Generate & gather Windows 10 MDM client logs and diagnostics

By Matt Shadbolt (@ConfigMgrDogs) | Senior Program Manager, Intune, Microsoft Endpoint Manager

When troubleshooting Windows 10 MDM in Microsoft Endpoint Manager, there's a handful of client logs and diagnostic information that are super helpful for the vast majority of situations.

Often, we'll go back-and-forth between support and our customers asking for pieces one-by-one. To make it a little easier for all involved, I've written a very simple PowerShell script that will gather a bunch of helpful info in one go.

It will generate a new MDMDiag report, dump PolicyManager from registry, export some event logs, and pull a bunch of DeviceManagement details including things like OS SKU and version information. It wraps all of this up into a ZIP file making it easy to dig a little deeper, or just send to us.

#
# run me as a local admin, please 
#

$regKeys = 'HKLM\Software\Microsoft\PolicyManager'
$tempFolder = 'c:\temp\MEMLogs'
$regOutput = 'c:\temp\MEMLogs\PolicyManager.reg'
$timestamp = get-date -f yyyy-MM-dd-HHmmss

# temp folder
If(!$(Get-Item $tempFolder)) {mkdir $tempFolder }

# reg file
$regKeys | % {$i++ 
& reg export $_ "$tempFolder\$i.reg"}
Get-Content "$tempFolder\*.reg" | ? {$_ -ne 'Windows Registry Editor Version 5.00'} | Add-Content $regOutput
Remove-Item "$tempFolder\*.reg" -Exclude "PolicyManager.reg"

# DM info
Get-ChildItem -Path HKLM:SOFTWARE\Microsoft\Enrollments -Recurse | where{$_.Property -like "*UPN*"} | Out-File "$tempFolder\MDMRegistration.txt"
Get-ChildItem -Path HKLM:SOFTWARE\Microsoft\Enrollments -Recurse | where{$_.Property -like "*EntDMID*"} | Out-File -Append "$tempFolder\MDMRegistration.txt"

# event logs 
Copy-Item -Path "$env:SystemRoot\System32\Winevt\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" -Destination $tempFolder
Copy-Item -Path "$env:SystemRoot\System32\Winevt\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Operational.evtx" -Destination $tempFolder

# computer info
Get-ComputerInfo | Out-File "$tempFolder\$env:COMPUTERNAME.txt"

# MDMDiag 
Start-Process MdmDiagnosticsTool.exe -Wait -ArgumentList "-out $tempFolder\MDMDiag.html" -NoNewWindow

# compress & cleanup
Get-Item -Path $tempFolder\*.* -Exclude "*.zip" | Compress-Archive -DestinationPath "$tempFolder\MEMLogs_$timestamp.zip"

Remove-Item -Path $tempFolder\*.* -Exclude "*.zip" 

It's certainly not anything ground breaking, but I hope you find it a little helpful while trying to troubleshoot Windows client issues. If there's anything else you often gather for troubleshooting, let me know and I'll add it to the script.