CONTACT US

Dark mode

Dark mode

Dark mode

There are 0 results matching

article card image dark article card image light

Published by · Apr 11, 2024 tools · 2 mins read

Introducing: Intune Linux Onboarding Tool

Onboard Ubuntu Linux devices to Microsoft Intune using a bash script. Installs prerequisites and starts the user-driven enrollment. ...

See More
article card image dark article card image light

Published by · Apr 11, 2024 tools · 2 mins read

Introducing: Intune macOS Onboarding Tool

Onboard macOS devices to Microsoft Intune using a bash script that initiates the process. Optionally, the script converts mobile accounts, resets the FileVault key, and removes ...

See More
article card image dark article card image light

Published by · Jan 23, 2024 tools · 3 mins read

Introducing: Intune Device Renaming Tool

Rename Intune Devices by setting a Prefix or using a User Attribute as Prefix. Supports Windows, macOS, and Linux ...

See More
article card image dark article card image light

Published by · Dec 8, 2023 intune · 5 mins read

Intune Logs: A Deep Dive into Locations, Interpretation, and Configuration

A Comprehensive Guide to Locations, Interpretation, and Configuration of Intune Logs ...

See More
article card image dark article card image light

Published by · Aug 14, 2023 configmgr · 2 mins read

Configuration Manager Console Extension to show Device Collection Membership with Console Builder

Use the Configuration Manager Console Builder, to add Collection Membership View to the Device Node ...

See More
article card image dark article card image light

Published by · Aug 3, 2023 tools · 3 mins read

Introducing: Configuration Manager SSRS Dashboards

A Configuration Manager Dashboards solution with Reports for Software Updates, Bitlocker and more ...

See More
article card image dark article card image light

Published by · Aug 3, 2023 tools · 2 mins read

Introducing: PowerShell WMI Management Toolkit Module

Streamline your WMI Namespace, Class, and Instance Management with our PowerShell Module ...

See More
article card image dark article card image light

Published by · Jul 14, 2023 configmgr · 1 mins read

Configuration Manager detailed, filterable Port Documentation

Configuration Manager detailed, filterable port documentation as an excel document ...

See More
article card image dark article card image light

Published by · Jul 14, 2023 configmgr · 3 mins read

Configuration Manager PXE TFTP Window Size Bug

Configuration Manager TFTP Block Size and TFTP Window Size Correct Configuration ...

See More
article card image dark article card image light

Published by · Jun 18, 2023 tools · 4 mins read

Introducing: Configuration Manager Client Cache Cleanup Tool

Cleaning the Configuration Manager Client Cache the Right Way with PowerShell and Configuration Baselines ...

See More
article card image dark article card image light

Published by · Jun 18, 2023 tools · 2 mins read

Introducing: Windows Cache Cleanup Tool

Cleaning Windows and Configuration Manager Caches for Configuration Manager Build and Capture Task Sequence or Standalone Use ...

See More
article card image dark article card image light

Published by · Jun 17, 2023 tools · 1 mins read

Introducing: Windows Update Database Reinitialization Tool

Proactively repair corrupted Windows Update Database with Powershell and Configuration Manager ...

See More
article card image dark article card image light

Published by · Mar 31, 2023 tools · 3 mins read

Introducing: Configuration Manager SQL Products Reporting

A Complete SQL Products reporting solution using Configuration Manager ...

See More
article card image dark article card image light

Published by · Jan 28, 2023 configmgr · 1 mins read

Application Detection Method using the Configuration Manager Application Version

Replace hardcoded application version in scripts, with the Configuration Manager Application Version ...

See More
article card image dark article card image light

Published by · Jan 28, 2023 tools · 3 mins read

Introducing: Certificate Management Toolkit

Managing Certificates with Configuration Manager and PowerShell by using just the Public Key ...

See More
article card image dark article card image light

Published by · Jan 7, 2019 reports · 2 mins read

Configuration Manager Device Boundary and Network Information Report

List Device Boundaries and Network Information with Configuration Manager ...

See More
article card image dark article card image light

Published by · Sep 9, 1980 help · 5 mins read

MEM.Zone Blog Publishing Documentation

Publishing Documentation for MEM.Zone ...

See More

We couldn’t find anything related to

“SCCM”

BLOG / intune zone

Intune Logs: A Deep Dive into Locations, Interpretation, and Configuration

Published by Vilcu Paul · Dec 8, 2023 · 5 mins read
article card image dark article card image light

Quick Summary

Microsoft Intune as a cloud service has many moving parts, and as with all things IT-related, the truth is always in the logs.

