-Agent header for easier firewall allowlisting
    • ESP state tracking via registry watcher
    • XML and JSON file gathering in diagnostics
    • Configurable --await-enrollment parameter for pre-enrollment wait

    Late February 2026

    • Pre-Provisioning (White Glove) support — full end-to-end monitoring of pre-provisioning sessions
    • mTLS for all agent-to-backend communication (consolidated endpoints)
    • Diagnostics SAS URL fetched on-demand — no longer stored on disk
    • Max collector duration policy (configurable per tenant)
    • Diagnostics package upload from device
    • Configurable reboot-on-complete and keep-logfile options via remote config
    • Configurable diagnostics log paths (global + per-tenant)
    • Lenovo model detection fix (WMI query)

    Mid February 2026

    • Windows Autopilot v2 (Device Preparation) support
    • GatherRules guard rails — prevents collection of overly broad paths
    • IME log replay for testing and demos (--replay-log-dir)
    • Agent state persistence — survives reboots and resumes monitoring
    • Embedded Intune root + intermediate certificates for chain validation
    • OS info and boot time collection
    • Hello screen detection improvements
    • Download progress tracking

    Early February 2026

    • Initial agent release
    • Real-time enrollment telemetry (IME log parsing, ESP phases, app installs)
    • Geolocation support for enrollment sessions
    • Hello screen detector for enrollment completion
    • Reboot-on-complete support
    • Session ID persistence across agent restarts
    • Bootstrap token authentication for pre-MDM scenarios