Skip to main content

Prerequisites

  • Microsoft Intune admin access
  • Devices running Windows 10 1607+ or Windows 11, Microsoft Entra joined
Windows Home and S mode are not supported.

Deployment Methods

Intune supports two deployment methods. Choose based on your license:
  • Platform Script — available with all Intune licenses. Creates a Windows Scheduled Task for recurring scans.
  • Remediation — requires Intune P2 (or add-on). Intune handles scheduling natively; no scheduled task is created on the device.

Deployment Steps

1

Get Deployment Artifacts

In the Runlayer dashboard, go to SettingsShadow MCPs and open or create a Detect configuration to copy the generated script and API key. Select your deployment method (Platform Script or Remediation) when generating the script.
2

Add Script in Intune

  • Open the Intune admin center
  • Go to Devices > Scripts and remediations > Platform scripts
  • Click Add > Windows 10 and later
  • Upload the generated script
  • Set Run this script using the logged on credentials to Yes
  • Set Run script in 64-bit PowerShell host to Yes
3

Assign to Groups

Select the device groups that should receive Detect scans, then click Add.

How It Works

The Intune platform script runs once per device and acts as a bootstrapper:
  1. Installs the Runlayer CLI and stores credentials
  2. Runs the scan command immediately
  3. Creates a Windows Scheduled Task for recurring execution
The scheduled task (RunlayerAIWatch) runs on the configured interval (default: 60 minutes) and automatically updates the Runlayer CLI when new versions are available.
The scheduled task runs as the logged-on user. Scans only occur while a user is signed in.

Verification

Monitor script status in Devices > Scripts and remediations > Platform scripts.To verify the scheduled task is running, open Task Scheduler on the device and look for RunlayerAIWatch. Logs are at %ProgramData%\Runlayer\ai_watch_detect.log.

Troubleshooting

  • Ensure the device is Microsoft Entra joined (not just registered)
  • Check that the Intune Management Extension service is installed
  • Verify the device can reach https://pypi.org
  • Review logs in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs
  • Check %ProgramData%\Runlayer\ai_watch_detect.log for errors
  • Verify the organization API key is correct and not revoked
  • Ensure the device can reach your Runlayer instance
  • Verify the organization API key is correct
  • Check if the key has been revoked in Runlayer Settings > API Keys
  • Open Task Scheduler and check RunlayerAIWatch status
  • Verify the recurring script exists at C:\ProgramData\Runlayer\Scripts\
  • Check logs at %ProgramData%\Runlayer\
  • The task only runs while the user is logged in
  • Check %ProgramData%\Runlayer\ai_watch_detect.log for errors
  • A non-compliant status means the scan failed — check network connectivity and credentials
  • Verify the device can reach your Runlayer host