Using on-demand Remediation to collect all logs you want on Intune devices

In this post I will share a solution allowing you to collect logs from devices, whatever you want, directly from Intune and on-demand.

Context

Two weeks ago Microsoft implemented the awesome on-demand Remediation solution.

It allows you to run a remediation script on-demand on a specific device.

See there a post I did about how to use this feature with PowerShell and Graph.

There I will use this to collect logs I want on device I want.

Okay okay, you may say there is the collect diagnostics for that.

In my case I admit I never use this feature event if it's pretty cool.

There I want to be able to collect WHATEVER I want on devices, even files or folder not included in the collet diagnostic process.

The solution

The solution results in few steps:

- Create a SharePoint/Teams for logs: see there

- Create a SharePoint application: see there

- Use an XML specifying things to collect

- Use a Remediation script to collect logs

The advantage of this solution is that it allows you to add all content you want to collect by just modifying an XML file meaning you can collect whatever you want.

Now it's up to you to prepare the better source of troubleshooting for your support team or you.

Logs collected

The script will collect content from the XML.

In addition of the XML content the script will also export to a CSV:

- Services list

- Drivers list

- Process list

- Update installed

- Export of MpPreference

- Export of MpComputerStatus

- Export of dsregcmd /status

- Running processes and their port number

- Disk info

- Real device uptime

- Missing drivers

- Processors info

- Network adapters info

- List printers

See below an overview of the ZIP content from a device:

The XML

The XML I created allows you to collect:

- Files/folders

- Event logs

- Registry keys

See below content that will be collecting through the XML.

Folders/files

- C:\ProgramData\Microsoft\IntuneManagementExtension

- C:\Windows\debug

- C:\Windows\Logs

- C:\Windows\ccmsetup

- C:\Windows\Panther

- C:\Windows\Minidump

- C:\Windows\SoftwareDistribution\ReportingEvents.log

Event logs

- System

- Application

- Installation

- Security

- CodeIntegrity

- AppLocker

- Dhcp-Client

- AnyConnect Secure Mobility Client

- Wired-AutoConfig

- DeviceManagement-Enterprise-Diagnostics-Provider

- Microsoft-Windows-AAD

- Microsoft-Windows-assignedaccess

- Microsoft-Windows-assignedaccessbroker

- Microsoft-Windows-provisioning-diagnostics-provider

- Microsoft-Windows-shell-core

- Microsoft-Windows-user device registration

- Microsoft-Windows-ModernDeployment-Diagnostics-Provider

- Microsoft-Windows-AppxDeploymentServer

Get the script

Click on the below GitHub picture to get the script

What it does ?

The script is pretty simple.

It works as below:

1. Collect all content mentioned in the XML

2. ZIP all things

3. Send ZIP to SharePoint/Teams

SharePoint/Teams for your logs

You can find there a post about how to use Teams/SharePoint as a logs location for support and send logs from your devices.

How to use the script ?

XML content

Copy content of the XML in the variable $Contentto_Collect_XML.

You can also store the XML on a blog storage.

Then the script will download the XML.

For this set variable: $XML_Logs_URL

Creating the SharePoint application

We will create a SharePoint application to upload devices list.

For that check my post here.

SharePoint information

To upload logs on SharePoint set below variables:

- $Sharepoint_Secret: Secret of sharepoint app

- $Sharepoint_ClientID: ID of sharepoint app

- $Site_URL : Your SharePoint site

- $Upload_Folder: path where to upload content

Collect logs in action

1. Go to the Intune portal

2. Type a device name

3. Clic on the ...

4. Clic on Run remediation

5. Choose the remediation script

6. Click on Run remediation