When an Intune-managed device misbehaves — a policy doesn’t apply, an app refuses to install, BitLocker silently fails — the truth lives on the client itself. Microsoft’s MDM Diagnostic Report bundles all of that into a single ZIP that contains everything from MDM event logs to current policy values. The problem is that browsing through the raw HTML, EVTX and registry exports is painful, and most admins never make it past the cover page. This post shows the simplest practical workflow I use on real client devices to extract the answers fast, and the few files you should open first to answer 80 % of all support questions.
In this blog I would like to give you a helpful tool how you can analyze the MDM diagnostic log directly on the client with the help of PowerShell and how you can process the content in a simple way to implement remediations or to build a monitoring. In the following sections I will explain step by step how you can use this script.
