Navigation

Documentation

Agent Setup via Intune

The Autopilot Monitor agent is deployed to devices using a PowerShell bootstrapper script distributed as an Intune Platform Script. The script downloads, installs, and registers the agent automatically — no manual steps on the device are required.

Safe to assign broadly — already-enrolled devices are not affected

Before installing anything, the bootstrapper runs a series of pre-requisite checks. The agent is only installed when all checks pass. Devices that do not meet the criteria are skipped silently.

  • No previous deployment: A registry marker HKLM:\SOFTWARE\AutopilotMonitor\Deployed is the only artifact that survives agent self-destruct — everything else is removed. This marker acts as a critical security gate that permanently prevents repeated execution of the bootstrapper and agent on the same device.
  • No real user profiles: Combines WMI ( Win32_UserProfile.Special ) and filesystem checks under C:\Users — system profiles (defaultuser*, Public, Default) are excluded. Real user profiles indicate the device is already in productive use.
  • No previous user logon: Checks LastLoggedOnUser in the LogonUI registry — during Device ESP no real user has logged on yet. A real username indicates the device has been used interactively.
  • Within bootstrap window: Device uptime must be under 12 hours. Prevents installation on devices that have been sitting powered on without completing enrollment. Sleep and standby do not reset this timer.
  • Agent not already installed: If the agent binary is already present at the expected path, the script skips re-installation.

The agent is temporary by design: once the Autopilot enrollment completes, the agent uninstalls itself and removes the scheduled task. It only exists on the device for the duration of the enrollment process.

Test it yourself: Dry-run before deployment

Want to verify which devices would receive the agent? Run this read-only check in PowerShell on any machine — it evaluates all bootstrap guards and transparently reports the install decision. No changes are made, only read operations:

irm 'https://autopilotmonitor.blob.core.windows.net/agent/Test-ShouldBootstrapAgent.ps1' | iex
Test-ShouldBootstrapAgent.ps1Raw script
  1. 1

    Download the bootstrapper script

    Download the PowerShell script that installs and configures the Autopilot Monitor agent:

    Install-AutopilotMonitor.ps1Raw script
  2. 2

    Create a Platform Script in Intune

    In the Microsoft Intune admin center, navigate to Devices → Scripts and remediations → Platform scripts and click + Add → Windows 10 and later.

    Recommended script settings:

    Name: Install Autopilot Monitor

    Script: Upload the downloaded .ps1 file

    Run this script using logged on credentials: No

    Enforce script signature check: No

    Run script in 64-bit PowerShell: Yes

  3. 3

    Assign to a device group

    Assign the script to the device group that covers your Autopilot-enrolled devices. The two most common choices are:

    • All devices — built-in Intune group, covers every managed device
    • A dynamic Azure AD group for Autopilot devices using the membership rule (device.devicePhysicalIds -any _ -startsWith "[ZTDId]") — targets only Autopilot-registered hardware

    The "All Autopilot devices" dynamic group is preferred if you want to limit telemetry to Autopilot-enrolled hardware only.

  4. Done

    Once the script runs on a device, the agent installs itself, creates a scheduled task under SYSTEM, and begins monitoring the Autopilot enrollment immediately. Sessions will appear in your dashboard within seconds of the agent starting.