Setting up and managing device configurations using Intune
The message indicates that Microsoft Scout is not fully enabled for the tenant, even if the Intune setup appears correct. Both admin gates and user prerequisites must be satisfied before sign-in works.
Check the following in order:
- Verify Frontier access (Admin gate 1)
- In the Microsoft 365 admin center, go to Copilot → Settings → View all.
- Search for
Frontierand select Copilot Frontier. - Ensure access is not set to No access and that the affected users are included (for example, All users or Specific users with the correct group).
- Save changes and allow up to about three hours for propagation.
- Confirm the Intune policy is configured and assigned (Admin gate 2 – part 1)
- In Intune, confirm the Windows configuration policy includes the Allow Microsoft Scout Frontier access setting and that it is set to Enabled. This enables the
AllowScoutFrontierAccesscapability. - Verify the policy is assigned to the correct groups/devices (for broad rollout, All devices, or the specific pilot group) and that the policy appears in the configuration policy list.
- Ensure target devices have successfully synced with Intune.
- If users still see a waitlist or “hasn’t been set up” experience, re-check that Allow Microsoft Scout Frontier access is enabled and that the device is indeed in the assignment scope.
- In Intune, confirm the Windows configuration policy includes the Allow Microsoft Scout Frontier access setting and that it is set to Enabled. This enables the
- Complete attestation and opt-in (Admin gate 2 – part 2)
- Complete the required attestation and opt-in using the M365 Admin — Frontier organization sign-up form. This is required because Microsoft Scout can route data to third-party inference paths.
- This attestation is an additional gate beyond Frontier enrollment and must be completed even if Frontier access is already configured.
- Ensure GitHub Copilot licensing is in place
- Confirm that users have GitHub Copilot licenses assigned, as required for Microsoft Scout.
- Validate user-side requirements
- Users must:
- Download and install the Microsoft Scout app.
- Have a GitHub account (used for token billing).
- Sign in with work (Microsoft 365) credentials.
- If users attempt to sign in before both admin gates (Frontier access, Intune policy + attestation) are complete, sign-in is blocked and the app does not clearly indicate why. In that case, confirm all admin steps above are complete before further client troubleshooting.
- Users must:
- Re-validate deployment
- After confirming all gates:
- Ensure the Windows policy shows Allow Microsoft Scout Frontier access as enabled.
- Confirm assigned devices are in the target groups.
- Allow time for Intune sync.
- On a managed device, open Microsoft Scout and verify that sign-in proceeds without the waitlist or “hasn’t been set up” message.
- After confirming all gates:
If any of these checks fail (Frontier not enabled for the user, Intune policy not assigned or not synced, attestation not completed, or missing GitHub Copilot license), Microsoft Scout will continue to show that it has not been set up for the organization.
References: