Intune Troubleshooting - Collect remotely whatever you want (files, event logs) on devices and upload content on Sharepoint/Teams
In this post I will show you how to use Intune to collect remotely what you want on your devices (folders, files, event logs, reg keys) create a A ZIP, then upload the ZIP on Sharepoint.
Context
- You have enrolled devices in Intune
- You want to do a diag of devices
- You need to access to event logs, folders...
- You don't want to connect remotely on the devices
- You don't want to use MECM
- You want a work from home solution
The idea would be to be able to run a script in live on a device like you can do with the Script part below from MECM.
For that I created a uservoice to add this functionnality into Intune, vote here.
Other solution
- Collect logs and upload and Azure file share
- Collect logs and upload on a GitHub private repo
- Collect whatever you want and upload on Azure file share or GitHub
- Collect whatever you want and upload on blob storage (soon)
How does it work ?
This will work as below:
1. I have a sharepoint site as below:
https://m365x190443.sharepoint.com/sites/SystandDeploy
2. Create a sharepoint application
OR
2. Create an Azure app with certificate
3. Create a PowerShell script in Intune
OR
3. Create a Proactive remediation
OR
3. Create a Win32 application
4. The script gather logs and upload them on Sharepoint
The script
Add Sharepoint infos
In the script add infos as below:
- $Sharepoint_Secret: Secret of the sharepoint app
- $Sharepoint_ClientID: IDof the sharepoint app
- $Site_URL : Your sharepoint site
- $Upload_Folder: The path where to upload content
For the secret and ID, we will get them later in the post.
For the upload folder, I want to use the folder Device logs in my site.
Content to collect
Add content you want to collect on devices in the file Content_to_collect.xml
By default, I integrated some path to collect, you can add your own or delete what you want.
Defaults folder that are saved:
- C:\ProgramData\Microsoft\IntuneManagementExtension
- C:\Windows\debug
- C:\Windows\Logs
- C:\Windows\ccmsetup
- C:\Windows\Panther
- C:\Windows\Minidump
Default event logs that are saved:
- System
- Application
- DeviceManagement (Admin and Operational)
- AAD_Analytic (Admin and Operational)
- assignedaccess (Admin and Operational)
- assignedaccessbroker (Admin and Operational)
- provisioning_diagnostics
- Windows_shell_core
- user_device_registration
- ModernDeployment_Diag_Autopilot
- ModernDeployment_Diag_Admin
- ModernDeployment_Diag_ManagementService
- AppxDeploymentServer
If you want a single script solution (meaning no additional xml) edit the XML then convert to Base64, as below:
Add the Base64 code in the variable $XML_Base64.
What it does ?
The script will:
1. Create a main logs folder in C:\
2. Parse the XML
3. Get all content from the XML
4. Copy content in the main logs folder
5. ZIP the main logs folder
6. Upload the ZIP to the container
The script will install module Pnp for uploading content to Sharepoint.
Get the script
Click on the below GtHub picture to get the script and XML.
Create Sharepoint app
1. Connect to your Sharepoint site
2. Add this to the address: /_layouts/15/AppRegNew.aspx
3. In my case the address will be the below one:
https://m365x190443.sharepoint.com/sites/SystandDeploy/_layouts/15/AppRegNew.aspx
4. In Client id click on Generate
5. In Client Secret click on Generate
6. Type a title like Collect device logs
7. In App domain, type localhost
8. In Redirect URI, type localhost
9. Click on Create
10. The below confirmation appears:
Add permissions to the app
1. Connect to your Sharepoint site
2. Add this to the address: /_layouts/15/appinv.aspx
3. In my case the address will be the below one:
https://m365x190443.sharepoint.com/sites/SystandDeploy/_layouts/15/appinv.aspx
4. In App id, type the previous app ID
5. Click on Lookup
6. Infos of your app will be displayed
7. In Permissions add the below one (see here for more infos)
8. See below the permissions field:
8. Click on Create
9. Click on Trust it
10. Test connection using below command:
Get the upload folder path
Now we have our app and are able to connect we will get the path of the folder where to upload content.
For that we will use the cmdlet: Get-PnPListItem
We want to search the folder Device logs. To get the path we will use the below command:
See below the result:
The path to put in the $Upload_Folder variable will be this one from the property FileRef.
Implement in Intune
1. Go to Devices
2. Go to Scripts
3. Click on Add > Windows 10
4. Type a name like Collect logs
5. Click on Next
6. In script location browse to the PS1
7. Click on Next
8. Select a group to assign the script
9. Click on Next
10. Click on Add
Process in action
In the below example I ran the script from my device.
You can see that zip is being uploaded.
Enregistrer un commentaire