Prerequisites
- Microsoft Intune admin access
- Enrollment key from Runlayer
- Devices running Windows 10 1607+ or Windows 11, Microsoft Entra joined
Creating an Enrollment Key
Creating an Enrollment Key
Enrollment keys allow devices to automatically register with Runlayer and obtain API credentials.
Navigate to Enrollment Keys
Go to Settings in the Runlayer dashboard and select the Enrollment Keys tab
Configure the Key
- Name (required): Enter a descriptive name (e.g., “Production MDM”)
- Description (optional): Add context about the key’s purpose
Windows Home and S mode are not supported.
Deployment Steps
Generate the Script
Fill in your settings below to generate a deployment script.
ENROLLMENT_USERNAME: Leave empty to use%USERNAME%.ENROLLMENT_DEVICE_NAME: Leave empty to use%COMPUTERNAME%.
Add Script in Intune
- Open the Intune admin center
- Go to Devices > Scripts and remediations > Platform scripts
- Click Add > Windows 10 and later
- Upload the generated script
- Set Run this script using the logged on credentials to Yes
- Set Run script in 64-bit PowerShell host to Yes
Verification
Monitor script status in Devices > Scripts and remediations > Platform scripts. On a target device, open a client (e.g., Cursor) and confirm the synced MCP servers appear. If something went wrong, check%ProgramData%\RunlayerSync\runlayer-sync.log.
Troubleshooting
Script not running
Script not running
- Ensure the device is Microsoft Entra joined (not just registered)
- Check that the Intune Management Extension service is installed
- Verify the device can reach
https://pypi.org
Script reports success but no config changes
Script reports success but no config changes
- Check
%ProgramData%\RunlayerSync\runlayer-sync.logfor errors - Verify the enrollment API key is correct and not revoked
- Confirm servers have auto-sync enabled in the Runlayer dashboard
Enrollment fails with 401
Enrollment fails with 401
- Verify the enrollment API key is correct
- Check if the key has been revoked in Settings > Enrollment Keys