Using on-demand Remediation to collect all logs you want on Intune devices
In this post I will share a solution allowing you to collect logs from devices, whatever you want, directly from Intune and on-demand.
Context
Two weeks ago Microsoft implemented the awesome on-demand Remediation solution.
It allows you to run a remediation script on-demand on a specific device.
See there a post I did about how to use this feature with PowerShell and Graph.
There I will use this to collect logs I want on device I want.
Okay okay, you may say there is the collect diagnostics for that.
In my case I admit I never use this feature event if it's pretty cool.
There I want to be able to collect WHATEVER I want on devices, even files or folder not included in the collet diagnostic process.
The solution
The solution results in few steps:
- Create a SharePoint/Teams for logs: see there
- Create a SharePoint application: see there
- Use an XML specifying things to collect
- Use a Remediation script to collect logs
The advantage of this solution is that it allows you to add all content you want to collect by just modifying an XML file meaning you can collect whatever you want.
Now it's up to you to prepare the better source of troubleshooting for your support team or you.
Logs collected
The script will collect content from the XML.
In addition of the XML content the script will also export to a CSV:
- Services list
- Drivers list
- Process list
- Update installed
- Export of MpPreference
- Export of MpComputerStatus
- Export of dsregcmd /status
- Running processes and their port number
- Disk info
- Real device uptime
- Missing drivers
- Processors info
- Network adapters info
- List printers
See below an overview of the ZIP content from a device:
The XML
The XML I created allows you to collect:
- Files/folders
- Event logs
- Registry keys
See below content that will be collecting through the XML.
Folders/files
- C:\ProgramData\Microsoft\IntuneManagementExtension
- C:\Windows\debug
- C:\Windows\Logs
- C:\Windows\ccmsetup
- C:\Windows\Panther
- C:\Windows\Minidump
- C:\Windows\SoftwareDistribution\ReportingEvents.log
Event logs
- System
- Application
- Installation
- Security
- CodeIntegrity
- AppLocker
- Dhcp-Client
- AnyConnect Secure Mobility Client
- Wired-AutoConfig
- DeviceManagement-Enterprise-Diagnostics-Provider
- Microsoft-Windows-AAD
- Microsoft-Windows-assignedaccess
- Microsoft-Windows-assignedaccessbroker
- Microsoft-Windows-provisioning-diagnostics-provider
- Microsoft-Windows-shell-core
- Microsoft-Windows-user device registration
- Microsoft-Windows-ModernDeployment-Diagnostics-Provider
- Microsoft-Windows-AppxDeploymentServer
Get the script
Click on the below GitHub picture to get the script
What it does ?
The script is pretty simple.
It works as below:
1. Collect all content mentioned in the XML
2. ZIP all things
3. Send ZIP to SharePoint/Teams
SharePoint/Teams for your logs
You can find there a post about how to use Teams/SharePoint as a logs location for support and send logs from your devices.
How to use the script ?
XML content
Copy content of the XML in the variable $Contentto_Collect_XML.
You can also store the XML on a blog storage.
Then the script will download the XML.
For this set variable: $XML_Logs_URL
Creating the SharePoint application
We will create a SharePoint application to upload devices list.
For that check my post here.
SharePoint information
To upload logs on SharePoint set below variables:
- $Sharepoint_Secret: Secret of sharepoint app
- $Sharepoint_ClientID: ID of sharepoint app
- $Site_URL : Your SharePoint site
- $Upload_Folder: path where to upload content
Collect logs in action
1. Go to the Intune portal
2. Type a device name
3. Clic on the ...
4. Clic on Run remediation
5. Choose the remediation script
6. Click on Run remediation
Enregistrer un commentaire