# Worker
{% hint style="success" %}
**Enterprise Feature** — **Enterprise Feature** — This extension is available exclusively on the Enterprise license. Once activated, it becomes available in your frontend.
{% endhint %}
## What is the Worker?
Imagine having a dedicated assistant watching over your Microsoft Intune environment around the clock — checking for problems, generating reports, and sending you updates — all without you having to lift a finger.
That's exactly what the **IntuneAssistant Worker** is.
It's a lightweight service that you deploy once, directly into **your own Azure subscription**. From that moment on, it runs in the background, executing the tasks you configure, on the schedule you choose, and reporting back to you automatically.
No manual checks. No logging in every morning to see if something changed. No surprises.
## Why You Need It
Managing Intune manually is time-consuming. Policies drift. Configurations change. Audits are overdue. And by the time you notice, the damage is already done.
The Worker eliminates that reactive cycle. Instead of you going to look for problems, **the Worker finds them and comes to you**.
{% hint style="info" %}
**Real-world example:** You set up a Configuration Drift Monitor on Monday. On Thursday, someone changes a security policy. On Friday morning, you receive a detailed email report listing exactly what changed, and what the original baseline was. You didn't have to do anything, just create a job.
{% endhint %}
## What Can the Worker Do?
The Worker executes jobs as a managed identity with the permissions you configure. You define the job, set the schedule, and the Worker takes care of the rest.
{% tabs %}
{% tab title="Audit Reports" %}
#### Intune & Entra Audit Reports
Automatically generate detailed audit reports for your Microsoft Intune and Entra ID environment and have them delivered directly to your inbox.
* Schedule reports **daily, weekly, or monthly**
* Receive them as formatted HTML reports via email
* Always have an up-to-date audit trail without manual exports
* Perfect for compliance reviews and management reporting
{% endtab %}
{% tab title="Configuration Drift Monitor" %}
#### Configuration Drift Monitoring
This is the Worker's most powerful feature. It continuously monitors your Intune configuration policies against a saved baseline and **immediately alerts you when something changes**.
* Detects **unauthorized or accidental policy changes**
* Shows exactly which settings drifted and what the original value was
* Sends a rich HTML report directly to the recipients you configure
* Can be configured to **only alert when drifts are found** — no noise, only signal
* Gives you a full history of active and resolved drifts
No more end-of-quarter surprises. Know the moment your environment changes.
{% endtab %}
{% tab title="🔧 Coming Soon" %}
#### On the Roadmap
The Worker is built to grow. Upcoming job types include:
* **Compliance Reports** — Scheduled device compliance summaries
* **Script analysis** — Checks scripts content and finds unwanted code
* **Security Reports** — Automated security posture snapshots
* **Automated Remediation** — Let the Worker fix common issues automatically
New job types are added with every release and automatically available to your Worker through the auto-update feature.
{% endtab %}
{% endtabs %}
## Your Data Stays Yours
This is important and sets the Worker apart from cloud-only solutions.
The Worker runs **inside your own Azure subscription**. It uses your own managed identity to connect to Microsoft Graph. Your Intune data is fetched, processed, and reported on — all within the boundaries of your own environment in that worker.
> **IntuneAssistant never sees your raw Intune data.** The Worker operates autonomously in your tenant using your own Azure permissions.
This makes the Worker an excellent fit for organizations with strict data residency requirements or internal security policies around third-party data access.
## Deploy in Minutes from Azure Marketplace
Getting started is designed to be as frictionless as possible.
1. **Deploy from the Azure Marketplace** — Select your Azure subscription, resource group, and pricing tier. That's it.
2. **The Worker registers itself** — On first start, it automatically contacts IntuneAssistant and registers for your account.
3. **Activate with your license key** — Enter your Enterprise license key in the Worker dashboard to activate it.
4. **Configure your first job** — Set up a scheduled job from the IntuneAssistant portal and the Worker picks it up automatically.
From zero to automated monitoring in under 10 minutes.
{% hint style="warning" %}
**Important after deployment:** To ensure only users from your organization can access the Worker dashboard, enable Microsoft authentication in Azure Portal → App Services → your Worker → Authentication. This takes 30 seconds and is strongly recommended.
{% endhint %}
## Always Up to Date
The Worker keeps itself current. When a new version is released, it updates automatically during its next maintenance window — no manual intervention required. You can also control the update behaviour:
* **Enable or disable auto-update** from the Worker dashboard
* Choose between update rings for controlled rollouts
* View the currently installed version at any time
## The Worker Dashboard
Every Worker comes with a built-in web dashboard, accessible at your Worker's Azure URL. From there you can:
| What you see | What it means |
| ----------------------- | ------------------------------------------------------- |
| **Registration status** | Whether your Worker is activated and ready |
| **Last heartbeat** | When the Worker last checked in (should be minutes ago) |
| **Scheduled jobs** | All configured jobs and their next scheduled run time |
| **Sender email** | The email address used to send job reports |
| **Worker version** | Currently installed version |
## Frequently Asked Questions
Do I need to keep the Worker running at all times?
Yes — the Worker is a continuously running service hosted on Azure App Service. It polls for jobs every few minutes and sends heartbeats to confirm it's alive. As long as your App Service is running, the Worker is working.
What happens if the Worker goes offline?
Scheduled jobs that were due while the Worker was offline will be picked up and executed shortly after it comes back online. The Worker is resilient to short outages.
Can I have multiple Workers?
Each activated Worker is tied to one license. If you manage multiple tenants or need Workers in separate Azure regions, you can deploy and license additional Workers from your IntuneAssistant account.
How do I know a job actually ran?
Every job sends you an email report upon completion. You can also view the last run time and next scheduled run for every job directly in the Worker dashboard.
What Azure resources does the Worker use?
The Worker deploys an **App Service** with an App Service Plan into your Azure subscription. The size (and therefore cost) of the App Service Plan is chosen by you at deployment time. A Basic B1 plan (\~€11/month) is sufficient for most environments.
Do I need extra permissions?
Yes, you need to be an active Intune Administrator
## Ready to Get Started?
{% hint style="success" %}
Don't have an Enterprise license yet? [Upgrade your plan](https://intuneassistant.cloud/plans) to unlock the Worker and all other Enterprise features.
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.intuneassistant.cloud/extensions/worker.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.