Let’s learn how to collect Intune error details using SCCM (Configuration Manager). When your Windows PCs are co-managed devices, you might need to troubleshoot Intune-related issues.
Most Intune (MDM) logs are stored as part of event logs. You can create a dynamic device collection to discover Co-Managed devices from your environment.
Once you have the list of co-managed devices that SCCM and Intune manage simultaneously, you can collect the Intune event logs from Windows devices.
The CMPivot query tool is part of ConfigMgr, and it allows you to assess the state of devices quickly. When you run a query against a co-managed device collection, the CMPivot tool will run a query in real-time on all currently connected (online) devices from the selected collection.
- CMPivot Query to Find Windows 10 Devices
- How to Collect Intune Error Details using CMPivot
- How to Collect Windows Update Logs using CMPivot
- ConfigMgr CMPivot Favorite Query
- CMPivot Query to Fetch WSUS Server Details
- ConfigMgr CMPivot Logs | Background Process Guide
- CMPivot Query to Find Clients not Part of Any Boundary Groups
- Run CMPivot Queries from Intune Portal
- Analyze SCCM Client Logs Using CMPivot
Intune Event Logs
MDM client is part of the modern Windows operating systems (Windows 10, Windows 11, etc…). Intune is the server-side technology from Microsoft used to manage MDM clients. The events logs are the best place to start troubleshooting Windows MDM issues.
You need to check two event logs when you have a problem with Intune application (MDM-based) and policy deployment.
- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational
How to Collect Intune Event Logs using SCCM
Let’s learn how to collect Intune event logs using SCCM CMPivot. The CMPivot tool is the best way to troubleshoot Intune issues and collect logs from Intune clients.
NOTE! – This method can be used only when you have co-managed Windows devices.
- Navigate to device collection against that you want to run the CMPivot query.
- Select any device collection.
- Right-Click on Co-managed Devices collection.
- Select Start CMPivot.
CMPivot Query for Intune Event Logs
Let’s find the ConfigMgr CMPivot query for Intune event logs. It would be best to be mindful of the logs information that you query through CMPivot.
It would help if you didn’t collect Intune event logs from 10,000 devices with a 5d (five days) parameter. The above scenarios can be impactful for the entire SCCM infra. So, my recommendation is to test this in a staging environment first.
The following is the query to collect Intune event log details of the last 1 hour.
WinEvent('Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational', 1h)WinEvent('Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin', 1h)
The following CMPivot query gives you the details of Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin event logs for the last day.
WinEvent('Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin', 1d)
Collect Intune Error Details using SCCM
I think it would be useful to have Intune event logs errors details. The following CMPivot query gives you a summary dashboard for MDM-related errors with the error and count of devices. You can query the following event logs for the last day.
- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational
WinEvent('Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin', 1d)
| where LevelDisplayName =='Error'
| summarize count() by DeviceWinEvent('Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational', 1d)
| where LevelDisplayName =='Error'
| summarize count() by Device
You have an option to export the CMPivot query results using the EXPORT button in the CMPivot tool.
Resources
- SCCM CMPivot Query Devices with Greater than 15 GB Free Disk Space
- SCCM CMPivot Query for Windows 10 English Language Devices | ConfigMgr
- ConfigMgr Software Updates Troubleshooting Tips
- SCCM 1909 New Features Enhancements Extend Migrate SCCM To Azure
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.