This post will delve into the log retrieval specifics for Windows, macOS, and Linux when managed through Intune.

Table of Contents

Prerequisites

Intune Diagnostics

Intune can gather diagnostic files automatically if Autopilot fails, retaining these logs for 28 days. However, they’re unavailable if diagnostics are disabled.

  • Enable diagnostics from Tenant Administration –> Device Diagnostics_ in the Intune Portal.
article card image intune-portal-device-diagnostics
Notes

In some special circumstances, the logs may fail to upload to Intune.

MDM Diagnostics Tool

MDMDiagnosticsTool is a versatile tool that can access multiple log areas and output them in various formats. Bwlow are some examples of how to use it.

  • Gather logs and output them to a folder.
C:\WINDOWS\system32\MdmDiagnosticsTool.exe -out <Output_Folder_Path>
  • Gather area log and compress them into a cab or zip file.
C:\WINDOWS\system32\MdmDiagnosticsTool.exe -area <Area_Name1;Area_Name2...> -cab <Output_cab_File_Path>
C:\WINDOWS\system32\MdmDiagnosticsTool.exe -area <Area_Name1;Area_Name2...> -zip <Output_zip_File_Path>
Notes

Currently supported areas:

  • Autopilot
  • DeviceEnrollment
  • DeviceProvisioning
  • Tpm
  • OOBE
  • Azure AD

All currently available areas are stored in the HKLM\SOFTWARE\Microsoft\MdmDiagnostics\Area registry key.

  • Gather information specified in the Xml and create a zip file.
C:\WINDOWS\system32\MdmDiagnosticsTool.exe -xml <Xml_File_Path> -zip <Output_zip_File_Path> -Server <MDM_Server>
Notes

There’s very little information on this topic, and we couldn’t find a way to use this option but it’s likely that a specially crafted xml file needs to be used.

Autopilot Diagnostic Tool

Windows Autopilot Diagnostics Tool is a fabulous community tool that we highly recommend, that is of tremendous help when troubleshooting Autopilot issues.

  • During the OOBE, press Shift + F10 to access Command Prompt.
  • Type powershell.exe to load PowerShell.
  • Run the following commands to install the tool and gather logs.
## Install the tool
Set-ExecutionPolicy -ExecutionPolicy 'Unrestricted'
Install-Script -Name  Get-AutopilotDiagnostics -Force

## Gather logs
.\ Get-AutopilotDiagnostics.ps1 -online

Set Logging Options Tool

Actions are frequently logged in IntuneManagementExtension.log, leading to rapid overwriting of the file. There have been a few attempts from Microsoft to filter out some of the events but they all shave been reverted.

Using the script below, the log size can be changed to a more appropriate size.

