Home

On-demand OS and Applicaiton diagnostic logs from cloud managed PCs

%3CLINGO-SUB%20id%3D%22lingo-sub-365154%22%20slang%3D%22en-US%22%3EOn-demand%20OS%20and%20Applicaiton%20diagnostic%20logs%20from%20cloud%20managed%20PCs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-365154%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2012.0pt%3B%20color%3A%20black%3B%22%3EWhen%20%3C%2FSPAN%3E%3CSPAN%20style%3D%22font-size%3A%2012.0pt%3B%22%3EP%3CSPAN%20style%3D%22color%3A%20black%3B%22%3EC%3C%2FSPAN%3Es%3CSPAN%20style%3D%22color%3A%20black%3B%22%3E%20encounter%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22color%3A%20black%3B%22%3Eproblem%3C%2FSPAN%3Es%2C%3CSPAN%20style%3D%22color%3A%20black%3B%22%3E%20a%20perennial%20challenge%20for%20IT%20is%20pulling%20detailed%20diagnostic%20logs%20from%20the%20device%20without%20relying%20on%20user%20instructions%2C%20scripts%2C%20etc.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2012.0pt%3B%20color%3A%20black%3B%22%3EFor%20Windows%201903%20we%20have%20enhanced%20the%20DiagnosticLog%20CSP%20s%3C%2FSPAN%3E%3CSPAN%20style%3D%22font-size%3A%2012.0pt%3B%22%3Eo%3CSPAN%20style%3D%22color%3A%20black%3B%22%3E%20that%20MDM%20providers%20for%20Windows%20(e.g.%2C%20Intune)%20can%20provide%20IT%20with%20diagnostic%20logs%20from%20the%20device%20as%20needed.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2012.0pt%3B%20color%3A%20black%3B%22%3EWhile%20the%20first%20class%20IT%20experience%20for%20this%20will%20come%20through%20a%20management%20provider%20such%20as%20Intune%2C%20savvy%20Insiders%20can%20try%20out%20this%20functionality%20today%20using%20Custom%20URI%20policy.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EWant%20to%20try%20out%20this%20feature%2C%20plus%20other%20new%20ENS%20features%3F%20Visit%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Folympiav2%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Faka.ms%2Folympiav2%3C%2FA%3E.%20%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFollowing%20are%20the%20steps%20to%20deploy%20the%20new%20DiagnosticLog%20CSP%20using%20Intune%3A%3C%2FP%3E%0A%3CP%3EStep%201%20%3A%26nbsp%3B%20Set%20up%20Storage%20Account%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EOpen%20Browser.%3C%2FLI%3E%0A%3CLI%3ENavigate%20to%20%3CA%20href%3D%22https%3A%2F%2Fportal.azure.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.azure.com%3C%2FA%3E%20and%20Sign%20in%20with%20%3CSTRONG%3Eadmin%20%3C%2FSTRONG%3Ecredentials%3CSTRONG%3E.%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EOn%20the%20left%20navigation%20bar%2C%20click%20%3CSTRONG%3EAll%20services%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3CLI%3EEnter%20%E2%80%9C%3CSTRONG%3EStorage%20accounts%3C%2FSTRONG%3E%E2%80%9D%20in%20search.%3C%2FLI%3E%0A%3CLI%3EClick%20on%20%3CSTRONG%3EStorage%20accounts%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3CLI%3EClick%20on%20%E2%80%9C%3CSTRONG%3E%2BAdd%3C%2FSTRONG%3E%E2%80%9D.%3C%2FLI%3E%0A%3CLI%3ESelect%20valid%20%3CSTRONG%3EAzure%20Subscription%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20Fill%20out%20the%20form%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20Resource%20group%20(Create%20new%20if%20needed)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20Storage%20account%20name%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20Location%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20Leave%20rest%20of%20the%20things%20unchanged.