Getting logs for troubleshooting deployments and configurations driven by Intune may be difficult when device is off-prem (which nowadays is most of the times). In this post I will show you how to create Azure file share, map it as network drive and make Intune do the copying. ☁
Creating Azure file share is very simple! Go to portal azure and fil lout required boxes
After storage account is deployed navigate to Overview and then File shares:
Create new file share
Enter desired name, quota and click create
Go to created share and click on connect
You will get Powershell
which performs connection test to the share over 445 port, saves credentials for it and permanently maps drive for you.
In this solution permanent mapping is not necessary so you will need to make some modifications this script.
$connectTestResult = Test-NetConnection -ComputerName intunelogssmb.file.core.windows.net -Port 445
$Password = 'AutomaticallyGeneratedAccessKey'
$secret = ConvertTo-SecureString $Password -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential -ArgumentList ('Azure\intunelogssmb', $secret)
if ($connectTestResult.TcpTestSucceeded) {
# Mount the drive
New-PSDrive -Name W -PSProvider FileSystem -Root "\\intunelogssmb.file.core.windows.net\logs" -Credential $psCred
} else {
Write-Error -Message "Unable to reach the Azure storage account via port 445. Check to make sure your organization or ISP is not blocking port 445, or use Azure P2S VPN, Azure S2S VPN, or Express Route to tunnel SMB traffic over a different port."
}
In my environment I’ve came upon issue while trying to map disc using method from above.
My issue was that HKLM:SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
was set to 1
.
After I’ve changed it to 3
it worked! 😄
For additional troubleshooting visit docs.
To deploy Powershell
script with Intune you can create Powershell script profile or Win32 App (which is my personal favorite).
If you want to learn more about deploying Powershell
scripts using Win32 App stop here and checkout my previous post - Harness Intune Win32 app installer - I will wait… ⌚
3
2
1
Back already? Cool so let’s continue!
Begin with creating your Powershell
script.
Feel free to use my template.
For example if you want to generate mdmdiagnostics and upload them to your file share it would look like:
# Parameters
$Tag = 'IntuneLogs'
$OperatingFolder = 'C:\Program Files (x86)\Microsoft\Temp'
$InstallFailCode = 1618
$InstallSuccessCode = 1707
# Log
$LogFile = "$OperatingFolder\IntuneSoftwareInstall.log"
$LogFileError = "$OperatingFolder\IntuneSoftwareInstallError.log"
#Info
. $PSScriptRoot\Write-FileLog.ps1
#Custom exit
function Exit-WithCode {
param
(
$exitcode
)
$host.SetShouldExit($exitcode)
}
#######################################################################
#Check for folder
If (Test-Path -Path $OperatingFolder -PathType Container) {
Write-FileLog -FunctionStart -LogFile $LogFile
} Else {
New-Item -Path $OperatingFolder -ItemType Directory
Write-FileLog -Message "$OperatingFolder created" -LogFile $LogFile
}
#Process
Write-FileLog -FunctionStart -LogFile $LogFile
Try {
Write-FileLog -Message "Mounting network drive" -LogFile $LogFile
$connectTestResult = Test-NetConnection -ComputerName intunelogssmb.file.core.windows.net -Port 445
$Password = 'AutomaticallyGeneratedAccessKey'
$secret = ConvertTo-SecureString $Password -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential -ArgumentList ('Azure\intunelogssmb', $secret)
if ($connectTestResult.TcpTestSucceeded) {
# Mount the drive
New-PSDrive -Name W -PSProvider FileSystem -Root "\\intunelogssmb.file.core.windows.net\logs" -Credential $psCred
} else {
Write-FileLog -Type Error -Message "Unable to reach the Azure storage account via port 445" -LogFileError $LogFileError
Exit-WithCode -exitcode $InstallFailCode
}
Write-FileLog -Message "Generating mdmdiagnostics" -LogFile $LogFile
MdmDiagnosticsTool.exe -area 'Autopilot;DeviceEnrollment;DeviceProvisioning;TPM' -zip "$OperatingFolder\mdmdiagnostics.zip"
Write-FileLog -Message "Uploading logs to file share" -LogFile $LogFile
Move-Item -Path "$OperatingFolder\mdmdiagnostics.zip" -Destination W:\ -Force
} Catch {
Write-FileLog -Type Error -Message "Script ERROR" -LogFileError $LogFileError
$_ | Out-File -FilePath $LogFileError -Append -Encoding ASCII
Write-FileLog -Type Warn -Message "Script TERMINATION" -LogFileError $LogFileError
Write-FileLog -Type Warn -Message "Exitcode $InstallFailCode" -LogFileError $LogFileError
Exit-WithCode -exitcode $InstallFailCode
}
To test your script it’s the best to use Intune-App-Sandbox - great tool to test Powershell
scripts in Windows Sandbox
in a matter of seconds!
After your package successfully passed the test you can create deployment profile!
Upload .intunewin
file and enter install command
For detection let’s check for our file in networkshare
Complete the rest of configuration and you are ready! To access uploaded logs just map this file share on your device 😎
I love it! It’s so brilliant in it’s simplicity! I hope that it will help you with gartering required files from endpoints. See you in next! 😉 🧠