Intune Troubleshooting Part 3 - Collect remotely whatever you want (files, event logs) on devices

Reply A+ A-

In this post I will share a script that allows you to collect remotely device content (files, folder, event logs) then upload them on Azure or GitHub.
For this just fill the XML with path of file, folder or event logs to collect.

By default on Intune you can't troubleshoot easily a device issue.
For this you have to go to the device and check some files and event logs.
You want to access easily and remotely to some event logs or explorer content.
You want a secure way to upload files without to provide credentials.

Other methods ?
I will share some different methods to collect Intune logs, as below:
- Part 1: Collect remotely logs from devices and upload them on Azure files
- Part 2: Collect remotely logs from devices and upload them on GitHub
- Part 3: Collect remotely whatever you want (files, event logs) on devices

The script
You can find the script on GitHub using the below link.

The XML is called Content_to_collect.xml
This one contains to part:
- Folder
- Event log

By default the XML looks like as below:

The script will create a ZIP with contaning each file or folder from the folder part and each event logs from the event logs part.

If you want to collect a new folder or file proceed as below.
1. For instance, you want to get the folder C:\PerfLogs.
2. Add a new <Folder_Path> node
3. Type the path to collect 
4. Add the line below:

If you want to collect a new event log, proceed as below:
1. For instance, you want to get the event log WLAN-AutoConfig
2. First you have to find the appropriate path
3. You can find using using the below command:
4. This will return the below path:
5. Create a new node as below:
6. In the Event_Name type WLAN-AutoConfig
7. In the Event_Path type Microsoft-Windows-WLAN-AutoConfig/Operational
8. See below the full node to add:

For GitHub
- GitHub private repository
- GitHub token

See the post here to understand how to proceed for the upload.

For Azure file
- A resource group
- A storage account name
- A file share in Files shares
- An app registration with certificate

See the post here to understand how to proceed for the upload.

How to use the script ?
The script for GitHub is called Collect_Device_Content_GitHub.ps1
The script for Azure is called Collect_Device_Content_Azure.ps1
You will have to complete the XML with content you want to collect. 

Implement it in Intune
In this example we will create a new Azure AD group.
We will add devices from which we want to collect logs in this group.

Create the folder content
1. Create a folder Collect_intune_Device_Content
2. Copy the file Collect_intune_Device_Content.ps1
3. Copy the file Content_to_collect.xml
4. For GitHub copy the GitHub_Infos.xml
5. For Azure, copy Azure_infos.xml

Create the package
1. Run IntuneWinAppUtil.exe
2. Select the folder Collect_intune_Device_Content
3. Select Collect_intune_Device_Content.ps1
4. Select an output folder
5. A package Collect_intune_Device_Content.intunewin will be created

Create the Win32 app
We will now integrate the intunewin package into Intune.
1. Go to Intune
2. Go to Client apps
3. Go to Apps
4. Click on Add
5. Select Windows app (Win32) then Select
6. Click on Select app package file

7. Browse to Collect_Intune_Device_Logs.intunewin
8. Click on OK
9. Type a name and a publisher name and configure as you want
10. In Install command type the below one:
11. In Uninstall command type the below one:
12. Click on Next
13. Choose your requirements
14. Click on Next
15. In Detection rules, select Use a detection script
16. Browse the script Detection_scripts.ps1

17. Click on Add
18. Click on OK 
19. Click on Next
20. In the Dependencies part click on Next
21. In the Scope tags part click on Next
22. In Assignments, go to Required and click on Add group

23. Select the group contaning device from which you want to collect logs
24. The group will be added
25. Click on Next
26. Click on Create
27. Go to Device install status
28. Once it has been installed, status will be as below:

Get the log
When the ps1 is running a log file is used.
You can find it in C:\Windows\Debug
slider 3683205865384617013

Enregistrer un commentaire

Accueil item


Learn KQL in one month


You want to support me ?

Mes articles en français

Books in French