Windows 10 MDM Log Checklist – An Ultimate Help Guide – Part 1

0
Different ways of collecting MDM logs from Windows 10

Prologue

Proper case documentation not only helps in proper case management for the case owner but also helps to have a better understanding of the case and its status when it moves up the support hierarchy levels (L1 > L2 > L3). This helps to reduce the overall TAT of a case, due to lesser time spent on things that are otherwise wasted due to the below points.

  • Setting up multiple comms with the end-user to gather the relevant information which should have been done at the first go
  • Repetition of same TS steps or procedures by the higher-level team due to no clear information of what has already been done and its outcome

The other important aspect of providing a seamless support experience is proper data (log) collection.

It certainly does not helps either the end-user or the next level support engineer, when a case moves up the support hierarchy, without having proper or relevant logs. It results in the same wastage of time in setting up comms with the end-user to retrieve the necessary logs, thereby increasing the case age and TAT.

Where case documentation is like a habitual practice, relevant log collection requires knowledge and a clear understanding of the product – the underlying concepts and a clear overview of how things work.

– Joymalya Basu Roy

Introduction

For mobile devices (Android and iOS), for most cases, an Intune Administrator has to work with only the profile deployment status from the Intune portal to help troubleshoot issues, before reaching out to MS Support.

MDM log generation and analysis for Android and/or iOS device managed by Intune is rather limited. The native MDM log collection is facilitated via the Company Portal app which collects the MDM log, silently uploads the collected log to the MS log database in the background, and provides a unique identifier to identify the uploaded logs, to be provided to the MS support.

MDM log collection for mobiles (Android and iOS) is rather straight forward in the form of Company Portal app generating and uploading the relevant logs in the background to the MS database - All behind the scenes. The MDM log itself remains hidden from the end-user. [Not really as for Android, you can still get to it - more on this on a later post!]
MDM log collection for mobiles (Android and iOS) is rather straight forward in the form of Company Portal app generating and uploading the relevant logs in the background to the MS database – All behind the scenes. The MDM log itself remains hidden from the end-user. [Not really as for Android, you can still get to it – more on this on a later post!]

However, the MDM logs that are collected remain hidden (not really, will have a post on this later!) from the IT administrators.

But when it comes to Windows 10, it’s an entire different story.

Windows 10 does not restrict an Intune Administrator with the limitation of possible client end checks as in the case for mobile platforms, only if you know

  • what to look for, and
  • where to look for,

With Windows 10, there is no Company Portal log as such, but you have a similar option to get Management logs or which we term as the MDM Diagnostic logs.

However, what is of more relevance is that you have the entire Windows Registry and Events at your disposal for tracking and tracing issues related to Intune management.

I have split the content into a two-post series, wherein

  • Part 1 – Today we will be discussing the Windows 10 client end verification to check for policy deployments from Intune and the different log collection options that Windows has available for us.
  • Part 2 (coming soon, stay tuned!) – We will be having a walkthrough of the Windows registry to check information related to Intune management and policy deployments, the important Event paths, and the specific individual log file locations.

So let’s get started.

Windows 10 MDM Log Checklist

This is all about Windows 10 client end check to validate policy deployment from Intune and the different log collection options that are available in Windows 10.

Check the policies as received

The first place to check the policies as received on a Windows 10 endpoint is from the Work Account Info.

Settings > Account > Access work or school > Work Account > Info

Windows 10 MDM Log - Verify the applied policies from the overview of Work Account
Windows 10 MDM Log – Verify the applied policies from the overview of Work Account

You get to see an overview of all the policies (Configuration profiles and MSI applications) delivered to the device by Intune here.

Note #1 The overview gives you the information about the feature that the policy controls and not the name of the policy as you configured in the portal.

Note #2 This does not includes win32 and PS script deployments from Intune.

If the policy status in Intune shows as Pending and you do not see the same under managed policies here, check the device SYNC status.

Windows 10 MDM Log - Ensure device sync is latest and has no connectivity issue in case of pending profile deployement status
Windows 10 MDM Log – Ensure device sync is latest and has no connectivity issue in case of pending profile deployement status

If there be any network related issues (mostly common if the device is in Intranet or in restricted networks), verify with the network team, if the device is able to communicate to the required endpoints. Check the Intune network requirements as listed here.

However, if you can see that the device has received the policy for the particular feature, you can move to the next part which is…

Generate simple MDM Diagnostic report

You can generate a simple MDM report from the within the Info page of the Work Account using the Create report button.

Windows 10 MDM Log - Generate a simple MDM Diagnostic report from within the Work Account
Windows 10 MDM Log – Generate a simple MDM Diagnostic report from within the Work Account

This creates a HTML report file (MDMDiagReport.html) that can be found at location  C:\Users\Public\Documents\MDMDiagnostics

Reviewing MDMDiagReport.html

The file can be viewed with any browser. Here we are more interested to look under the Managed policies header to check what all policy settings Intune has delivered to the device. You will see the Default Value for the policy as well the policy enforced value which reflects under Current Value.

This can be your starting check to confirm if the policy settings as configured in the Intune portal is what is being delivered to the device or not.

