Eric Grover

Looks great until you try to get access to it. These are the hurdles you have to overcome to get started. This has already failed. Enabling Microsoft Scout for Managed Users To enable Microsoft Scout for managed users, admins must complete two gates: Configure Frontier access in Microsoft 365. Set up Intune policy with attestation. Both gates must be complete before any user can sign in. Installing the Scout app alone does not grant access. Prerequisites Microsoft 365 Global Administrator credentials Intune tenant administrator credentials GitHub Copilot licenses assigned to users (Business or Enterprise) Microsoft Scout ADMX/ADML templates downloaded for Windows configuration (setup docs) Gate 1: Enable Frontier Access in Microsoft 365 Sign in to the Microsoft 365 admin center. Navigate to Copilot → Settings → View all. Search for Frontier and select Copilot Frontier. Set access for your organization and click Save. Allow up to three hours for propagation. This step makes Frontier available but does not enable Scout sign-in on devices. Gate 2 is still required. (access overview) Gate 2: Configure Intune Policy and Attestation Windows Devices Sign in to the Intune admin center at https://t.co/HBkjzGKBmS. Go to Devices → Configuration → Import ADMX. Upload the Microsoft Scout ADMX/ADML template files. Confirm the templates show status Available. Create a Windows configuration policy using the imported template:Enable Allow Clawpilot Frontier access (this is the documented setting name; it maps to the AllowScoutFrontierAccess capability). Assign the policy to target managed devices. (setup docs) macOS Devices Create a custom configuration profile in Intune. Import the Microsoft Scout administrative template files. Assign the profile to target macOS devices. (setup docs) Attestation Complete the Frontier organization sign-up form in Microsoft 365 to record admin attestation. Ensure all users have GitHub Copilot licenses assigned. Attestation is a separate gating layer and is required because Scout can route data outside Microsoft 365 to third-party inference paths (for example, GitHub). It applies even if Gate 1 is already complete. (access overview) End-User Requirements A GitHub account, used for token billing. Sign in with work credentials. Sign-in succeeds only after both admin gates (Frontier access and Intune policy with attestation) are complete. (access overview) Notes Installing the Scout app alone does not grant access. Admins must ensure registry and device conditions are met via Intune policy. A blocked sign-in does not show a clear in-product reason. If users cannot sign in, confirm with the admin that Frontier access, the Intune policy, and the attestation are all in place before troubleshooting on the client. Scout can route data outside Microsoft 365, so explicit attestation is required for security compliance. Following these steps enables Microsoft Scout for managed users across Windows and macOS devices.