How to Collect Intune Error Details using SCCM CMPivot Best Option

Let’s learn how to collect Intune error details using SCCM (Configuration Manager). When your Windows PCs are co-managed devices, you might need to troubleshoot Intune-related issues. Most of the Intune (MDM) logs are stored as part of event logs.

You can create a dynamic device collection to find out Co-Managed devices from your environment. Once you have the list of co-managed devices that SCCM and Intune manage simultaneously, you can collect the Intune event logs from Windows devices.

The CMPivot query tool is part of ConfigMgr, and it allows you to quickly assess the state of devices. When you run a query against a co-managed device collection, the CMPivot tool will run a query in real-time on all currently connected (online) devices from the selected collection.

Patch My PC

Intune Event Logs

MDM client is part of the modern Windows operating systems (Windows 10, Windows 11, etc…). Intune is the server-side technology from Microsoft that is used to manage MDM clients. The events logs are the best place to start the troubleshooting of Windows MDM issues.

There are two event logs that you need to check when you have a problem with Intune application (MDM-based) and policy deployment.

  • Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
  • Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational
How to Collect Intune Error Details using SCCM ConfigMgr CMPivot Best Option
How to Collect Intune Error Details using SCCM ConfigMgr CMPivot Best Option

How to Collect Intune Event Logs using SCCM

Let’s learn how to collect Intune event logs using SCCM CMPivot. The CMPivot tool is the best way to troubleshoot Intune issues and collect logs from Intune clients.

1E Nomad

NOTE! – This method can be used only when you have co-managed Windows devices.

  • Navigate to device collection against that you want to run the CMPivot query.
  • Select any device collection.
  • Right-Click on Co-managed Devices collection.
  • Select Start CMPivot.
How to Collect Intune Error Details using SCCM ConfigMgr CMPivot Best Option
How to Collect Intune Error Details using SCCM ConfigMgr CMPivot Best Option

CMPivot Query for Intune Event Logs

Let’s see how to find the ConfigMgr CMPivot query for Intune event logs. It would be best if you are mindful of the logs information that you query through CMPivot. It would help if you didn’t try to collect Intune event logs from 10,000 devices with a 5d (five days) parameter. The above scenarios can be impactful for the entire SCCM infra. So, my recommendation is to test this in staging environment first.

The following is the query to collect Intune event log details of the last 1 hour.

WinEvent('Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational', 1h)
WinEvent('Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin', 1h)
How to Collect Intune Error Details using SCCM ConfigMgr CMPivot Best Option
How to Collect Intune Error Details using SCCM ConfigMgr CMPivot Best Option

The following CMPivot query gives you the details of Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin event logs for the last day.

WinEvent('Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin', 1d)
How to Collect Intune Error Details using SCCM ConfigMgr CMPivot Best Option
How to Collect Intune Error Details using SCCM ConfigMgr CMPivot Best Option

Collect Intune Error Details using SCCM

I think it would be useful to have Intune event logs errors details. The following CMPivot query gives you the error and count of devices with a summary dashboard for MDM-related errors. You can query the following event logs for the last day.

  • Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
  • Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational
WinEvent('Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin', 1d)
| where LevelDisplayName =='Error'
| summarize count() by Device
WinEvent('Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational', 1d)
| where LevelDisplayName =='Error'
| summarize count() by Device
How to Collect Intune Event Logs using SCCM ConfigMgr CMPivot
How to Collect Intune Error Details using SCCM ConfigMgr CMPivot Best Option

You have an option to export the CMPivot query results using the EXPORT button in the CMPivot tool.

Resources

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.