Admin access overview for Microsoft Scout

[This article is prerelease documentation and is subject to change.]

Important

• You need to be part of the Frontier preview program and sign up to accept terms of participation to get early access to Microsoft Scout. Frontier connects you directly with Microsoft's latest AI innovations. Frontier previews are subject to the existing preview terms of your customer agreements. As these features are still in development, their availability and capabilities may change over time.
• If Microsoft Scout isn't visible in Microsoft Admin Center Agent management, ensure that the admin account is also enrolled in Frontier.
• This is a preview feature.
• Preview features may have restricted functionality and may not be released for general availability. These features are available before an official release so that customers can get early access and provide feedback.
• For more information, go to our Microsoft Product Terms.

Microsoft Scout is available only in Microsoft Frontier, and access requires two separate gates that both must be completed. The first gate enables Frontier for your organization in the Microsoft 365 admin center. The second gate enables the app on user devices through an Intune policy and an admin attestation. A GitHub Copilot license alone doesn't grant Frontier access, and Frontier access alone doesn't work without a Copilot license (business or enterprise). Installing the app grants nothing on its own — sign-in only succeeds after both gates are complete.

Access flow at a glance

The end-to-end path from an unconfigured tenant to a signed-in user looks like this:

1. Admin enrolls the organization in Frontier and turns on Copilot Frontier in the Microsoft 365 admin center.
2. Admin configures the Microsoft Scout Intune policy on target devices.
3. Admin completes the Frontier organization sign-up (attestation) form.
4. User downloads the Microsoft Scout app.
5. User installs the Microsoft Scout app.
6. User confirms they have a GitHub account.
7. User signs in. Sign-in only succeeds if the admin steps are complete.

Admin gate 1: Frontier access

The first gate turns on Frontier — and therefore Microsoft Scout — for your tenant. You configure it in the Microsoft 365 admin center.

1. Sign in to the Microsoft 365 admin center.
2. In the left navigation, select Copilot, then Settings, then View all.
3. In the search box, enter Frontier, then select Copilot Frontier.
4. Set access for your organization. Choose one of:
   • No access
   • All users
   • Specific users
5. Select Save.

After you save, allow up to about three hours for the change to propagate before Frontier features become available to the selected users.

Note

Completing this gate makes Frontier available to the assigned users, but it doesn't enable Microsoft Scout sign-in on its own. You still need to complete gate 2.

Admin gate 2: Admin enablement

The second gate has three required admin actions. All must be completed before users can sign in to Microsoft Scout.

Enable access via an Intune policy

An IT admin must configure an Intune policy for Microsoft Scout that:

• Sets the required registry and device conditions.
• Enables login capability for the app.

Without this policy in place, users can't sign in to Microsoft Scout even if they install the app successfully.

For step-by-step instructions, see Set up Microsoft Scout with Intune.

Complete the attestation and opt-in

Because Microsoft Scout can route data outside Microsoft 365 to third-party inference paths (for example, GitHub), admins must explicitly attest and opt in for their organization. This is an additional gating layer beyond Frontier enrollment, and it applies even if gate 1 is already complete.

Complete the M365 Admin — Frontier organization sign-up form to record your attestation.

Provision GitHub Copilot licenses

Admins must ensure that users have GitHub Copilot licenses assigned. This step is only required if users aren't already licensed.

For more information, see:

• Setting up GitHub Copilot for your organization
• Granting access to GitHub Copilot for members of your organization

User requirements

After both admin gates are complete, end users still need to take a few steps before they can use Microsoft Scout.

• Download and install the Microsoft Scout app.

• Have a GitHub account. Microsoft Scout uses your GitHub account for token billing, so each user needs one before signing in.

• Sign in with work credentials. Sign-in only succeeds after both admin gates (Frontier access and Intune enablement plus attestation) are complete.

Important

If a user tries to sign in before the admin gates are complete, the sign-in attempt is blocked and the app doesn't show a clear in-product indication of why. Confirm with your admin that Frontier access, the Intune policy, and the attestation are all in place before troubleshooting on the client.

What happens if access isn't configured

Installing the Microsoft Scout app always succeeds because the download isn't heavily gated. Sign-in is where access is enforced. If Frontier isn't turned on for the user, or the Intune policy and attestation aren't complete, sign-in fails and the user doesn't see a clear in-product indication of the cause.

Note

If users report sign-in problems, verify both admin gates before investigating further.

Next steps

• Set up Microsoft Scout with Intune
• Get started with Microsoft Scout

Related content

• Microsoft Scout overview
• Get started with Microsoft Scout
• Set up Microsoft Scout with Intune
• Microsoft Scout common questions