  1<#
  2.SYNOPSIS
  3    Sets the Intune logging options.
  4.DESCRIPTION
  5    Sets the Intune log size and history.
  6.PARAMETER LogMaxSize
  7    Specifies the log maximum size in MB.
  8.PARAMETER LogMaxHistory
  9    Specifies the log maximum history in number of files to keep.
 10.PARAMETER RestartService
 11    Specifies whether to restart the Intune Management Extension service to apply the changes.
 12    I do not recommend using this parameter restarting the Intune Management Extension might cause some issues.
 13.EXAMPLE
 14    Set-IntuneLoggingOptions.ps1 -LogMaxSize 10 -LogMaxHistory 10 -RestartService
 15.INPUTS
 16    None.
 17.OUTPUTS
 18    None.
 19.NOTES
 20    Created by Ioan Popovici
 21.LINK
 22    https://MEMZ.one/Set-IntuneLoggingOptions
 23.LINK
 24    https://MEMZ.one/Set-IntuneLoggingOptions-CHANGELOG
 25.LINK
 26    https://MEMZ.one/Set-IntuneLoggingOptions-GIT
 27.LINK
 28    https://MEM.Zone/ISSUES
 29.COMPONENT
 30    Intune
 31.FUNCTIONALITY
 32    Intune Logging Options
 33#>
 34
 35## Set script requirements
 36#Requires -Version 5.0
 37
 38##*=============================================
 39##* VARIABLE DECLARATION
 40##*=============================================
 41#region VariableDeclaration
 42
 43## Get script parameters
 44Param (
 45    [Parameter(Mandatory = $false, Position = 0)]
 46    [ValidateNotNullorEmpty()]
 47    [Alias('Size')]
 48    [string]$LogMaxSize = '10',
 49    [Parameter(Mandatory = $false, Position = 1)]
 50    [ValidateNotNullorEmpty()]
 51    [Alias('History')]
 52    [string]$LogMaxHistory = '10',
 53    [Parameter(Mandatory = $false, Position = 3)]
 54    [switch]$RestartService
 55)
 56
 57#endregion
 58##*=============================================
 59##* END VARIABLE DECLARATION
 60##*=============================================
 61
 62##*=============================================
 63##* FUNCTION LISTINGS
 64##*=============================================
 65#region FunctionListings
 66
 67#region Function Set-IntuneLoggingOptions
 68Function Set-IntuneLoggingOptions {
 69<#
 70.SYNOPSIS
 71    Sets the Intune logging options.
 72.DESCRIPTION
 73    Sets the Intune log size and history.
 74.PARAMETER LogMaxSize
 75    Specifies the log maximum size in MB.
 76.PARAMETER LogMaxHistory
 77    Specifies the log maximum history in number of files to keep.
 78.PARAMETER RestartService
 79    Specifies whether to restart the Intune Management Extension service to apply the changes.
 80    I do not recommend using this parameter restarting the Intune Management Extension might cause some issues.
 81.EXAMPLE
 82    Set-IntuneLoggingOptions -LogMaxSize 10 -LogMaxHistory 10 -RestartService
 83.INPUTS
 84    None.
 85.OUTPUTS
 86    None.
 87.NOTES
 88    Created by Ioan Popovici
 89.NOTES
 90    This is an internal script function and should typically not be called directly.
 91.LINK
 92    https://MEM.Zone
 93.LINK
 94    https://MEM.Zone/GIT
 95.COMPONENT
 96    Intune
 97.FUNCTIONALITY
 98    Intune Logging Options
 99#>
100    [CmdletBinding()]
101    Param (
102        [Parameter(Mandatory = $false, Position = 0)]
103        [ValidateNotNullorEmpty()]
104        [Alias('Size')]
105        [Int16]$LogMaxSize = '10',
106        [Parameter(Mandatory = $false, Position = 1)]
107        [ValidateNotNullorEmpty()]
108        [Alias('History')]
109        [int16]$LogMaxHistory = '10',
110        [Parameter(Mandatory = $false, Position = 3)]
111        [switch]$RestartService
112    )
113
114    Begin {
115        $LogMaxSizeBytes = $LogMaxSize * 1MB
116    }
117    Process {
118        Try {
119
120            [string]$LogPath = 'HKLM:\SOFTWARE\Microsoft\IntuneWindowsAgent\Logging'
121            [boolean]$LogPathExists = Test-Path -Path $LogPath -ErrorAction 'SilentlyContinue'
122            If (-not $LogPathExists) { New-Item -Path $LogPath -Force }
123
124            # Set the registry values for logging options
125            Set-ItemProperty -Path $LogPath -Name 'LogMaxSize' -Value $LogMaxSizeBytes
126            Set-ItemProperty -Path $LogPath -Name 'LogMaxHistory' -Value $LogMaxHistory
127
128            # Restart the Intune Management Extension service to apply the changes
129            If ($PSBoundParameters.ContainsKey('RestartService')) {
130                Restart-Service -Name 'IntuneManagementExtension' -Force -ErrorAction 'Stop'
131            }
132        }
133        Catch {
134            Write-Error -Message $_.Exception.Message
135        }
136        Finally {
137        }
138    }
139    End {
140    }
141}
142#endregion
143
144#endregion
145##*=============================================
146##* END FUNCTION LISTINGS
147##*=============================================
148
149##*=============================================
150##* SCRIPT BODY
151##*=============================================
152#region ScriptBody
153
154Set-IntuneLoggingOptions -LogMaxSize $LogMaxSize -LogMaxHistory $LogMaxHistory -RestartService:$RestartService
155
156#endregion
157##*=============================================
158##* END SCRIPT BODY
159##*=============================================

Loging Locations

All Intune Management Extension logs are stored in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs, below are some of the most important ones.

  • IntuneManagementExtension.log
    Contains information about the IME service and its processes like scripts, applications, and policies.
article card image windows-intune-management-extension-logs

  • AgentExecutor.log
    Contains Powershell traces for each Platform Script configured in the Intune Console.