Windows 10 MDM Log - Reviewing the MDMDiagReport.html as generated - Validate the Current Value property to chrck if the value matches to what has been set in the portal.
Windows 10 MDM Log – Reviewing the MDMDiagReport.html as generated – Validate the Current Value property to chrck if the value matches to what has been set in the portal.

If you see that the Current Value does not matches or is not in accordance with what has been set in portal, it is an Intune service related issue as it is not delivering the policy settings which is configured.

However, if you see the policy settings has been correctly delivered, then it is up to the respective Configuration Service Providers (CSP) to implement the same. In such a case, if the policy state is in Error, you need to check a bit further – the event logs for the same.

Generate detailed MDM Diagnostic report

Use the Export your management log files from Access work or school display without going inside the Work Account.

Windows 10 MDM Log - Generate detailed MDM logs for advanced level troubleshooting
Windows 10 MDM Log – Generate detailed MDM logs for advanced level troubleshooting

This results in a cab file (MDMDiagReport.cab) at the same location C:\Users\Public\Documents\MDMDiagnostics which you can extract using any tools like 7Zip/WinRAR.

An alternative to this is using CLI to trigger the MDMDiagnosticTool.  Open a command prompt with admin rights and use the command

MdmDiagnosticsTool.exe -area <area name(s)> -cab <output cab file path>

The “area” names are defined in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MdmDiagnostics\Area however, you need to have specific knowledge of the issue to determine which area to use.

Windows 10 MDM Log - MDMDiagnosticTool helps to collect logs for specific area. What to collect is prediefned in the registry.
Windows 10 MDM Log – MDMDiagnosticTool helps to collect logs for specific area. What to collect is prediefned in the registry.

The resulting cab file will contain all the events and logs particular to the area as specified during log collection. Want to review the logs as collected, check out this blog post by Vimal Das.

Intune One Data Collector

Intune ODC is a master log collection tool to cover all the aspects of Intune.

This is a custom tool from Microsoft which is designed to collect a variety of files, registry keys, and command-line output to assist support engineers in troubleshooting Intune issues. If you have experience working with Microsoft Support for any Windows 10 related issue, you might have come across this name as it is pretty common for an MS Support Engineer to request for ODC logs in several scenarios.

The tool is freely available in GitHub and can be used even without opening an MS Support Case (Offline Standalone)

  • Navigate to this link and save the entire site content as Intune.xml
  • Download the tool (Direct download link)
  • Double-click on 1dc-c.diagcab to launch the troubleshooter and click on Next to continue
Windows 10 MDM Log - Intune One Data Collector - Master log collection tool for all aspects of Intune
Windows 10 MDM Log – Intune One Data Collector – Master log collection tool for all aspects of Intune
  • Choose to Send diagnostic information to Microsoft when prompted [Dont worry as this will still be offline log generation]
Windows 10 MDM Log - Intune One Data Collector - Send diagnistic infromation to Microsoft
Windows 10 MDM Log – Intune One Data Collector – Send diagnistic infromation to Microsoft
  • Choose Custom Data Collection from the Data Collector List and click Next
Windows 10 MDM Log - Intune One Data Collector - Choose Custom Data Collection
Windows 10 MDM Log – Intune One Data Collector – Choose Custom Data Collection
  • Browse and select the Intune.xml file that you saved in step 1 and click Next
Windows 10 MDM Log - Intune ODC Log collection works based on an XML config file which specifies the tool what to collect
Windows 10 MDM Log – Intune ODC Log collection works based on an XML config file which specifies the tool what to collect
  • Allow the One Data Collector to complete and click Close when prompted
  • Navigate to %localappdata%\elevateddiagnostics to get the logs collected by the ODC tool.
Windows 10 MDM Log - Intune ODC Log is saved to location %localappdata%\elevateddiagnostics
Windows 10 MDM Log – Intune ODC Log is saved to location %localappdata%\elevateddiagnostics

Latest.cab will contain the results of the last run. If you unzip that, you get a file structure like shown below

Windows 10 MDM log - Content of logs as collected by Intune One Data Collector
Windows 10 MDM log – Content of logs as collected by Intune One Data Collector

The folders of which are of interest to me are

  • EventLogs
  • Files

Within Files, you get the related logs regarding all aspects of Intune segregated and sorted into separate folders as shown below, within which you will get the actual log files.

Windows 10 MDM log - Intune One Data Collector gives all the required information that you could possibly want to have while troubleshooting an MDM issue with Windows 10
Windows 10 MDM log – Intune One Data Collector gives all the required information that you could possibly want to have while troubleshooting an MDM issue with Windows 10

That’s all for today, to be contd.

That’s all in store for today. Go ahead and have a look through the logs by yourself. Happy exploring!

[Part 2 coming soon, stay tuned!]

In Part 2 of this series, I will be taking you through the relevant Windows registry entries for Intune, what Events logs to check, and information that gets stored locally on the device which can help you with troubleshooting issues related to Intune. So stay tuned for Part 2 of this article series!

Till then – keep reading, keep learning and most importantly – Stay Safe

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.