%3C%2FP%3E%0A%3COL%20start%3D%228%22%3E%0A%3CLI%3EClick%20%3CSTRONG%3EReview%20%2B%20create%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EClick%20newly%20created%20storage%20account%3C%2FLI%3E%0A%3CLI%3EClick%20%3CSTRONG%3EStorage%20Explorer(preview)%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3ERight%20Click%20%3CSTRONG%3EBLOB%20CONTAINERS%20-%26gt%3B%20Create%20blob%20container%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EGive%20Name%3C%2FLI%3E%0A%3CLI%3EClick%20OK%3C%2FLI%3E%0A%3CLI%3ERight%20click%20on%20new%20blob%20container%20-%26gt%3B%20Get%20Shared%20Access%20Signature%3COL%3E%0A%3CLI%3EUpdate%20Expiry%20time%20to%20a%20month%20later%20than%20current%20date%20(Default%20is%26nbsp%3B%201%20day)%3C%2FLI%3E%0A%3CLI%3EUpdate%20Permissions%20to%20Read%2C%20Write%20and%20List%3C%2FLI%3E%0A%3CLI%3EClick%20%3CSTRONG%3ECreate%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FLI%3E%0A%3CLI%3ECopy%3CSTRONG%3E%20URL%20%3C%2FSTRONG%3Ein%20Notepad%20%E2%80%93%20This%20will%20be%20needed%20in%20next%20step.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EStep%202%3A%20Create%20Custom%20policy%20for%20Diagnostic%20logs%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EOpen%20Browser.%3C%2FLI%3E%0A%3CLI%3ENavigate%20to%20%3CA%20href%3D%22https%3A%2F%2Fportal.azure.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.azure.com%3C%2FA%3E%20and%20Sign%20in%20with%20%3CSTRONG%3Eadmin%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EOn%20the%20left%20navigation%20bar%2C%20click%20%3CSTRONG%3EAll%20services%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3CLI%3EEnter%20%E2%80%9C%3CSTRONG%3EIntune%3C%2FSTRONG%3E%E2%80%9D%20in%20search.%3C%2FLI%3E%0A%3CLI%3EClick%20on%20%3CSTRONG%3EIntune%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3CLI%3EClick%20on%20%E2%80%9C%3CSTRONG%3EDevice%20configuration%3C%2FSTRONG%3E%E2%80%9D.%3C%2FLI%3E%0A%3CLI%3EClick%20on%20%E2%80%9C%3CSTRONG%3EProfiles%3C%2FSTRONG%3E%E2%80%9D.%3C%2FLI%3E%0A%3CLI%3EClick%20on%20%E2%80%9C%3CSTRONG%3E%2B%20Create%20profile%3C%2FSTRONG%3E%E2%80%9D.%3C%2FLI%3E%0A%3CLI%3EFill%20in%20form%3CUL%3E%0A%3CLI%3EName%20%E2%80%93%20Diagnostics%20CSP%3C%2FLI%3E%0A%3CLI%3EPlatform%20%E2%80%93%20Windows%2010%20and%20later%3C%2FLI%3E%0A%3CLI%3EProfile%20type%20%E2%80%93%20Custom%3C%2FLI%3E%0A%3CLI%3EClick%20Settings%20-%26gt%3B%20On%20OMA-URI%20settings%2C%20Click%20Add%3CUL%3E%0A%3CLI%3EName%E2%80%93%3C%2FLI%3E%0A%3CLI%3EOMA-URI%20-%20.%2FVendor%2FMSFT%2FDiagnosticLog%2FDiagnosticArchive%2FArchiveDefinition%3C%2FLI%3E%0A%3CLI%3EData%20Type%20%E2%80%93%20String%3C%2FLI%3E%0A%3CLI%3EValue%20%E2%80%93%20%26nbsp%3B%26lt%3B%3CREFER%20below%3D%22%22%20sample%3D%22%22%3E%26gt%3B%3C%2FREFER%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CPRE%3E%26lt%3BCollection%26gt%3B%0A%26lt%3BID%26gt%3Bnew%20GUID%20value%26lt%3B%2FID%26gt%3B%0A%26lt%3BSasUrl%26gt%3B%26lt%3B!%5BCDATA%5BStorage%20account%20URL%20Copied%20in%20Line%20Step%2015%5D%5D%26gt%3B%26lt%3B%2FSasUrl%26gt%3B%0A%26lt%3BRegistryKey%26gt%3BHKLM%5CSoftware%5CMicrosoft%26lt%3B%2FRegistryKey%26gt%3B%0A%26lt%3BCommand%26gt%3B%25windir%25%5Csystem32%5Cmdmdiagnosticstool.exe%20-out%20%25ProgramData%25%5Ctemp%5C%26lt%3B%2FCommand%26gt%3B%20%20%20%20%20%20%20%20%20%20%0A%26lt%3BFoldersFiles%26gt%3B%25ProgramData%25%5Ctemp%5C*.*%26lt%3B%2FFoldersFiles%26gt%3B%0A%26lt%3BFoldersFiles%26gt%3B%25ProgramData%25%5CMicrosoft%5CDiagnosticLogCSP%5CCollectors%5C*.etl%26lt%3B%2FFoldersFiles%26gt%3B%0A%26lt%3BCommand%26gt%3Bc%3A%5Cwindows%5Csystem32%5Cipconfig.exe%20%2Fall%26lt%3B%2FCommand%26gt%3B%0A%26lt%3BEvents%26gt%3BSystem%26lt%3B%2FEvents%26gt%3B%0A%26lt%3B%2FCollection%26gt%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%3C%2FPRE%3E%0A%3COL%20start%3D%2210%22%3E%0A%3CLI%3ESelect%20%3CSTRONG%3ECreate%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3CLI%3ESelect%20%3CSTRONG%3EAssignments%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3CLI%3ESelect%20%E2%80%9C%3CSTRONG%3ESelect%20groups%20to%20include%3C%2FSTRONG%3E%E2%80%9D.%3C%2FLI%3E%0A%3CLI%3ESelect%20%E2%80%9C%3CSTRONG%3EDiagnosticsLogsDemo%3C%2FSTRONG%3E%E2%80%9D%20and%20click%20%3CSTRONG%3ESelect%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3CLI%3EClick%20on%20%3CSTRONG%3ESave%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3C%2FOL%3E%3C%2FLINGO-BODY%3E
Devpal Khot
Microsoft

