Documentation

Agent Setup via Intune

The Autopilot Monitor agent is deployed to devices using a PowerShell bootstrapper script distributed as an Intune Platform Script. The script downloads, installs, and registers the agent automatically — no manual steps on the device are required.

Safe to assign broadly — already-enrolled devices are not affected

Before installing anything, the bootstrapper runs a series of pre-requisite checks. The agent is only installed when all checks pass. Devices that do not meet the criteria are skipped silently.

✓No previous deployment: A registry marker HKLM:\SOFTWARE\AutopilotMonitor\Deployed is the only artifact that survives agent self-destruct — everything else is removed. This marker acts as a critical security gate that permanently prevents repeated execution of the bootstrapper and agent on the same device.
✓No real user profiles: Combines WMI ( Win32_UserProfile.Special ) and filesystem checks under C:\Users — system profiles (defaultuser*, Public, Default) are excluded. Real user profiles indicate the device is already in productive use.
✓No previous user logon: Checks LastLoggedOnUser in the LogonUI registry — during Device ESP no real user has logged on yet. A real username indicates the device has been used interactively.
✓Within bootstrap window: Device uptime must be under 12 hours. Prevents installation on devices that have been sitting powered on without completing enrollment. Sleep and standby do not reset this timer.
✓Agent not already installed: If the agent binary is already present at the expected path, the script skips re-installation.

The agent is temporary by design: once the Autopilot enrollment completes, the agent uninstalls itself and removes the scheduled task. It only exists on the device for the duration of the enrollment process.

Test it yourself: Dry-run before deployment

Want to verify which devices would receive the agent? Run this read-only check in PowerShell on any machine — it evaluates all bootstrap guards and transparently reports the install decision. No changes are made, only read operations:

irm 'https://autopilotmonitor.blob.core.windows.net/agent/Test-ShouldBootstrapAgent.ps1' | iex

Test-ShouldBootstrapAgent.ps1 Raw script

1
Download the bootstrapper script
Download the PowerShell script that installs and configures the Autopilot Monitor agent:
Install-AutopilotMonitor.ps1 Raw script
2
Create a Platform Script in Intune
In the Microsoft Intune admin center, navigate to Devices → Scripts and remediations → Platform scripts and click + Add → Windows 10 and later.
Recommended script settings:
Name: Install Autopilot Monitor
Script: Upload the downloaded .ps1 file
Run this script using logged on credentials: No
Enforce script signature check: No
Run script in 64-bit PowerShell: Yes
3
Assign to a device group
Assign the script to the device group that covers your Autopilot-enrolled devices. The two most common choices are:
- •All devices — built-in Intune group, covers every managed device
- •A dynamic Azure AD group for Autopilot devices using the membership rule (device.devicePhysicalIds -any _ -startsWith "[ZTDId]") — targets only Autopilot-registered hardware
The "All Autopilot devices" dynamic group is preferred if you want to limit telemetry to Autopilot-enrolled hardware only.
✓
Done
Once the script runs on a device, the agent installs itself, creates a scheduled task under SYSTEM, and begins monitoring the Autopilot enrollment immediately. Sessions will appear in your dashboard within seconds of the agent starting.