Intune Logs
Ref: https://smsagent.blog/2018/09/20/intune-client-side-logs-in-windows-10/
Note to self (and anyone interested!) about the client-side location of logs and management components of Intune on a Windows 10/Windows 11 device.
Diagnostic Report
A diagnostic report can be generated client-side from Settings > Access Work and School > Connected to <Tenant>’s Azure AD > Info > Create Report
The report will be saved to:
C:\Users\Public\Public Documents\MDMDiagnostics\MDMDiagReport.html
Intune Management Extension
Information on the parameters for the IME can be found in the registry:
HKLM:\Software\Microsoft\EnterpriseDesktopAppManagement\<SID>\MSI\<ProductCode>
The MSI itself can be found here, together with an installer log:
C:\Windows\System32\config\systemprofile\AppData\Local\mdm
Note: if you disconnect a device from Azure AD and rejoin it again, you will need to reinstall the IME as it will have a different device identifier.
IME logs can be found here:
C:\ProgramData\Microsoft\IntuneManagementExtension\Logs
The logs are:
AgentExecutor
ClientHealth
IntuneManagementExtension
Script Execution
When a PowerShell script is run on the client from Intune, the scripts and the script output will be stored here, but only until execution is complete:
C:\Program files (x86)\Microsoft Intune Management Extension\Policies\Scripts
C:\Program files (x86)\Microsoft Intune Management Extension\Policies\Results
A transcript of the script execution can be found underneath C:_showmewindows (a hidden folder)
The full content of the script will also be logged in the IntuneManagementExtension.log (be careful of sensitive data in scripts!)
The error code and result output of the script can also be found in the registry:
HKLM:\Software\Microsoft\IntuneManagementExtension\Policies\<UserGUID>\<ScriptGUID>
Event Logs
There are a couple of MDM event logs which can be found here:
Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider
Services
The IME runs as a service called “Microsoft Intune Management Extension”. You can restart this to force a check for new policies.
Scheduled Task
The IME runs a health evaluation every day as a scheduled task, and logs the results in the ClientHealth.log:
Microsoft > Intune > Intune Management Extension Health Evaluation
If you know of any other log locations, please let me know!
Lots of great info on the IME by Oliver Kieselbach here and here.