Loading...

Intune Troubleshooting Part 2 - Remotely collect logs from devices and upload them on GitHub


In this post I will share a script that allows you to collect Intune logs (event logs, log files...) from devices create a ZIP, then upload it on GitHub.

Context
By default on Intune you can't check why there is an issue on a device.
For this you have to go to the device and check some files and event logs.
You want a secure way to upload files without to provide credentials.
In the previous post, I explained how to upload them on Azure, now we upload them on GitHub.

Why GitHub ?
Well, I know this can be a weird way to proceed but I will say, hey why not ?
I'm this kind of guy who always looks for different ways to proceed event if there are a bit weird.
In this test I will create a private repository that will contain all ZIP logs from devices.
This way only me and people who have access to the account will be able to access to the logs.

Other methods ?
I will share some different methods to collect Intune logs, as below:
Part 1: Collect remotely logs from devices and upload them on Azure files
Part 2: Collect remotely logs from devices and upload them on GitHub
Part 3: Collect remotely whatever you want (files, event logs) on devices

The script
You can find the script on GitHub using the below link.


Prerequisites
- GitHub private repository
- GitHub token

GitHub private repository
We will first create a private repo on GitHub.
1. Go to your profile
2. Go to Your repositories
3. Click on New 
4. Type a repo name
5. Select Private
6. Select Initialize this repository with a README
7. Click on Create repository 

GitHub token
1. Click on this link  
2. Type a name, like Intune_Logs

3. Select what you want to do
4. Click on Generate token

5. Note this token for the next

What is collected ?
Event logs
The script will collect the below event logs:
- System
- Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider
- Microsoft > Windows > AAD
- Microsoft > Windows > ModernDeployment-Diagnostics-Provider
- Microsoft > Windows > AppxDeploymentServer
- Microsoft > Windows > assignedaccess
- Microsoft > Windows > assignedaccessbroker
- Microsoft > Windows > provisioning-diagnostics-provider
- Microsoft > Windows > shell-core
- Microsoft > Windows > user device registration

Intune Logs
The script will collect logs located in ProgramData\Microsoft\IntuneManagementExtension

Diagnostics reports
The script will collect below diagnostic reports using MdmDiagnosticsTool:
- Main report
- Autopilot report
- DeviceEnrollment report
- DeviceProvisioning report
- TPM report

How to use the script ?
This is called Collect_Intune_Device_Logs.ps1
You will have to add some parameters to the script:
- GitHub_Token: Tken that we have generated previously
- GitHub_OwnerName: Your GitHub account name, for me it's damienvanrobaeys
- GitHub_Repository: Pivate repositiry that will contain logs

Add all those infos in the Azure_infos.xml, as below:

Implement it in Intune
In this example we will create a new Azure AD group.
We will add devices from which we want to collect logs in this group.

Create the folder content
1. Create a folder Collect_intune_Device_Logs
2. Copy the file Collect_intune_Device_Logs.ps1
3. Copy the file GitHub_infos.xml
4. See below my Collect_intune_Device_Logs folder

Create the package
1. Run IntuneWinAppUtil.exe
2. Select the folder Collect_intune_Device_Logs
3. Select Collect_intune_Device_Logs.ps1
4. Select an output folder
5. A package Collect_Intune_Device_Logs.intunewin will be created

Create the Win32 app
We will now integrate the intunewin package into Intune.
1. Go to Intune
2. Go to Client apps
3. Go to Apps
4. Click on Add
5. Select Windows app (Win32) then Select
6. Click on Select app package file

7. Browse to Collect_Intune_Device_Logs.intunewin

8. Click on OK
9. Type a name and a publisher name and configure as you want
10. In Install command type the below one:
11. In Uninstall command type the below one:
12. Click on Next
13. Choose your requirements
14. Click on Next
15. In Detection rules, select Use a detection script
16. Browse the script Detection_scripts.ps1

17. Click on Add
18. Click on OK 
19. Click on Next
20. In the Dependencies part click on Next
21. In the Scope tags part click on Next
22. In Assignments, go to Required and click on Add group
23. Select the group contaning device from which you want to collect logs
24. The group will be added
25. Click on Next
26. Click on Create
27. Go to Device install status
28. Once it has been installed, status will be as below:

Collect logs in action
See below my GitHub repo before:

See below my GitHub repo after:

Get the log
When the ps1 is running a log file is used.
You can find it in C:\Windows\Debug
Powershell 1603368267395930186

Publier un commentaire

Accueil item

Award

Mes articles en français

Author of Books

PowerShell GUI & WPF Group

PowerShell GUI & WPF Group

Join the FPSUGR

Join the FPSUGR

Stats