 

When PCs encounter problems, a perennial challenge for IT is pulling detailed diagnostic logs from the device without relying on user instructions, scripts, etc.

For Windows 1903 we have enhanced the DiagnosticLog CSP so that MDM providers for Windows (e.g., Intune) can provide IT with diagnostic logs from the device as needed.

While the first class IT experience for this will come through a management provider such as Intune, savvy Insiders can try out this functionality today using Custom URI policy.

Want to try out this feature, plus other new ENS features? Visit http://aka.ms/olympiav2.   

 

Following are the steps to deploy the new DiagnosticLog CSP using Intune:

Step 1 :  Set up Storage Account

  1. Open Browser.
  2. Navigate to https://portal.azure.com and Sign in with admin credentials.
  3. On the left navigation bar, click All services.
  4. Enter “Storage accounts” in search.
  5. Click on Storage accounts.
  6. Click on “+Add”.
  7. Select valid Azure Subscription.

                   Fill out the form:

                   Resource group (Create new if needed)

                   Storage account name

                   Location

                 Leave rest of the things unchanged.

  1. Click Review + create
  2. Click newly created storage account
  3. Click Storage Explorer(preview)
  4. Right Click BLOB CONTAINERS -> Create blob container
  5. Give Name
  6. Click OK
  7. Right click on new blob container -> Get Shared Access Signature
    1. Update Expiry time to a month later than current date (Default is  1 day)
    2. Update Permissions to Read, Write and List
    3. Click Create
  8. Copy URL in Notepad – This will be needed in next step.

Step 2: Create Custom policy for Diagnostic logs

  1. Open Browser.
  2. Navigate to https://portal.azure.com and Sign in with admin
  3. On the left navigation bar, click All services.
  4. Enter “Intune” in search.
  5. Click on Intune.
  6. Click on “Device configuration”.
  7. Click on “Profiles”.
  8. Click on “+ Create profile”.
  9. Fill in form
    • Name – Diagnostics CSP
    • Platform – Windows 10 and later
    • Profile type – Custom
    • Click Settings -> On OMA-URI settings, Click Add
      • Name–
      • OMA-URI - ./Vendor/MSFT/DiagnosticLog/DiagnosticArchive/ArchiveDefinition
      • Data Type – String
      • Value –  <<Refer below sample>>
<Collection>
<ID>new GUID value</ID>
<SasUrl><![CDATA[Storage account URL Copied in Line Step 15]]></SasUrl>
<RegistryKey>HKLM\Software\Microsoft</RegistryKey>
<Command>%windir%\system32\mdmdiagnosticstool.exe -out %ProgramData%\temp\</Command>          
<FoldersFiles>%ProgramData%\temp\*.*</FoldersFiles>
<FoldersFiles>%ProgramData%\Microsoft\DiagnosticLogCSP\Collectors\*.etl</FoldersFiles>
<Command>c:\windows\system32\ipconfig.exe /all</Command>
<Events>System</Events>
</Collection>            
  1. Select Create.
  2. Select Assignments.
  3. Select “Select groups to include”.
  4. Select “DiagnosticsLogsDemo” and click Select.
  5. Click on Save.
Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies