Forum Discussion

andytheit2's avatar
andytheit2
Copper Contributor
Nov 17, 2024

Intune Reporting

I am new to Intune having used Group Policy for many years. I understand the basics, but one thing that I can't see is reporting and logging of what in tune is doing on the computer? I can see event viewer entries but there doesn't seem logging? Am i missing something or is there no logging?

  • In Microsoft Intune, logging and reporting are available, but they work differently compared to Group Policy. Intune focuses on a cloud-based approach, and much of the information you'd expect to find in logs on the device is centralized for management and reporting in the Intune admin center. Here's a breakdown of what you can use for tracking Intune activities:

    1. Event Viewer on Devices

    While Event Viewer contains entries for Intune activities under:

    • Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider (DME-DP)

    These logs primarily provide details about:

    • Policy application.
    • MDM communication (success or failure).
    • Errors or conflicts during deployment.

    This is similar to what you might look for in Group Policy logs but is limited in granularity.

    2. Windows Diagnostic Data

    For detailed logging:

    • Settings > Privacy & Security > Diagnostics & feedback allows enabling diagnostic data. This data helps Microsoft troubleshoot device issues and may assist with advanced debugging using tools like Fiddler.

    3. Intune Troubleshooter (on the Device)

    Microsoft provides a built-in troubleshooter on Windows devices:

    • Run dsregcmd /status from a command prompt to check device registration details.
    • Run the Intune Diagnostic Log Collection tool (CollectIntuneLogs.ps1), which collects logs relevant to Intune policies for analysis.

    4. Intune Admin Center (Cloud Reporting)

    Most logs are centralized in the Intune Admin Center, which provides:

    • Device Configuration Reports: Detailed reporting on configuration profile status (e.g., Success, Error, Conflict).
    • App Reporting: Shows which apps were deployed successfully or failed.
    • Endpoint Analytics: For performance and health metrics.
      1. Go to Microsoft Endpoint Manager Admin Center (endpoint.microsoft.com).
      2. Navigate to Devices > Monitor or Reports to find logs related to:
        • Compliance
        • Device configuration
        • App deployments

      5. Diagnostic Data Viewer

      If you want more detailed device-level insights:

      • Enable and use the Diagnostic Data Viewer app on Windows.
      • It provides detailed telemetry that includes Intune-related data.

      6. PowerShell and Graph API

      • Use PowerShell scripts or Graph API to extract detailed logs and device status for advanced troubleshooting.

      Conclusion

      Intune doesn't log in the same way as Group Policy does (e.g., local logs specific to policy changes), as its focus is on centralization and cloud-based reporting. For a comprehensive view of Intune's activities:

      • Use Event Viewer on the device for immediate troubleshooting.
      • Use the Intune Admin Center for centralized reporting and insights.
      • Consider tools like Endpoint Analytics or PowerShell for deeper analysis
  • kyazaferr's avatar
    kyazaferr
    Iron Contributor

    In Microsoft Intune, logging and reporting are available, but they work differently compared to Group Policy. Intune focuses on a cloud-based approach, and much of the information you'd expect to find in logs on the device is centralized for management and reporting in the Intune admin center. Here's a breakdown of what you can use for tracking Intune activities:

    1. Event Viewer on Devices

    While Event Viewer contains entries for Intune activities under:

    • Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider (DME-DP)

    These logs primarily provide details about:

    • Policy application.
    • MDM communication (success or failure).
    • Errors or conflicts during deployment.

    This is similar to what you might look for in Group Policy logs but is limited in granularity.

    2. Windows Diagnostic Data

    For detailed logging:

    • Settings > Privacy & Security > Diagnostics & feedback allows enabling diagnostic data. This data helps Microsoft troubleshoot device issues and may assist with advanced debugging using tools like Fiddler.

    3. Intune Troubleshooter (on the Device)

    Microsoft provides a built-in troubleshooter on Windows devices:

    • Run dsregcmd /status from a command prompt to check device registration details.
    • Run the Intune Diagnostic Log Collection tool (CollectIntuneLogs.ps1), which collects logs relevant to Intune policies for analysis.

    4. Intune Admin Center (Cloud Reporting)

    Most logs are centralized in the Intune Admin Center, which provides:

    • Device Configuration Reports: Detailed reporting on configuration profile status (e.g., Success, Error, Conflict).
    • App Reporting: Shows which apps were deployed successfully or failed.
    • Endpoint Analytics: For performance and health metrics.
      1. Go to Microsoft Endpoint Manager Admin Center (endpoint.microsoft.com).
      2. Navigate to Devices > Monitor or Reports to find logs related to:
        • Compliance
        • Device configuration
        • App deployments

      5. Diagnostic Data Viewer

      If you want more detailed device-level insights:

      • Enable and use the Diagnostic Data Viewer app on Windows.
      • It provides detailed telemetry that includes Intune-related data.

      6. PowerShell and Graph API

      • Use PowerShell scripts or Graph API to extract detailed logs and device status for advanced troubleshooting.

      Conclusion

      Intune doesn't log in the same way as Group Policy does (e.g., local logs specific to policy changes), as its focus is on centralization and cloud-based reporting. For a comprehensive view of Intune's activities:

      • Use Event Viewer on the device for immediate troubleshooting.
      • Use the Intune Admin Center for centralized reporting and insights.
      • Consider tools like Endpoint Analytics or PowerShell for deeper analysis

Resources