Changelog

Completion state machine, SLA & App Health dashboards, Ops Alerts, and Device Preparation groundwork

• •Session completion state machine — The agent soon uses a dedicated CompletionStateMachine that combines multiple signals (ESP final exit, Hello, Desktop arrival) to decide when an enrollment is truly done. This fixes several cases where WhiteGlove and Hybrid Join sessions were misclassified or never marked complete.
• •SLA tracking dashboard — New SLA monitoring page with per-tenant configuration and notification support when SLAs are breached.
• •App Health dashboard — New global view of app deployment health with scoped drill-downs and a configurable column picker.
• •Ops Events & Ops Alerts — Operational event log plus admin alerts for backend health, blob storage, runaway sessions, and excessive event counts per session.
• •Agent emergency / distress channel — A separate low-overhead channel so the agent can still report critical errors when the normal telemetry path is impaired.
• •Enhanced analyze rule engine — New in / not_in compare operators, MarkSessionAsFailed action, template variables, per-rule stats card, and a new ESP certificate-error analyze rule (ANALYZE-ESP-002).
• •Delivery Optimization — OS-level DO collector, P2P totals in download progress, and DO usage stats in the geographic drill-down.
• •Vulnerability matching improvements — Fuzzy (Jaro-Winkler) CPE matching, confidence levels, data freshness indicators, CVE mapping column in the vulnerability report, and WhiteGlove sessions now also get a vulnerability report.
• •Device Preparation (WDP v2) groundwork — The agent now distinguishes Classic vs v2 Autopilot flow, and a device-association validator was added on the backend. Device Preparation support is still in active validation.
• •IME version history — Intune Management Extension version history is tracked and surfaced via MCP; agents running on outdated IME versions trigger an alert.
• •Known Issues page — Dedicated docs page for ongoing issues (replaces the inline list that used to live in this changelog).
• •MCP server — Stateless endpoint, tools split into domain modules, new ops-events tool, tool-call telemetry, improved semantic + keyword search, and an integration test suite.
• •Security hardening — Centralized tenant-isolation middleware, OData sanitizer, hardened agent config endpoint, cross-tenant fallback fixes, session-aware auto-unblock, and additional request-size / integrity guards on the self-update path.
• •Web performance & refactor — Lazy session loading, response compression, more parallel fetches, and a large internal restructuring of the web app into hooks and utils for easier maintenance.
• •Bugfixes & UX polish — Quick search, bootstrap scripts, webhook notifications, WhiteGlove timeline rendering, phase-timeline regressions, report upload size, summary dialog launch fallback, NTP / timezone defaults, and many more small fixes.

Updated bootstrapper script, agent crash detection, and quick search

• ⚠Updated bootstrapper script (action recommended) — The bootstrapper script (Install-AutopilotMonitor.ps1) now uses SHA-256 integrity verification for agent downloads instead of MD5. If you deployed the script via Intune, it is recommended to replace it with the latest version from the repository for improved security.
• •Agent crash detection — The agent now detects and reports unexpected crashes with automatic recovery. Platform-level metrics (CPU, memory, disk) are collected alongside enrollment events for better diagnostics.
• •Global quick search — A fuzzy search across sessions, devices, and users is now available from the navigation bar for fast lookups.
• •Rate limiting — Per-user request rate limiting protects the backend from excessive API usage.
• •Bugfixes — Vulnerability report rescan persistence, orphaned session handling, timezone parsing, and NTP clock-skew warnings improved.

Software inventory & vulnerability analysis, new agent signals, and settings overhaul

• •Software Inventory & Vulnerability Analysis — The agent now discovers installed software across Registry, WMI, AppX/MSIX, and per-user sources and correlates it against NVD and CISA KEV databases. The dashboard shows a vulnerability report with CVSS scores and severity levels. Includes 240+ curated CPE mappings and strict AppX whitelist filtering.
• •SecureBoot & time sync — The agent collects SecureBoot certificate details (with a new analyze rule), auto-detects the timezone, and checks NTP offset to catch time-related enrollment failures.
• •Security hardening — Request size limits on all submission endpoints and symlink detection in diagnostic paths guard against DoS and path-traversal attacks.
• •Settings reorganization — The sidebar now uses expandable sections for a cleaner navigation. Tenant settings were restructured and consolidated.
• •OOBE Config viewer — A modal dialog decodes the OOBE configuration bitmask, showing each bit flag with description and confidence level, and detects the enrollment profile type.
• •FAQ page — New Docs section covering supported scenarios, deployment, agent capabilities, and troubleshooting.

