Troubleshooting Intune Issues on Windows 10 / Windows 11

This post will brief you about the options available to validate policy deployment from Intune and collect the logs for diagnostics.

How to Validate Intune Policies Status

The “Access to work or school” page in Windows 10 settings contains useful information about Intune policies. This can be the first place to quickly check if required policies have been applied to the device. As you can see in the below screenshot, the Policies section lists all policies currently managed by an organization. Similarly, the Application section lists all applications that are currently managed by an organization.

MDM - work or school - Intune policy status

If you do not see the expected policies/applications applied then you can check the Sync status on the same page. You can force sync as well from here.

Collect simple diagnostics report

You can also generate a diagnostics report in HTML format using the “Create report” button (see the above screenshot). Here are the complete steps.

  • Go to Settings > Access Work and School
  • Select Tenant <Tenant>’s Azure AD > and click on Info
  • Scroll down to the bottom and click on Create report

The report will be saved to:

C:\Users\Public\Public Documents\MDMDiagnostics\MDMDiagReport.html

Managed applications section of MDMDiagReport.html

Generate detailed diagnostics report

The detailed MDM diagnostics report can also generated from the “Access work or school” page. You can find the Export your management log files link under “Related settings”. If the window is maximized then you can find this option at the top right side of the screen.

Windows 10 MDM - Export your management log files

The report will be generated to a cab file ( in C:\Users\Public\Documents\MDMDiagnostics folder.


Collect diagnostics log from Intune Admin Center

The diagnostics logs can be collected from the Endpoint Manager Admin Center by the below steps. These logs include MDM, MECM Client, Autopilot, Registry keys, Event viewers logs, networking, and other important logs useful for troubleshooting.

  • Go to Devices and select Device
  • From the Overview menu select “Collect diagnostics”.
  • Click Yes on the confirmation prompt

Intune admin center | collect diagnostics logs

The log collection process will take some time. You can monitor the status from Devices | <Device Name> | Device diagnostics (preview). Once the log collection process is completed, you will see an option to download the logs.

Intune admin center | collect diagnostics logs

The log files will be organized in different folders named as numbers (1,2,3….) which contain the details mentioned above.

The “result.xml” file in the root folder will have details of the information collected by the diagnostics tool. Please check Microsoft documentation to know more about the data collected by the diagnostics tool.

MDM Diagnostics log - result.xml

Intune Management Extension

The Intune management extension supplements the in-box Windows 10 MDM features. It allows Microsoft Intune to run the PowerShell scripts on Windows 10 devices.

The IME runs as a service called “Microsoft Intune Management Extension”. The service name is IntuneManagementExtension.

IME logs are located in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs folder. You can use CMTrace.exe to view these logs.

  • AgentExecutor
  • ClientHealth
  • IntuneManagementExtension

The full content of the script is logged in the IntuneManagementExtension log which can be useful in troubleshooting.

IntuneManagementExtension log

Related Posts

Subscribe to Techuisitive Newsletter

Be the first to know about our new blog posts. Get our newsletters directly in your inbox and stay up to date about Modern Desktop Management technologies & news.

Scroll to Top