Use AI-powered recommendations in Microsoft Intune

  • 10 minutes

Microsoft Intune includes Copilot-assisted experiences that help administrators understand device issues, policy behavior, and endpoint management actions faster. Instead of manually reviewing multiple reports, device pages, assignments, and error details, administrators can use natural language prompts and AI-powered summaries to focus on likely causes and next steps.

Use Copilot to understand device state

Copilot in Intune can help administrators quickly understand a device. From the Intune admin center, administrators can use suggested prompts to summarize a device, show installed apps, show assigned policies, show group memberships, show the primary user, compare devices, or analyze an error code. Copilot uses Intune data, and administrators can only access the data they have permission to view through role-based access control and scope tags.

This is useful when a support ticket starts with limited information. For example, a user might report that an app is missing, a device is noncompliant, or a configuration profile didn’t apply. Copilot can help collect the initial context so the administrator can decide where to investigate next.

Useful prompts include:

  • Summarize this device.
  • Show apps on this device.
  • Show policies on this device.
  • Show group memberships.
  • Show the primary user of this device.
  • Analyze an error code.

Copilot output should be treated as a starting point. Administrators should still confirm important details in Intune reports, device status, or policy assignment views.

Compare devices to find differences

A common troubleshooting method is to compare a working device with a device that has a problem. Copilot in Intune can compare devices and identify similarities and differences, such as hardware details, compliance policies, assigned configurations, and other management data.

For example, if one Windows device receives a VPN profile and another similar device doesn’t, Copilot can help compare group membership, assigned policies, and device attributes. This helps narrow the issue to possible causes such as assignment targeting, filters, platform differences, or conflicting settings.

Device comparison is especially useful when the issue affects only a subset of devices. It helps administrators move from “this device is broken” to “this device differs from the working device in these specific ways.”

Explore Intune data with natural language

Intune Explorer lets administrators explore Intune data by typing questions in natural language. The intelligent search matches the request to available query views, and Copilot can provide summaries, explanations, and recommended next steps based on the results.

Examples of useful questions include:

  • Which Windows devices are noncompliant?
  • Which devices are missing encryption?
  • Which devices were enrolled recently?
  • Which devices have a specific app installed?
  • Which devices are running an older operating system version?

Natural language exploration helps administrators identify patterns without building every report manually. It is useful for quick investigations, operational reviews, and finding groups of devices that need attention.

Review policies and settings

Policy management can become complex when several configuration profiles, compliance policies, endpoint security policies, and app policies target the same users or devices. Copilot in Intune is designed to help administrators manage policies and settings, understand security posture, and troubleshoot device issues in the context of Intune and Windows 365 Cloud PC data.

Use Copilot during policy review to:

  • Summarize what a policy does.
  • Explain the purpose of a setting.
  • Understand possible user or security impact.
  • Identify which policies are assigned to a device.
  • Compare policy behavior across affected devices.
  • Prepare notes for change review.

This helps administrators validate policy intent before broad deployment. AI-powered recommendations can make policy review faster, but policy changes should still be tested with pilot groups before they are assigned widely.

Use Intune agents for guided endpoint tasks

Security Copilot agents in Intune are AI-powered assistants that help with endpoint protection, identity management, threat intelligence, and device configuration. The agents operate through Copilot and use Microsoft service plugins to connect to services such as Intune, Microsoft Entra, Microsoft Defender, and Microsoft Threat Intelligence, depending on the agent.

Current Intune agent scenarios include:

  • Change Review Agent: Helps review configuration and policy changes before deployment. It can support change validation by checking proposed changes against relevant device, identity, and security context. The agent operates under the identity and permissions of the Intune admin account used during setup.
  • Device Offboarding Agent (Retirement in progress): Identifies stale or misaligned devices across Intune and Microsoft Entra ID, provides actionable insights, and requires admin approval before offboarding actions. Setup is no longer available as of April 30, 2026. Existing configured agents can continue to be used until June 1, 2026. Starting June 1, 2026, the agent is removed from the Intune admin center and is no longer available.
  • Policy Configuration Agent: Helps translate complex requirements and industry standard documents into actionable Intune settings. It can help admins generate Settings Catalog policies aligned with organizational or regulatory baselines.
  • Vulnerability Remediation Agent: Helps reduce the time needed to investigate, identify, and remediate vulnerabilities. It supports security posture improvement by helping prioritize vulnerability remediation work.

Agents can reduce repetitive work, but their output should still be reviewed before actions are applied to production devices.