
In my previous post, Windows Autopilot Troubleshooting basics, we discussed different troubleshooting areas like Network Activity, Registry, and Event Viewer. In this post, let’s discuss on Windows MDM Diagnostics Tool benefits, usage, and examples.
[Related Posts – Windows Autopilot Step by Step Guides, Windows 10 Deployment Process Flow and Logs]
TL;DR
What is Windows MDM Diagnostics Tool?
MDM Diagnostics is a command line tool which can collate Windows Autopilot related events. Most of the Windows Autopilot related events, registry, and logs consolidated into a single folder or single file. This tool helps IT Admins focus on one consolidated source for troubleshooting.
What are the Benefits of MDM Diagnostics Tool?
- Automatically collect predefined logs and save as zip or Cab file
- Remote users to run the command and share the logs with IT to troubleshoot
- Use Pre or Post OOBE stage of Windows Autopilot
How to Use MDM Diagnostics Tool
How to use the Windows MDM diagnostics tool? I would recommend using the latest Windows 10 (1803 or later) version to use MDM Diagnostics tool. I have not tested the previous version of Windows 10 with this MDM diag tool.
Usage 1: Syntax: MdmDiagnosticsTool.exe -out < output folder path >
Example: MdmDiagnosticsTool.exe -out c:\temp

Usage 2: Syntax: MdmDiagnosticsTool.exe -area <area name(s)> -cab <output cab file path>
Execute below command line to collect Windows autopilot related events from the system for troubleshooting.
Example: MdmDiagnosticsTool.exe -area Autopilot -cab C:\LOGS.zip

3 (Three) Troubleshooting Areas of MDM Diagnostics Tool
Windows MDM Diagnostics tool can be used in below 3 (three) troubleshooting areas to collect pre-defined areas and logs. But, in this post, we will focus only on Windows Autopilot.
- Autopilot
- DeviceProvisioning
- TPM
[Related Posts – Windows Autopilot Step by Step Guides, Windows 10 Deployment Process Flow and Logs]
Output of MDM Diagnostics Tool
The diagnostics tool generate output in ZIP / CAB file format with below files. We will go through each of the below output files and its purpose.

Deep Dive – How to Perform Windows Autopilot Troubleshooting with MDM Diagnostic Tool?
You can understand more details about MDM Diagnostic tools in this section. Hopefully, the following troubleshooting steps will help you in Windows Autopilot deployment scenarios.
Event Viewer
MDM Diagnostics tool collects below list of the event viewer. Event viewer includes client-side events like Autopilot events, policy actions, etc.
- microsoft-windows-aad-operational
- devicemanagement-enterprise-diagnostics-provider
- microsoft-windows-assignedaccess-admin
- microsoft-windows-assignedaccess-operational
- microsoft-windows-moderndeployment-diagnostics-provider-autopilot
- microsoft-windows-provisioning-diagnostics-provider-admin
- microsoft-windows-shell-core-operational
- microsoft-windows-user device registration-admin
The below registry entries tells you a list of event viewer logs captured by the MDM Diagnostics tool.
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MdmDiagnostics\Area\Autopilot\EventViewerEntry

Diagnostic Logs – Autopilot and Device Provisioning
The below listed ETL files are captured by the tool. What is ETL? It’s an Event tracing logs created by Windows. This tool is used for in-depth analysis of the events.
The below ETL file will include system activity captured during Autopilot and Intune device provisioning stage.
- DiagnosticLogCSP_Collector_Autopilot.etl
- DiagnosticLogCSP_Collector_DeviceProvisioning.etl
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MdmDiagnostics\Area\Autopilot\FileEntry

You need to use Windows performance analyzer tool to deep dive and analyze these ETL files.

CloudExperienceHostOobe Windows Autopilot logs
Where is the location of CloudExperienceHost? It is part of system apps within c:\windows\systemapps folder.
In Windows Autopilot deployment, CloudExperienceHost process communicates with Azure.
To trace CloudExperienceHost process activity, MDM Diagnostics Tool generates Event Tracing Logs (this is called ETW – Event Tracing for Windows). You can use Windows performance analyzer to analyze the log as shown below.

Setupact.log
This log file record actions or activity during the OOBE Phase of Autopilot.

Registry Dump
MdmDiagReport_RegistryDump.reg captures the HKLM and HKCU registry values associated with autopilot device provisioning.
Autopilot related values are written to HKLM\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot
Intune CSP based configuration are written to
HKEY_LOCAL_MACHINE\software\microsoft\policymanager\

MDMDiag Report
MDMDiagReport.xml report provides resultant Autopilot settings applied from Intune.

MDMDiagHtmlReport.html report provides complete details on the applied intune Policy CSP Settings, certificates, applications, etc. on the autopilot device.

>Example: MdmDiagnosticsTool.exe -area Autopilot -cab C:\LOGS.zip
This should be
Example: MdmDiagnosticsTool.exe -area Autopilot -cab C:\LOGS.cab
You meant it should be *.CAB instead of *.ZIP !