Back to blog
Product Updates · March 20, 2026

How Lunixar's installation flow matured since ENROLL_TOKEN

If you manage endpoints as an MSP or as an internal IT team, you know this very well:

installing and enrolling agents should not feel like a separate project.

You can have strong monitoring, alerts, automations, and reports.

But if agent deployment still adds friction, every installation costs time, mistakes, and rework.

When Lunixar launched its ENROLL_TOKEN-based flow on February 23, 2026, the shift was already important.

But the real story is not just the token itself. It is everything that was refined from that point through March 20, 2026.

I am not going to dump a technical changelog on you.

Instead, here are the improvements that are actually felt in day-to-day operations and why they matter.

1) Enrollment stopped revolving around the installer and started revolving around control

The first major shift was moving away from "which installer should I use?" and into a much clearer flow:

create, review, copy, use, and revoke an ENROLL_TOKEN.

That brought real operational benefits:

  • More order for technicians
  • More clarity for admins
  • Less dependence on passing files or ambiguous instructions

And from the backend side, the token was already launched with the things that matter in production:

  • Expiration
  • Usage limits
  • Tenant context
  • An audit-ready foundation

In other words, agent enrollment stopped being "download this and hope for the best."

It became a more controlled flow from the start.

2) The experience became much cleaner for the people who actually install agents

After the token was implemented, Lunixar improved the part that usually slows teams down:

the UI and the path to the right command.

Some of the best frontend changes were:

  • Redesigned ENROLL_TOKEN creation and detail views
  • A stronger focus on the recommended command
  • Better separation between recommended and advanced options
  • A clearer command center for desktop and mobile
  • More visible security messaging around token usage

There was also one very practical improvement:

  • Only one active token is now allowed per location

That helps avoid a very common problem: multiple people creating tokens for the same site and then nobody knowing which one is still valid.

3) The flow matured even more when it moved from "token" to "token + dedicated MSI"

This is one of the most important improvements in the whole period.

The flow no longer stopped at copying a command.

Lunixar gradually moved deployment into something much more practical for Windows:

  • Support for EXE and MSI variants
  • A deployment flow that prioritizes dedicated MSI
  • Installer detail pages with real server-side status
  • Visibility into current uses versus maximum allowed uses
  • MSI revocation that also invalidates the related token

It also added operational controls that matter:

  • ttlDays
  • maxUses
  • A dedicated endpoint to list MSI installers
  • MSI build and signing moved to a specialized external builder

In practice, that means Lunixar stopped offering only a cleaner enrollment flow and started offering

a much more operable deployment flow for real-world environments.

4) It also became much harder for a bad enrollment attempt to turn into noise

Another major improvement was hardening the flow when something is already wrong from the beginning.

Backend and WebSocket changes now help a lot even if end users never notice them directly:

  • Fail-fast validation for empty or malformed credentials
  • Throttling to reduce reconnect storms
  • Temporary IP blocks for missing, invalid, revoked, or expired tokens
  • Clearer rejection reasons when enrollment fails

These improvements do not look flashy in a demo.

But they matter in production because they reduce:

  • Unnecessary noise
  • Wasted infrastructure work
  • Endless reconnect loops
  • Confusion during troubleshooting

Put simply:

less chaos when things go wrong.

5) The agent also became more reliable from first startup to later updates

The agent side saw another important wave of improvements.

Over time, Lunixar reinforced:

  • Reading ENROLL_TOKEN from arguments and a secure bootstrap path
  • Proper token support in silent and interactive post-install flows
  • Stopping bootstrap when valid credentials do not exist
  • Stopping retries when a token has already been rejected or blocked
  • Windows updates centered on MSI
  • Decoupled self-update through LunixarUpdater

That matters because the installation flow does not end when the agent first registers.

It also matters that the agent:

  • Starts correctly
  • Does not keep retrying in a broken state
  • Updates more cleanly
  • Leaves better logs when something fails

And that is where Lunixar also improved a lot.

6) The path by platform is much better organized now

Another strong improvement was stopping the product from treating every installation as if it were the same.

During this period Lunixar also improved:

  • Visual operating-system selection
  • Linux commands in addition to CMD and PowerShell
  • Platform normalization for cleaner Windows/Linux distinction
  • Protection against routing Linux devices to Windows artifacts

That may sound technical, but operationally it means something simple:

fewer mistakes from mixing commands or packages that do not belong to the same platform.

Closing

If you look at the whole path from the first ENROLL_TOKEN rollout through March 20, 2026, the most interesting part is that Lunixar did not stop at "we have a token now."

It kept pushing the flow into something much more mature:

  • Better UX for creating and using tokens
  • Stronger location-based control
  • Dedicated MSI with better traceability
  • More useful revocation and limit handling
  • Stricter validation in backend and WebSocket
  • A more reliable agent for enrollment, startup, and updates

In the end, that is what really changes day-to-day operations:

less installation friction, more deployment control, and much more confidence from the very first startup onward.