Thursday, June 13, 2024
HomePowershellPowerShell is enjoyable :) Learn IntuneManagementExtension logs utilizing PowerShell

PowerShell is enjoyable :) Learn IntuneManagementExtension logs utilizing PowerShell

Studying logs is at all times one thing you simply must do, however the Intune logs will not be simple to learn with out instruments like CMTrace on the consumer’s system. (The formatting just isn’t that good with out it) On this weblog publish, I’ll present you a straightforward technique to learn one or two particular logs, or all of the logs directly, and every in its personal Out-Gridview console for simple filtering when trying to find key phrases.


The troublesome a part of PowerShell is at all times… Formatting textual content, getting the correct issues within the column you need, and so forth… This was a kind of issues I believed was going to be simple, however it wasn’t 🙂 Some occasions span a number of traces and that made thinks extra difficult 🙁 I feel this script can be simpler to make if I simply began utilizing Regex, however it seems troublesome… However maybe it isn’t, it certain is one thing that I need to be taught and it’s on my record of issues to do 😉

Working the script

The script consists of two Capabilities, the Get-IntuneLogContent operate for studying the log file and the Present-IntuneManagementExtensionLog operate which lets you choose the log file(s) you need utilizing switches. The switches are: (All of them level to the corresponding logfile in C:ProgramDataMicrosoftIntuneManagementExtensionLogs, the All change exhibits all of them)

  • AgentExecutor
  • All
  • ClientHealth
  • IntuneManagementExtension
  • Sensor

Within the instance under, I ran the Present-IntuneManagementExtensionLog operate with the IntuneManagementExtension and ClientHealth switches.

Present-IntuneManagementExtensionLog -AgentExecutor -IntuneManagementExtension

This offers you two Out-GridView consoles:


You need to use the Filter bar to seek for particular issues, within the instance under I looked for Adobe occasions that I simply deployed to this VM:

Notice: You possibly can run this as a consumer, no Administrative PowerShell session is required. Maybe you do have to run “Set-ExecutionPolicy Bypass -Scope CurrentUser” nevertheless. Afterward, you possibly can run the road under to make the Capabilities out there within the PowerShell session.

. .Present-IntuneManagementExtensionLog.ps1

The script

Beneath is the script containing the 2 capabilities, I saved it in my OneDrive account of my check consumer for simple entry 🙂

#Operate for studying the Intune Administration Extension log
operate Get-IntuneLogContent {
    param (
        [Parameter(Mandatory = $true)][string]$Filepath
    if (-not (Take a look at-Path -Path $Filepath -ErrorAction SilentlyContinue)) {
        Write-Warning ("Error accessing {0}, examine permissions" -f $false)

    #Begin studying logfile
    $LogTotal = @()
    foreach ($line in Get-Content material -Path $Filepath) {
        #Get Time-stamp
        attempt {
            $time = (Choose-String 'time=(.*)' -InputObject $line).Matches.teams[0].worth.cut up('"')[1]
        catch {

        #Get date
        attempt {
            $date = (Choose-String 'date=(.*)' -InputObject $line).Matches.teams[0].worth.cut up('"')[1]
        catch {
        #Set datetime to n.a. if not discovered
        if ($date -ne 'n.a.' -and $time -ne 'n.a.') {
            $datetime = "$($date) $($time)"
        else {

        #Get the element worth
        attempt {
            $element = (Choose-String 'element=(.*)' -InputObject $line).matches.teams[0].worth.cut up('"')[1]
        catch {

        #If line is a part of a muli-line, show it or else cut up it to message textual content
        If ($line.StartsWith('<![LOG') -ne $true -or ($line.Split('!><')[3]).size -eq 0 ) {
            $textual content = $line
        else {
            $textual content = $line.Break up('!><')[3]

        #Add line to $logtotal
        $logline = [PSCustomObject]@{
            'Log Textual content'  = $textual content
            'Date/Time' = $datetime
            Element   = $element
        $logTotal += $logline
    #Return discovered objects in a GridView
    $LogTotal | Out-GridView -Title $Filepath
operate Present-IntuneManagementExtensionLog {
    [CmdletBinding(DefaultParameterSetName = "Default")]
    param (      
        [parameter(ParameterSetName = "Indiviudal")][switch]$AgentExecutor,
        [parameter(ParameterSetName = "All")][switch]$All,
        [parameter(ParameterSetName = "Indiviudal")][switch]$ClientHealth,
        [parameter(ParameterSetName = "Indiviudal")][switch]$IntuneManagementExtension,
        [parameter(ParameterSetName = "Indiviudal")][switch]$Sensor

    #Warn if not parameter specified
    if (-not ($AgentExecutor.IsPresent -or $All.IsPresent -or $ClientHealth.IsPresent -or $IntuneManagementExtension.IsPresent -or $Sensor.IsPresent)) {
        Write-Warning "No parameter specified, please use the AgentExecutor, All, ClientHealth, IntuneManagementExtension or Sensor parameter to show the log(s)..."

    #If all parameter is ready, set all switches to True
    if ($all) {
        Write-Host "Processing all logs..." -ForegroundColor Inexperienced
        $AgentExecutor = $true
        $ClientHealth = $true
        $IntuneManagementExtension = $true
        $Sensor = $true

    #Invoke the Get-IntuneLogContent with the trail of the log
    if ($AgentExecutor) {
        Write-Host "Processing AgentExecutor log" -ForegroundColor Inexperienced
        Get-IntuneLogContent -FilePath C:ProgramDataMicrosoftIntuneManagementExtensionLogsAgentExecutor.log

    if ($ClientHealth) {
        Write-Host "Processing ClientHealth log" -ForegroundColor Inexperienced
        Get-IntuneLogContent -FilePath C:ProgramDataMicrosoftIntuneManagementExtensionLogsClientHealth.log

    if ($IntuneManagementExtension) {
        Write-Host "Processing IntuneManagementExtension log" -ForegroundColor Inexperienced
        Get-IntuneLogContent -FilePath C:ProgramDataMicrosoftIntuneManagementExtensionLogsIntuneManagementExtension.log

    if ($Sensor) {
        Write-Host "Processing Sensor log" -ForegroundColor Inexperienced
        Get-IntuneLogContent -FilePath C:ProgramDataMicrosoftIntuneManagementExtensionLogsSensor.log

Obtain the script(s) from GitHub right here



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments