Troubleshooting Intune Issues on Windows 10 / Windows 11

This post will brief you about the options available to validate policy deployment from Intune and collect the logs for diagnostics.

How to Validate Intune policies status

The “Access to work or school” page in Windows 10 settings contain useful information about Intune policies. This can be the first place to quickly check if required policies have been applied to the device. As you can see in below screenshot, the Policies section list all policies currently managed by organization. Similarly, the Application section list all applications which are currently managed by organization.

MDM - work or school - Intune policy status

If you do not see the expected policies / application applied then you can check the Sync status in same page. You can force sync as well from here.

Collect simple diagnostics report

You can also generate diagnostics report in HTML format using “Create report” button (see above screenshot). Here are the complete steps.

  • Go to Settings > Access Work and School
  • Select Tenant <Tenant>’s Azure AD > and click on Info
  • Scroll down to the bottom and click on Create report

The report will be saved to:

C:\Users\Public\Public Documents\MDMDiagnostics\MDMDiagReport.html

Managed applications section of MDMDiagReport.html

Generate detailed diagnostics report

The detailed MDM diagnostics report can also generated from “Access work or school” page. You can find Export your management log files link under “Related settings“. If the window is maximized then you can find this option at top right side of the screen.

Windows 10 MDM - Export your management log files

The report will be generated to a cab file (MDMDiagReport.cab) in C:\Users\Public\Documents\MDMDiagnostics folder.

MDMDiagReport

Collect diagnostics log from Intune Admin Center

The diagnostics logs can be collected from Endpoint Manager Admin Center by following below steps. These logs include MDM, MECM Client, Autopilot, Registry keys, Event viewers logs, networking and other important logs useful for troubleshooting.

  • Go to Devices and select Device
  • From Overview menu select “Collect diagnostics”.
  • Click Yes on confirmation prompt

Intune admin center | collect diagnostics logs

The log collection process will take some time. You can monitor the status from Devices | <Device Name> | Device diagnostics (preview). Once log collection process completed, you will see an option to download the logs.

Intune admin center | collect diagnostics logs

The log files will be organized in different folders named as number (1,2,3….) which contain the details mentioned above.

The “result.xml” file in root folder will have details of the information collected by diagnostics tool. Please check Microsoft documentation to know more about data collected by diagnostics tool.

MDM Diagnostics log - result.xml

Intune Management Extension

The Intune management extension supplements the in-box Windows 10 MDM features. It’s allow Microsoft Intune to run the PowerShell scripts on Windows 10 devices.

The IME run as a service called “Microsoft Intune Management Extension”. The service name is IntuneManagementExtension.

IME logs are located in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs folder. You can use CMTrace.exe to view these logs.

  • AgentExecutor
  • ClientHealth
  • IntuneManagementExtension

The full content of the script logged in the IntuneManagementExtension log which can be useful in troubleshooting.

IntuneManagementExtension log

Related Posts

Subscribe to Techuisitive Newsletter

Be the first to know about our new blog posts. Get our newsletters directly in your inbox and stay up to date about Modern Desktop Management technologies & news.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top