Get a better Intune policy report part 2.

Get a better Intune policy report part 2.

By getting information directly from MDMDiagReport.xml

ยท

5 min read

In my previous post, I've talked about parsing Intune MDMDiagReport.html report and how to convert it to a PowerShell object. There is also the final post that merges all this knowledge into the fully-featured solution.

Today I will continue this journey for getting a better Intune report by looking at the MDMDiagReport.xml file that contains a lot of interesting information that is unfortunately not available in the built-in Intune HTML report. I've created function ConvertFrom-MDMDiagReportXML that converts this XML into PowerShell object with just important report data or output the results to nice HTML report.

I haven't find any documentation describing content of MDMDiagReport.xml so I've just reverse engineered it. It means that results can miss or show incorrect information. If this will be your case, please let me know, so I can fix this function.

Btw when I'll talk about built-in Intune HTML report I mean this one

built-in Intune HTML report


Table of contents


TL;DR

Download, dot source and run PowerShell function ConvertFrom-MDMDiagReportXML

Call ConvertFrom-MDMDiagReportXML to get PowerShell object

image.png

Call ConvertFrom-MDMDiagReportXML | Out-GridView to get nice GUI searchable output

ConvertFrom-MDMDiagReportXML | Out-GridView result

Call ConvertFrom-MDMDiagReportXML -asHTML -showURLs to get nice HTML report like

image.png


Meet the ConvertFrom-MDMDiagReportXML function

All this blog post is about is my function ConvertFrom-MDMDiagReportXML. Don't forget it is a function, so you will have to dot source the downloaded script first and then explicitly call it!

Check the examples section for some usage tips.


What is MDMDiagReport.xml and how to get it?

MDMDiagReport.xml is XML file containing details about processing of Intune policies.

It can be generated by calling MdmDiagnosticsTool.exe -out "C:\IntuneReport" and the result will look like this

MdmDiagnosticsTool.exe -out "C:ntuneReport" result

As you can see besides the MDMDiagReport.xml folder contains also the built-in HTML Intune report and some related event logs.

You don't have to generate it manually, my function will do it for you.

MDMDiagReport.xml contains a lot of information about Intune policies processing but (same as original HTML report) not all of them. For example what is missing:

  • Applied scripts (scripts and remediation scripts)

  • Windows app (Win32)

  • Name of deployed MSI installation

These kind of data will be added in my next and hopefully final ultimate Invoke-IntunePolicyResult (like gpresult) function. ๐Ÿ‘


Interesting XML nodes

Now when we have MDMDiagReport.xml we need to understand its content hierarchy.

After several days of testing, guessing and testing I've found these important XML nodes:

MDMEnterpriseDiagnosticsReport.Resources.Enrollment

  • All Intune enrollments deployed to this client

  • What I get there: enrollment ID, scope, setting names

    all Intune enrollments deployed to this client

MDMEnterpriseDiagnosticsReport.Diagnostics.ErrorLog

  • Deployment errors

  • What I get there: type of policy, policy name, error code, time of evaluation, ...

    deployment errors

MDMEnterpriseDiagnosticsReport.EnterpriseDesktopAppManagementInfo.MsiInstallation.TargetUser.Package.Details

  • Deployment errors for MSI installations

  • What I get there: package ID, download URL, used command line, product version, status, assignment type

    image.png

MDMEnterpriseDiagnosticsReport.PolicyManager.ConfigSource

  • All policies deployed to this client

  • What I get there: enrollment ID, policy scope, policy area, policy settings

I ignore knobs policies because those are just some internal diagnostics data

image.png

MDMEnterpriseDiagnosticsReport.PolicyManager.AreaMetadata

  • Details for policies settings (metadata)

  • What I get there: policy type, default value, registry key and value it changes

    image.png

MDMEnterpriseDiagnosticsReport.PolicyManager.IngestedAdmxPolicyMetadata

  • Details for ADMX based? policies settings (metadata)

  • What I get there: policy type, source Admx file, registry key and value it changes

    image.png


Converting XML to PowerShell object

To be able to convert XML objects to PowerShell objects I have used function ConvertFrom-XML.

90% of function code is based on stackoverflow.com/questions/3242995/convert... I just fixed some bugs and make it 30% faster.


What are benefits of my report over the built-in one?

  • My report contains more information than a built-in one and more importantly shows just useful information

  • Knobs (debug) policies etc are omitted

  • My report contains:

    • policy errors (if any)

    • installed MSI applications with version, state etc (name is missing from XML, but will be added in my next version)

    • details like what registry key/value is changed, admx template is used, URL to CSP documentation, etc

  • Function can return PowerShell object (with all benefits it brings) or quite nice HTML report


How is my HTML report generated

I've used great PowerShell module PSWriteHTML. So I didn't have to write a single line of HTML code by myself :)

Special thanks go to @evotecpl for his assistance with tuning of this report ๐Ÿ‘

Check this nice detail (red background for cells with errors (code different from 0))

image.png


Summary

Function ConvertFrom-MDMDiagReportXML gets content of **MDMDiagReport.xml **, extracts just important parts and merge them together to one structured PowerShell object or HTML report and returns it. Nothing less nothing more.

For the final solution check my next post. There you will see Get-ClientIntunePolicyResult function that merges XML data with registry ones which leads to a complete Intune policy report.


Examples

You can use standard PowerShell filtering a.k.a Where-Object.

Where-Object example

image.png

You can also use Out-GridView to get some basic GUI with decent filtering capabilities. The disadvantage of using Out-GridView is the lack of nice readable output for individual setting details.

Out-GridView example

image.png

Moreover, you can use -PassThru to pass selected object down the pipe for further processing like:

image.png

And you will get:

image.png

Which can be drilled down like:

image.png

And this is how it looks when you generate HTML report

image.png

And now compare it with built-in one :)

image.png

Did you find this article valuable?

Support Ondrej Sebela by becoming a sponsor. Any amount is appreciated!

ย