Using Defender for Endpoint I have Collected Investigation package for a computer, but seems the Autorun registry entries only include the HKEY_LOCAL_MACHINE not HKEY_Current_User 

I mean entries like Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce is this something by design?