Let’s learn how to collect Intune error details using SCCM (Configuration Manager). When your Windows PCs are co-managed devices, you might need to troubleshoot Intune-related issues. Most of the Intune (MDM) logs are stored as part of event logs.
You can create a dynamic device collection to find out Co-Managed devices from your environment. Once you have the list of co-managed devices that SCCM and Intune manage simultaneously, you can collect the Intune event logs from Windows devices.
The CMPivot query tool is part of ConfigMgr, and it allows you to quickly assess the state of devices. When you run a query against a co-managed device collection, the CMPivot tool will run a query in real-time on all currently connected (online) devices from the selected collection.
Intune Event Logs
MDM client is part of the modern Windows operating systems (Windows 10, Windows 11, etc…). Intune is the server-side technology from Microsoft that is used to manage MDM clients. The events logs are the best place to start the troubleshooting of Windows MDM issues.
There are two event logs that you need to check when you have a problem with Intune application (MDM-based) and policy deployment.
How to Collect Intune Event Logs using SCCM
Let’s learn how to collect Intune event logs using SCCM CMPivot. The CMPivot tool is the best way to troubleshoot Intune issues and collect logs from Intune clients.
NOTE! – This method can be used only when you have co-managed Windows devices.
- Navigate to device collection against that you want to run the CMPivot query.
- Select any device collection.
- Right-Click on Co-managed Devices collection.
- Select Start CMPivot.
CMPivot Query for Intune Event Logs
Let’s see how to find the ConfigMgr CMPivot query for Intune event logs. It would be best if you are mindful of the logs information that you query through CMPivot. It would help if you didn’t try to collect Intune event logs from 10,000 devices with a 5d (five days) parameter. The above scenarios can be impactful for the entire SCCM infra. So, my recommendation is to test this in staging environment first.
The following is the query to collect Intune event log details of the last 1 hour.
The following CMPivot query gives you the details of Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin event logs for the last day.
Collect Intune Error Details using SCCM
I think it would be useful to have Intune event logs errors details. The following CMPivot query gives you the error and count of devices with a summary dashboard for MDM-related errors. You can query the following event logs for the last day.
WinEvent('Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin', 1d) | where LevelDisplayName =='Error' | summarize count() by Device
WinEvent('Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational', 1d) | where LevelDisplayName =='Error' | summarize count() by Device
You have an option to export the CMPivot query results using the EXPORT button in the CMPivot tool.
- SCCM CMPivot Query Devices with Greater than 15 GB Free Disk Space
- SCCM CMPivot Query for Windows 10 English Language Devices | ConfigMgr
- ConfigMgr Software Updates Troubleshooting Tips
- SCCM 1909 New Features Enhancements Extend Migrate SCCM To Azure