Dex
← All integrations
Windows Device Agent logo
RMM & Endpoint

Windows Device Agent

On-device diagnostics, PowerShell, and full remote-desktop control for Windows endpoints managed by Dex.

Dex ships a lightweight Windows agent that pairs to the user's Entra-joined device. Once installed, Dex can run baseline diagnostics, execute scoped PowerShell for deep troubleshooting, clean cache/temp, and — with explicit user consent — take over the screen with full keyboard/mouse computer-use. All runs within a 30-second default script budget, scoped per-device, fully logged, and never requires opening an RDP or remote-support session.

Book a Demo

What Dex does with Windows Device Agent

Dex handles both admin workflows and employee self-service — all policy-guardrailed and audit-logged.

A

For admins (CoAdmin)

  • List a user's devices via list_user_devices and resolve the Entra device ID
  • Run built-in device_state_diagnostics (performance, network, disk, identity, updates) for a one-call health snapshot
  • Get system info (CPU, total RAM, disk size, OS build) with device_get_system_info
  • Execute scoped PowerShell with device_run_custom_powershell — per-script timeout (default 30s, up to 120s), in system or logged-in-user context
  • Disk diagnostics: top-level folder sizes, deep ProgramData scan, large file detection, hidden directory hunt
  • Process analysis: top CPU/memory consumers, real-time CPU delta, hidden PowerShell process audit
  • Scheduled-task audit including tasks hidden under \Microsoft\Windows\* paths
  • Remediations: kill rogue process, remove scheduled task, clean user/system temp (aggressive or age-based), delete rogue log files
  • device_clean_cache for standard Windows cache locations
  • device_computer_use — remote screenshot + click/type/drag to operate the desktop visually (requires explicit user consent and GPT model)
E

For employees (self-service)

  • "My laptop is slow" → Dex takes the baseline, finds the CPU hog, and kills it after your approval
  • "Disk is full, I can't save files" → Dex scans ProgramData and temp, shows what's eating space, and cleans with consent
  • "Printer driver won't install" → Dex opens the Settings app over computer-use, walks through the install, and reports back
  • "The VPN client keeps crashing" → Dex pulls recent event logs, restarts the service, and verifies it stays up
  • Every remediation shows a before/after disk & CPU comparison so you can see what changed

Just ask Dex

Your team types a request in plain language. Dex investigates, plans, and executes — with the right guardrails.

Admin prompts

  • >Run a full performance triage on marco@acme.com's laptop — find any rogue processes or scheduled tasks
  • >Check the disk on jenna.rossi@acme.com's device and clean up anything over 500MB in ProgramData
  • >On dan@acme.com's device, list all scheduled tasks under Microsoft paths that execute powershell.exe
  • >Reboot the Dex agent service on marco@acme.com's laptop and verify it comes back
  • >Kill process ID 4812 on dan@acme.com's device — it's a runaway PowerShell hogging CPU
  • >Take a screenshot of jenna.rossi@acme.com's screen (with her consent) — she says her Outlook is frozen

Employee prompts

  • >My laptop is running slow, can you look at it?
  • >I'm getting "low disk space" warnings — can you clean it up?
  • >Take over my screen and walk me through connecting to the printer on 3rd floor
  • >My Chrome is eating all my RAM — can you see what's going on?
  • >I think something weird is running in the background, can you check?

Policy actions

Every action Dex can take on Windows Device Agent is declared, scoped, and guardrailed. Admins control which apply, who approves them, and whether they're limited to self-service.

ActionWhat it does
windows_list_user_devicesList the Windows devices registered to a user and resolve Entra device IDs
windows_device_state_diagnosticsRun built-in diagnostics (performance, disk, network, identity, updates)
windows_device_get_system_infoGet hardware and OS info (CPU, RAM, disk size, OS build)
windows_device_diagnostic_disk_spaceReport drive capacity, free space, and per-folder usage
windows_device_clean_cacheClean standard Windows caches (browser caches, Windows Update cache, etc.)
windows_device_run_custom_powershellRun scoped PowerShell scripts (read-only by default; allow_changes=true for writes)
windows_device_computer_useTake visual control of the desktop — screenshot, click, type, drag (requires explicit user consent)

How to configure Windows Device Agent

Onboarding takes minutes. Dex validates your credentials before saving them.

Setup steps

  1. 1
    Windows Device Agent shares the same Microsoft 365 / Entra tenant authorization Dex already has — no separate credentials.
  2. 2
    Deploy the Dex Windows agent to endpoints via Intune, Group Policy, or a direct installer (MSI). The agent auto-registers using the machine's Entra device identity.
  3. 3
    Once the agent is installed and the device is Entra-joined (or hybrid-joined), Dex can look up the device via Graph /devices and target it by Entra device ID.
  4. 4
    Per-user computer use requires a one-time consent prompt on first use — Dex records the approval in state and proceeds without re-asking for subsequent actions in the same task.
  5. 5
    No inbound firewall changes required — the agent polls out to the Dex backend; there's no open RDP or SSH port.
Vendor documentation ↗

No extra credentials

This integration is covered by your Microsoft 365 tenant authorization to Dex. There are no per-app credentials to create or rotate.

Requirements

  • Windows 10 or 11; endpoints must be Entra-joined or Entra hybrid-joined (so Dex can resolve an Entra device ID)
  • Microsoft 365 / Entra tenant authorization already completed in Dex (reuses those scopes for device discovery)
  • PowerShell scripts default to 30-second timeout; up to 120s can be requested per call to avoid hitting the recursive-scan ceiling
  • computer_use requires switching Dex to the GPT model (needs vision capability) and explicit user consent per task
  • User-temp / AppData operations require run_as_context = "logged_in_user" — system context resolves $env:TEMP to the wrong path

Related integrations

See Dex run Windows Device Agent

Book a 30-minute walkthrough with our team and see how autonomous IT works in your environment — or get started for free.

Book a DemoBrowse all integrations →