# Installation

### Prerequisites

Before you install the Intune Assistant worker make sure you have this in place:

* A valid Azure Subscription: the Intune Assistant consumes Azure credits, make sure you have a subscription with a valid payment method
* Proper permissions, you deploy resources, you need at least contributor permission at subscription or existing resource group level

{% hint style="warning" %}
The Intune Assistant Worker is a paid service and will be charged above the Azure consumption.
{% endhint %}

{% stepper %}
{% step %}

### Go to the Azure Marketplace

The first step is going to the Azure Marketplace.

<figure><img src="/files/bnmdvJCotcCdfVHBDudP" alt=""><figcaption></figcaption></figure>

This takes about 30 seconds:

1. Go to **Azure Portal**
2. Navigate to **Azure Market Place**
3. Search for Intune Assistant Worker
4. Select the plan
5. Click **Create**

{% endstep %}

{% step %}

### Fill in deployment values

The values represents the following:

* Subscription and resourcegroup: the place where you deploy the resources
* Region: Normally you pick the nearest region. The Intune Assistant API itself runs in West Europe
* Worker name: must be globally unique and is the name where you connect to later
* Microsoft Tenant ID: Is your own tenant ID
* Notification Email: Provide the email adress to get notified about when the installation is finished.&#x20;

<figure><img src="/files/xRo3avcM8aWQgO5b5zht" alt=""><figcaption></figcaption></figure>

{% endstep %}

{% step %}

### Select Worker Configuration

The worker uses an Azure App service. Select the wanted App Service plan. The basic plan B1 is enough for basic use like running tasks once a day.

{% endstep %}

{% step %}

### Start Deployment

Click on the create button to start deployment.
{% endstep %}
{% endstepper %}

That's it. From now on, only users signed in with your organization's Microsoft account can access the Worker dashboard

## Finish Installation

After deploying the Worker from the Azure Marketplace, there are a few steps to complete before it's fully operational. None of them take long — most users are up and running within 15 minutes.

{% hint style="info" %}
**Where is my Worker dashboard?**\
You can find the URL in the deployment confirmation email, or go to the **Azure Portal → Resource Groups → your Worker resource group → App Service** and click the **Default domain** link.
{% endhint %}

{% stepper %}
{% step %}

### Secure Your Dashboard (Recommended)

Your Worker has a built-in web dashboard. By default, anyone with the URL can view it. We strongly recommend restricting access so that only users from your own organization can open it.

This takes about 30 seconds:

1. Go to **Azure Portal**
2. Navigate to **App Services** → select your Worker
3. In the left menu, click **Authentication**
4. Click **Add identity provider**
5. Select **Microsoft**
6. Under **Tenant type**, choose **Workforce configuration (current tenant)**
7. Click **Add**

That's it. From now on, only users signed in with your organization's Microsoft account can access the Worker dashboard.

{% hint style="warning" %}
Skipping this step means anyone who knows your Worker's URL can view its status. The dashboard is read-only and does not expose your Intune data, but securing it is still best practice.

For more information about securing your web application check: <https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization#identity-providers>
{% endhint %}
{% endstep %}

{% step %}

### Set a Sender Email (Optional)

When the Worker sends you job reports (audit reports, drift alerts, etc.), it sends them from an email address. By default, this is the **notification email you provided during deployment**.

If you want reports sent from a different address — for example, a shared mailbox or a dedicated monitoring address — you can change it from the Worker dashboard in IntuneAssistant.

1. Go to IntuneAssistant and open the Worker page
2. Look for the **Settings** button
3. Enter the email address you want reports sent from
4. Save

{% hint style="info" %}
The sender address must be a valid mailbox in your Microsoft 365 tenant. Reports will be sent on behalf of this address using your organization's mail infrastructure.
{% endhint %}
{% endstep %}

{% step %}

### Get Your License Key

The Worker requires an Enterprise license key to activate. Without it, it will remain in a **Pending** state and won't execute any jobs. Better said, it won't have a connection at all and keeps waiting in this state.

