This blog post teaches you how to Troubleshoot Windows 11 10 Intune MDM Issues. There are several options to troubleshoot, and some of them are explained here.

Windows 11 or 10 MDM issues and troubleshooting are pretty new for SCCM admins like me! So what is the importance of Windows 10 MDM? When you use Intune or SCCM + Intune hybrid to manage Windows 10 machines, all the management policies are deployed through the MDM channel. This post is Windows 10 MDM Troubleshooting Guide.

There could be many ways to troubleshoot Windows 10 MDM issues while using Microsoft Intune to deploy policies to those devices. In this post, I will share the 3 easy ways to start MDM troubleshooting. Yes, it’s different from the SCCM/ConfigMgr client’s way of troubleshooting, as there are no log files for the MDM client.

MDM client is in build with the Windows 10 operating system, and events logs are the best place to troubleshoot Windows 10 MDM issues. The 3rd way mentioned in this post is very easy for me and IT Pros to understand and start Windows 10 MDM troubleshooting. I have created a video to explain the troubleshooting tips, as you can see above.

[Related Posts – How to Start Troubleshooting Intune Issues]

Related Posts

• How to Start Troubleshooting Intune Issues
• Windows 10 MDM Log Checklist
• MDM Diagnostics Tool – Tips & Tricks
• Learn How to Collect Windows 10 Diagnostics Information from Intune Portal | Endpoint Manager

Understand Windows 10 MDM Architecture

For example, if an Intune policy is deployed to a Windows 10 machine but is not getting applied, how do we start troubleshooting? First, we need to understand Windows 10 management architecture.

The following is the high-level architecture diagram for Windows 10 management. If we know this high-level architecture, troubleshooting Windows 10 MDM issues will be easy. This post will help us as a Windows 10 MDM Troubleshooting Guide.

Video Tutorial – Windows 10 MDM Troubleshooting Guide

Windows 10 MDM Troubleshooting Guide video tutorial to help IT Pros! This video teaches you how to fix problems with Windows 10 MDM (Mobile Device Management) using the registry, WMI (Windows Management Instrumentation), and Event Logs.

It breaks down troubleshooting into simple steps, showing you how to identify and solve issues with your device management. You can learn to resolve common problems efficiently by following along with the video.

Troubleshoot with Windows 10 Event Logs

Event Logs  :- Microsoft->Windows->DeviceManagement-> Enterprise-Diagnostics-Provider/Admin

Event logs in Windows 10 machines are the best to start troubleshooting MDM-related issues. As you can see in the below screen capture, you could be able to see where to go in events logs (Microsoft->Windows->DeviceManagement->Enterprise-Diagnostics-Provider/Admin) to see the details of the MDM and Device Management related issues. When the machine is Workplace Joined or AAD joined, all the events related to Intune/SCCM policies are recorded in “this” event log section.

AAD event logs are also very useful in this Windows 10 MDM issue, and you can check out the following location for AAD-related event logs: “Microsoft-Windows-AAD/ Operational”. Event logs are an integral part of the Windows 10 MDM Troubleshooting Guide.

The event logs are the best way to troubleshoot Windows 10 MDM issues. You will get the detailed status of Intune or SCCM hybrid policies from event logs. Each entry in those event logs will tell you whether or not the deployed policies are reached and applied on that machine. There is also a way to export the MDM log files to the folder “C:\Users\Public\Documents\MDMDiagnostics” from Windows 10 settings – connect to the work or school page.

[Related Posts – How to Start Troubleshooting Intune Issues]

Troubleshoot Windows 10 with WMI Explorer

WMI Explorer way of Checking whether the Policy Settings are Applied or Not:-

WMI Explorer is the best tool to check the MDM policies to confirm whether those settings are applied on the windows 10 system or not. As you can see in the following screen capture, this is how to check whether MDM policies are correctly applied to a Windows 10 machine.

I have deployed the Windows Defender policy from Intune to this Windows 10 machine, and you can use WMI explorer to find out whether these policies are applied on the machine or not. Again, when you start troubleshooting, the best place to begin with is event logs.

We can also check this via WBEMTEST, but we may need to start WBEMTEST from the system context to see the policy details. WMI Explorer is the best place to check and confirm whether the MDM policies (from Intune or SCCM) have been applied to a machine.

[Related Posts – How to Start Troubleshooting Intune Issues]

Registry way of Checking Windows 10 MDM Policy Settings

Troubleshoot Windows 10 with Registry Entries

The 3rd and easiest way to check whether the MDM policies are applied to a Windows 10 machine is the registry key. Following is the registry location where you can find MDM policy settings. You want to check for MDM policy settings on Windows 10 machine is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers

In this below screen capture, you can see the Windows Defender settings I applied to Windows 10 machines through Intune policies. The only caveat of this method is we need to find out a way to decode each provider GUID (CLSID Key?) related to MDM policies. Following are some of the extracts from my Windows 10 machine:-

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\18dcffd4-37d6-4bc6-87e0-4266fdbb8e49 - Power Policy Settings Buttons

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\1e05dd5d-a022-46c5-963c-b20de341170f - Power Policy Controls Energy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\23cb517f-5073-4e96-a202-7fe6122a2271 - Power Policy Settings Disaplay

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\2648BF76-DA4B-409A-BFFA-6AF111C298A5 - ?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\268c43e1-aa2b-4036-86ef-8cda98a0c2fe - ? Power Policy Settings PCI Express

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\2AB668F3-6D58-4030-9967-0E5358B1B78B - Microsoft Intune MDM Policy Settings - Account, Bitlocker, Connectivity, Data Protection, Defender, Device Lock, Experience, Network Isolation, Security, System, update and WiFi

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\C8DC8AF6-2A7D-4195-BA77-0A4DAC2C05A4 - Microsoft Intune/SCCM MDM policy settings - Browser, Camera, Connectivity, Device Lock, Security, Systems and Wifi

• System > Power Management > Button Settings
• Select the Start menu Power button action (on battery)
• Select the Start menu Power button action (plugged in)
• Select the Start menu Power button action (plugged in)
• Enabled – Select the Start menu Power button action (on battery).

Troubleshoot Windows 10 with MDMDiagReport

These GUID IDs can be found in the MDMDiagReport.xml file, and this XML can be decoded into HTML file MDMDiagReport.html using the tool.

[Related Posts – How to Start Troubleshooting Intune Issues]

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.