Intune Logs in Windows PCs Location Details How to Collect Diagnostic Reports

Let’s check to understand Intune logs in Windows PCs. You can get more details location and other details from this post. This post mainly covers Intune client-side related logs. Intune is a SaaS (software as a service) solution and I have not seen any Intune server-side logs. The server-side troubleshooting is fully managed by Microsoft support.

The Intune client-side logs are one of the options that you can troubleshoot issues. The other option to troubleshoot Intune issues from the client-side is using network traces. This is basically reverse engineering using Fiddler traces etc… Some of the Intune server-side details are details are available through various reporting nodes in Intune portal.

We can divide Intune logs into two parts. One is the logs related to Intune Management Extension (IME), and the other section of the logs is related to Windows MDM event logs. Moreover, you can’t compare SCCM logs with Intune logging options.

Intune Advanced Diagnostic Report

I recommend starting collecting Intune logs from the settings app. This report shows the applied configuration states of your device, including Policy CSPSettings, certificates, configuration sources, and resource information. How to collect Intune Advanced Diagnostic Report ->

  • Go to the Settings app from the Start menu or button.
  • Click on Accounts.
  • Click on Access School or Work from the Accounts page.
  • Click on the Azure AD account that you want to collect the logs/report for.

Diagnostic Report will be stored -> C:\Users\Public\Documents\MDMDiagnostics

Intune Logs in Windows PCs Location Details How to Collect Diagnostic Reports
Intune Logs in Windows PCs Location Details How to Collect Diagnostic Reports

Intune Logs in Windows – Management Logs

We have an option to collect all the Intune related logs from a Windows PC. You can collect all the Intune management logs from the settings -> Accounts -> Access School or Work. You can click on Export your management log files. The logs file will get stored in the same location as Intune diagnostic reports. Some of the log files collected during this process are given below.

C:\Users\Public\Documents\MDMDiagnostics ==> MDMDiagReport.cab (You can extract cab file to check the logs).

Intune Logs in Windows PCs Location Details How to Collect Diagnostic Reports
Intune Logs in Windows PCs Location Details How to Collect Diagnostic Reports
AgentExecutor.log, AutopilotConciergeFile.json, AutopilotDDSZTDFile.json, ClientHealth.log, DeviceHash_DESKTOP-EQI637E.csv, DiagnosticLogCSP_Collector_Autopilot_2020_11_10_16_17_18.etl, DiagnosticLogCSP_Collector_DeviceProvisioning_2021_7_5_17_44_24.etl, IntuneManagementExtension-20210623-103112.log, IntuneManagementExtension-20210630-185736.log, IntuneManagementExtension.log, MDMDiagHtmlReport.html, MdmDiagLogMetadata.json,MDMDiagReport.xml, MdmDiagReport_RegistryDump.reg, MdmLogCollectorFootPrint.txt.microsoft-windows-aad-operational.evtx, microsoft-windows-appxdeploymentserver-operational.evtx, microsoft-windows-assignedaccess-admin.evtx, microsoft-windows-assignedaccess-operational.evtx, microsoft-windows-assignedaccessbroker-admin.evtx, microsoft-windows-assignedaccessbroker-operational.evtx, microsoft-windows-crypto-ncrypt-operational.evtx, microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx, microsoft-windows-devicemanagement-enterprise-diagnostics-provider-debug.evtx, microsoft-windows-devicemanagement-enterprise-diagnostics-provider-operational.evtx, microsoft-windows-moderndeployment-diagnostics-provider-autopilot.evtx, microsoft-windows-moderndeployment-diagnostics-provider-managementservice.evtx, microsoft-windows-provisioning-diagnostics-provider-admin.evtx, microsoft-windows-shell-core-operational.evtx, microsoft-windows-user device registration-admin.evtx, Sensor.log, setupact.log

Intune Management Extension Logs

Intune Logs in Windows PCs Location Details How to Collect Diagnostic Reports
Intune Logs in Windows PCs Location Details How to Collect Diagnostic Reports

Intune management extension is the lightweight agent that helps to deploy complex apps, PowerShell scripts, and many other services on Windows devices. IME logs are similar to ConfigMgr logs, and these logs are located in the following location. IME is the Intune Logs in Windows PCs.

  • C:\ProgramData\Microsoft\IntuneManagementExtension\Logs

While writing this post, we have four (4) IME logs inside the IntuneManagementExtension\Logs folder.

  1. AgentExecutor.log
  2. ClientHealth.log
  3. IntuneManagementExtension.log
  4. Sensor.log

Intune Event Logs

As mentioned above, Intune and Windows MDM-related component logs are available only in event logs. You can collect all the necessary event logs from the MDMDiagReport.cab file as discussed above. Let’s check which are the critical event logs that would be helpful for Intune MDM deployment troubleshooting.

Event logs are the extended type of Intune Logs in Windows. In most of the scenarios, I use the event logs that are highlighted in bold. Those are core MDM event logs and are very helpful in troubleshooting Intune policy deployment issues.

Intune Logs in Windows PCs Location Details How to Collect Diagnostic Reports 1
Intune Logs in Windows PCs Location Details How to Collect Diagnostic Reports 6
  • microsoft-windows-aad-operational
  • microsoft-windows-appxdeploymentserver-operational
  • microsoft-windows-assignedaccess-admin
  • microsoft-windows-assignedaccess-operational
  • microsoft-windows-assignedaccessbroker-admin
  • microsoft-windows-assignedaccessbroker-operational
  • microsoft-windows-crypto-ncrypt-operational
  • microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin (Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin)
  • microsoft-windows-devicemanagement-enterprise-diagnostics-provider-debug
  • microsoft-windows-devicemanagement-enterprise-diagnostics-provider-operational (Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational)
  • microsoft-windows-moderndeployment-diagnostics-provider-autopilot
  • microsoft-windows-moderndeployment-diagnostics-provider-managementservice
  • microsoft-windows-provisioning-diagnostics-provider-admin
  • microsoft-windows-shell-core-operational
  • microsoft-windows-user device registration-admin

Feedback Hub – Company Portal Log Collection

You also can provide feedback or record the issue via feedback hub integration with the Company portal. I have not used this option to provide a full experience. However, this seems to collect a lot of data, including screenshots and screen recordings. I’m also not sure whether this type of data collection allowed from all corporate organization privacy perspectives.

Make sure you save a local copy of diagnostic and attachments created when giving feedback. The path where it get stored is : C:\Users\Anoop\Documents\FeedbackHub.

Intune Logs in Windows PCs Location Details How to Collect Diagnostic Reports
Intune Logs in Windows PCs Location Details How to Collect Diagnostic Reports

Resources

Leave a Comment

Your email address will not be published. Required fields are marked *