To request your license key, send an email to:

**<support@intuneassistant.cloud>**

Include the following in your email:

* Your organization name
* The Worker instance ID (visible on the Worker dashboard under **Registration Status**)
* The email address associated with your IntuneAssistant account

You will receive your license key by email, typically within one business day.

{% hint style="success" %}
**Already have a license key?** Skip ahead to Step 4.
{% endhint %}
{% endstep %}

{% step %}

### Activate the Worker

Once you have your license key, enter it in the Worker dashboard to activate:

1. Open your Worker dashboard
   * The URL is in your registration confirmation email, **or**
   * Go to **Azure Portal → App Services → your Worker → Default domain**
2. On the dashboard, find the **Activate License** section
3. Enter your license key (format: `INTUNE-xxxxxxxx-xxxxxxxxxxxxxxxx`)
4. Click **Activate**

The Worker will validate the key and switch from **Pending** to **Active** within seconds.

{% tabs %}
{% tab title="✅ Activation successful" %}
The dashboard will show:

* **Registration Status:** Active
* **Health:** Healthy
* A green heartbeat indicator showing the Worker is connected

You're ready to create jobs.
{% endtab %}

{% tab title="❌ Key not accepted" %}
If the license key is rejected, check:

* The key was entered exactly as received (no extra spaces)
* The key hasn't already been used on a different Worker instance
* Your Worker instance ID matches what you sent in your license request

If the problem persists, contact **<support@intuneassistant.cloud>** with your Worker instance ID.
{% endtab %}
{% endtabs %}
{% endstep %}

{% step %}

### Confirm the Worker is Healthy

Before creating jobs, confirm that the Worker is fully operational.

On the dashboard you should see:

| Indicator               | Expected value                           |
| ----------------------- | ---------------------------------------- |
| **Registration Status** | Active                                   |
| **Last Heartbeat**      | Less than 10 minutes ago                 |
| **Scheduled Jobs**      | 0 (no jobs configured yet — that's fine) |
| **Worker Version**      | Current version number                   |

If the heartbeat timestamp is not updating or the status shows anything other than **Active**, wait a couple of minutes and refresh. If the issue persists, check the App Service logs in the Azure Portal.

{% hint style="success" %}
**Heartbeat updating and status is Active?** Your Worker is healthy and ready. Move on to creating your first job.
{% endhint %}
{% endstep %}

{% step %}

### Add Managed Identity Permissions

After deployment, the worker has no permissions yet. Because we take security very serious, we let you handle all the workers permissions. \
Currently its not possible to handle those permissions nicely and we need a bit of code for that. \
\
Use the following document to add the correct permissions.&#x20;

{% content-ref url="/pages/BmCFkOZTYrK9HRbazq98" %}
[Add worker permissions](/extensions/worker/add-worker-permissions.md)
{% endcontent-ref %}
{% endstep %}

{% step %}

### Create Your First Job

Now that your Worker is licensed and healthy, you can configure it to start doing actual work.

Jobs are created and managed from the **IntuneAssistant portal** — not the Worker dashboard itself. The Worker automatically picks up any jobs assigned to it.
{% endstep %}
{% endstepper %}

## Setup Checklist

Use this as a quick reference to confirm everything is in place:

* [ ] Worker deployed from Azure Marketplace
* [ ] Dashboard secured with Microsoft authentication *(recommended)*
* [ ] Sender email configured *(optional)*
* [ ] License key received from <support@intuneassistant.cloud>
* [ ] License key entered and Worker status is **Active**
* [ ] Heartbeat is updating — Worker is **Healthy**
* [ ] Ready to create jobs 🎉

## Need Help?

If you run into any issues during setup, reach out to us:

**<support@intuneassistant.cloud>**

Please include your Worker instance ID (visible on the dashboard) in your message so we can help you faster.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.intuneassistant.cloud/extensions/worker/installation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.