Documentation

Autopilot Monitor gives IT admins real-time visibility into Windows Autopilot enrollment sessions. A lightweight agent runs on devices during enrollment and streams events to a web portal where you can watch progress, diagnose failures, and review historical sessions.

The agent supports Windows Autopilot and Autopilot Device Preparation (early testing) enrollment flows. User-Driven and Pre-Provisioned (aka White Glove) flows are supported.

Autopilot Monitor is currently in private preview. During the preview period access is granted after approval. See the Private Preview page for details on how to get started.

All session data is stored in our Azure environment — the backend runs as Azure Functions with Azure Table Storage. The agent communicates securely with our backend endpoint and all data remains under your control.

The agent is deployed through Intune as a bootstrapper PowerShell script. The Agent Setup guide walks you through the complete process.

No. The agent is designed to run only during the enrollment window. It automatically stops after the session completes or after an idle timeout. It does not run as a persistent background service.

The agent collects enrollment-related events: ESP phase transitions, app and script installations, registry changes, IME log entries, and performance snapshots. It does not collect personal user data, browsing history, or anything outside the enrollment process. See the Agent page for the full list of collected data.

The agent uses the MDM client certificate issued from your Intune MDM system. Every API call includes the certificate and device-identifying headers which the backend validates against your tenant's configuration. In addition the client is validated against your Intune tenant (registered as Autopilot device) to ensure it is belonging to your tenant before accepting any data. This ensures that only devices under your management can send data to the backend.

Gather Rules let you run custom diagnostic commands on devices during enrollment and collect the output centrally. For example, you can read specific registry keys, run PowerShell commands, or collect log files (Guardrails are applied). See the Gather Rules documentation for details and examples.

Analyze Rules automatically evaluate every enrollment session against configurable patterns and flag known issues — like a missing app, a failed policy, or an unexpected reboot. They surface problems with a clear description and suggested fix so you don't have to manually hunt through event timelines. Learn more on the Analyze Rules page.

Yes. Each session detail view has a diagnostics download option that bundles the relevant logfiles and gathered data into a downloadable package for offline analysis or sharing.

Check these common causes in order:

1. Ensure the device is registered in Intune as an Autopilot device.
2. Verify if the Hardware Model and Vendor are allowed in the Tenant Settings - Hardware Whitelist.
3. Confirm the device can reach your Azure Functions backend endpoint (no firewall/proxy blocking).
4. Review the agent log at %ProgramData%\AutopilotMonitor\Logs for error details.

This can happen when the completion signal is missed — for example if the device reboots before the agent can detect the final state. The session will automatically transition to a terminal state after the agent's max lifetime timer expires (default 6 hours). You can also manually mark it as success or failure from the session detail view.

Agent logs are stored at %ProgramData%\AutopilotMonitor\Logs on the device. These logs contain detailed information about the agent's startup, event collection, and communication with the backend.