Intune Troubleshooting - Collect remotely whatever you want (files, event logs) on devices and upload content on Sharepoint/Teams

In this post I will show you how to use Intune to collect remotely what you want on your devices (folders, files, event logs, reg keys) create a A ZIP, then upload the ZIP on Sharepoint.

Context

- You have enrolled devices in Intune

- You want to do a diag of devices

- You need to access to event logs, folders...

- You don't want to connect remotely on the devices

- You don't want to use MECM

- You want a work from home solution

The idea would be to be able to run a  script in live on a device like you can do with the Script part below from MECM.

For that I created a uservoice to add this functionnality into Intune, vote here.

Other solution

- Collect logs and upload and Azure file share

- Collect logs and upload on a GitHub private repo

- Collect whatever you want and upload on Azure file share or GitHub

- Collect whatever you want and upload on blob storage (soon)

How does it work ?

This will work as below:

1. I have a sharepoint site as below: 

https://m365x190443.sharepoint.com/sites/SystandDeploy

2. Create a sharepoint application

OR

2. Create an Azure app with certificate

3. Create a PowerShell script in Intune

OR

3. Create a Proactive remediation

OR

3. Create a Win32 application

4. The script gather logs and upload them on Sharepoint

The script

Add Sharepoint infos

In the script add infos as below:

- $Sharepoint_Secret: Secret of the sharepoint app

- $Sharepoint_ClientID: IDof the sharepoint app

- $Site_URL : Your sharepoint site

- $Upload_Folder: The path where to upload content

For the secret and ID, we will get them later in the post.

For the upload folder, I want to use the folder Device logs in my site.

Content to collect

Add content you want to collect on devices in the file Content_to_collect.xml

By default, I integrated some path to collect, you can add your own or delete what you want.

Defaults folder that are saved:

- C:\ProgramData\Microsoft\IntuneManagementExtension

- C:\Windows\debug

- C:\Windows\Logs

- C:\Windows\ccmsetup

- C:\Windows\Panther

- C:\Windows\Minidump

Default event logs that are saved:

- System

- Application

- DeviceManagement (Admin and Operational)

- AAD_Analytic (Admin and Operational)

- assignedaccess (Admin and Operational)

- assignedaccessbroker (Admin and Operational)

- provisioning_diagnostics

- Windows_shell_core

- user_device_registration

- ModernDeployment_Diag_Autopilot

- ModernDeployment_Diag_Admin

- ModernDeployment_Diag_ManagementService

- AppxDeploymentServer

If you want a single script solution (meaning no additional xml) edit the XML then convert to Base64, as below:

Add the Base64 code in the variable $XML_Base64.

What it does ?

The script will:

1. Create a main logs folder in C:\

2. Parse the XML

3. Get all content from the XML

4. Copy content in the main logs folder

5. ZIP the main logs folder

6. Upload the ZIP to the container

The script will install module Pnp for uploading content to Sharepoint.

Get the script

Click on the below GtHub picture to get the script and XML.

Create Sharepoint app

1. Connect to your Sharepoint site

2. Add this to the address: /_layouts/15/AppRegNew.aspx

3. In my case the address will be the below one:

https://m365x190443.sharepoint.com/sites/SystandDeploy/_layouts/15/AppRegNew.aspx

4. In Client id click on Generate 

5. In Client Secret click on Generate

6. Type a title like Collect device logs

7. In App domain, type localhost

8. In Redirect URI, type localhost

9. Click on Create

10. The below confirmation appears:

Add permissions to the app

1. Connect to your Sharepoint site

2. Add this to the address: /_layouts/15/appinv.aspx

3. In my case the address will be the below one:

https://m365x190443.sharepoint.com/sites/SystandDeploy/_layouts/15/appinv.aspx

4. In App id, type the previous app ID

5. Click on Lookup

6. Infos of your app will be displayed

7. In Permissions add the below one (see here for more infos)

8. See below the permissions field:

8. Click on Create

9. Click on Trust it

10. Test connection using below command:

Get the upload folder path

Now we have our app and are able to connect we will get the path of the folder where to upload content.

For that we will use the cmdlet: Get-PnPListItem

We want to search the folder Device logs. To get the path we will use the below command:

See below the result:

The path to put in the $Upload_Folder variable will be this one from the property FileRef.

Implement in Intune

1. Go to Devices

2. Go to Scripts

3. Click on Add > Windows 10

4. Type a name like Collect logs

5. Click on Next

6. In script location browse to the PS1

7. Click on Next

8. Select a group to assign the script

9. Click on Next

10. Click on Add

Process in action

In the below example I ran the script from my device.

You can see that zip is being uploaded.