  • HealthScript.log
    Contains Powershell traces for each Remediation Script configured in the Intune Console.

  • ClientHealth.log
    Contains client health activities for the IME, like Check Service Status_ or Sent Agent Status Reports.

  • Eventlogs
    Intune also logs information in the Windows Event Logs under Applications and Services Logs –> Microsoft –> Windows –> DeviceManagement-Enterprise-Diagnostics-Provider_

Scripts Output

Powershell scripts and the output will be stored locally until execution is complete, and there are a few quirks to be aware of.

  • The system stores scripts in C:\Program Files (x86)\Microsoft Intune Management Extension\Policies\Scripts/Results.
  • The full script transcript logs into the IntuneManagementExtension.log.
  • The system holds script output and exit codes in the registry key below.
##   The _<ScriptGUID>_ can be found in the script URL in the Intune Portal.
HKLM\Software\Microsoft\IntuneManagementExtension\Policies\<UserGUID>\<ScriptGUID>_ registry key.
  • Proactive Remediation scripts output in the following registry paths:
##   The _<ScriptGUID>_ can be found in the script URL in the Intune Portal.
HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\SideCarPolicies\Scripts\Execution\UserGUID\ScriptGUID
HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\SideCarPolicies\Scripts\Reports\UserGUID\ScriptGUID
Notes

The script transcript is stored in the IntuneManagementExtension.log and can contain sensitive information like passwords!

Log Collection

There are multiple ways to collect logs from Intune-managed devices, and we’ll cover the most common ones.

Cloud

Cloud log collection is the most straightforward method, but it requires the device to be online and available in the Intune Portal.

  • Download Autopilot logs by navigating to Devices –> Monitor –> Enrollment –> Autopilot Deployments (preview)_ and selecting a device with failed status.
  • Download Intune logs by navigating to Devices –> Monitor –> Device Diagnostics after triggering the device log collection from the Device –> Collect Diagnostics action.

Local

Local log collection is the most versatile method, but it requires the device to be available.

  • Navigate to Setting Pannel –> Accounts –> Access Work or School and click on Export.
article card image windows-export-management-logs
Notes

Check the MDMDiagHTMLReport.html to see all settings and enforced settings applied to the device.

OOBE

OOBE log collection is very usefull, but it requires the physical access to the device.

  • During the OOBE, press Shift + F10 to access Command Prompt.
Notes

You can access local diagnostic tools, logs, and USB sticks with third-party tools like Fiddler from this location.

macOS

Some information is directly available from the Intune Console, but the full logs are stored on the device.

Cloud Log Collection

Cloud log collection is a bit of an inconsistent experience as it requires some prerequisites, such as specifying the full, absolute log file path and depending on device availability.

  • Navigate to Devices –> Monitor –> Device Status select a device, and click Collect Logs_ from the side panel.
article card image intune-collect-logs-remotely

Local Log Collection

Local log collection is the most versatile method, but it requires the device to be available.

  • The CompanyPortal.log is available by accessing the Company Portal application.
article card image company-portal-save-logs
  • The IntuneMDMDaemon.log and IntuneMDMAgent.log are the most comprehensive logs, following locations below.
# System logs
/Library/Logs/Microsoft/Intune

# User logs
~/Library/Logs/Microsoft/Intune
article card image macos-mdmagent-logs
Notes

These locations are hidden by default, and there are multiple options to access them, here are a few:

  • Use the Go to Folder option from the Go menu in the Finder
  • Press Command + Shift + G to access the Go to Folder option
  • Show hidden files using the Command + Shift + . shortcut
  • Use the Terminal command defaults write com.apple.finder AppleShowAllFiles YES

Linux

Linux logs to the default OS log folder /var/log and its subfolders, there are no Intune specific paths.

  • The apt command typically installs the Company Portal application and stores its log in the /var/log/dpkg.log file.
  • Shell Scripts are stored in /var/log/messages for some Linux distributions, while others use /var/log/syslog.

SHARE

article card image dark article card image light

Published by · Aug 14, 2023 configmgr · 2 mins read

Configuration Manager Console Extension to show Device Collection Membership with Console Builder

Use the Configuration Manager Console Builder, to add Collection Membership View to the Device Node ...

See More
article card image dark article card image light

Published by · Aug 3, 2023 tools · 3 mins read

Introducing: Configuration Manager SSRS Dashboards

A Configuration Manager Dashboards solution with Reports for Software Updates, Bitlocker and more ...

See More