Navigation overhaul, session architecture, new agent signals, and community rules

• •Unified sidebar — The entire navigation has been redesigned with a global sidebar. The old top nav is gone; settings and admin areas now have their own sidebar sections. Mobile layout also reworked.
• •Session index table — Session storage has been fundamentally re-architected for better scalability and reliability.
• •New agent signals — The agent now reports agent_shutdown (clean shutdown), hardware_spec (hardware inventory at enrollment), network interface changes, and clock skew deviations for better diagnostics.
• •Self-deploying mode detection — The agent now automatically detects self-deploying scenarios and tracks the enrollment finalization process with dedicated events.
• •Notification providers — The webhook notification system now supports three providers: Teams Legacy, Teams Workflow, and Slack — selectable per tenant.
• •Community rules — A community rule set for gather and analyze rules has been added. Rules now have a JSON view, severity override, and centralized guardrails. New local admin analyze rule included.
• •Geographic drill-down — The geographic performance view now supports drill-down to region and country level.
• •Mark as success — Sessions can now be manually marked as successful, e.g. after manually resolved enrollments.
• •Feedback system — An integrated feedback system with admin management allows direct feedback from within the portal.
• •Tenant settings UX — The central save button in tenant settings has been replaced with individual section save buttons. A new Unrestricted Mode option disables most guardrails per tenant request.
• •Docs expanded — New general documentation section, IME pattern explanation, and a public sites sidebar added.
• •Backend reliability — Improved cache invalidation and retry logic for transient errors.

Security architecture, session timeline improvements, and new agent capabilities

• •Role-based access control — Admin and Operator roles with role management in Settings. API authorization and policy enforcement middleware ensure proper access control across all endpoints.
• •Agent self-update — Agents can now update themselves automatically, ensuring outdated versions in the field get replaced without manual intervention.
• •Bootstrap sessions — New bootstrap session flow with explicit token enablement for initial device onboarding. (support for bootstrap tokens enabled by request)
• •Raw event timeline — A new raw view of the event timeline with full search support, useful for deep-dive troubleshooting.
• •Enrollment summary dialog — Optional summary dialog shown at the end of enrollment, with event timeline search and clickable phases in the phase tracker.
• •Original ESP tracking — The agent now tracks the original ESP provisioning status to catch non-IME errors such as certificate failures.
• •Analyze & gather rules — Added negative compare operators for analyze rules, XML and JSON gather options, and a built-in “old OS version” warning rule.
• •Email notifications — Email notification (Welcome and instructions) for Joining the Private Preview.
• •Agent version management — Block specific agent versions from connecting, along with expanded data retention configuration options.
• •Install progress — The agent install progress page now shows download and install phases with elapsed time.
• •TPM info collection — TPM details are now collected at enrollment time for improved hardware diagnostics.
• •Firewall compatibility — The agent now sends a dedicated User-Agent header to simplify firewall allowlisting.

Ongoing improvements to Pre-Provisioning support (still testing)

I'm continuously improving support for Pre-Provisioning (White Glove) scenarios. The session timeline should now better reflect the provisioning process better, and I'm working on improving the accuracy of event categorization and timing for these sessions. If you are using Pre-Provisioning and notice any discrepancies in the timeline or data, please share your Feedback with me via GitHub Issues. Your feedback is invaluable in helping me enhance support for these scenarios. Expect a "Report Session" button in the timeline view soon to make sharing feedback and logs easier!

Configurable Diagnostic Package, Gather Rule Examples, Updated Docs

The configurable diagnostic package allows for more flexible data collection and analysis. Gather rule examples have been added to help users understand how to create their own rules. Documentation has been updated to reflect these changes and provide guidance on using the features.

First implementation of Pre-Provisioning support incl. session timeline visualization

The session timeline now also supports sessions that started with Pre-Provisioning (aka White Glove) — including the provisioning process itself. This is a first implementation and only tested with a very basic scenario, so if you use Pre-Provisioning and see anything that looks off in the timeline, please check the logs and share them via GitHub Issues.

Reworked real-time event delivery and session timeline processing

The way live session events reach the dashboard timeline was fundamentally reworked. This should make the timeline more reliable and accurate.