Microsoft Intune provides a capability called Collect Diagnostics to remotely collect and download device logs from managed Windows devices. As more end users work remotely, this is a great feature for IT admins to review device diagnostic information without requiring any user interaction or user interruption.
Collect Diagnostics Prerequisites
Devices need to meet the following requirements for collecting device diagnostics:
- Running Windows 10 1909 or later or Windows 11
- Microsoft Intune managed or co-managed devices
- Corporate-owned devices
- Devices need to be online in order for the diagnostics to be collected
In order to collect device diagnostics, an IT administrator needs to have the Global Admin or Intune Admin role assigned.
Enable Device Diagnostics in Microsoft Intune
Begin by logging into the Microsoft Endpoint Manager Portal at endpoint.microsoft.com. Once you are logged in, go to Tenant Administration and then Device diagnostics.
While this setting is most likely on by default, you should check and make sure it is set to “enabled” like below. You can also see that it calls out some of the requirements for device diagnostics.
Collecting Device Diagnostics in Microsoft Intune
Once you confirmed Device Diagnostics are enabled in your tenant, we can now go through the process to collect them on one of our devices. Inside the portal, go to Windows devices and search for a device you want to collect diagnostics for.
Once you choose a device, you will see the overview page for it.
Select Collect diagnostics and choose Yes to start the device diagnostics collection process.
Once this begins, you will be shown a pending notification that the diagnostic collection process is in progress.
If you click on Device diagnostics under the Monitor section for the device, you will see a pending status as well as the user who requested the diagnostics.
If you click on the pending diagnostics upload link, you will see the status below.
After about 10 minutes, the collection process should be complete and you will see Collect diagnostics: Completed on the device overview screen.
Now that the collection process is complete, I am provided a Download button which will zip all the diagnostic data together and download it to your current computer.
Note: You can collect up to 10 device diagnostics at one time for each device. As you can see below, I have 2 collections requested. Each diagnostic collection is available for 28 days before being deleted.
I can now see my downloaded diagnostics zip file. I need to extract it to see the diagnostic content it collected.
Once the extraction is complete, you will see a bunch of folders that are numbered. Each folder contains a piece of diagnostic data whether its registry settings, event viewer files or other details. Microsoft has this clearly listed out in the documentation for Data Collected.
You can start reviewing the content inside these folders and analyzing the different diagnostics it collected for your device.
The device diagnostics feature has been one of my favorite recent releases in Microsoft Intune. Its not always easy to setup remote support sessions with end users as schedules can be difficult to work around. This feature allows IT admins to start reviewing device diagnostic information without any end user interaction.
I do hope is that Microsoft continues to advance this feature a little more. It would be nice for the folders to be consolidated or at least named. I have a feeling that will eventually come down the road.
If you want to read more about Device Diagnostics, you can read more from Microsoft here.