When an Intune-managed device misbehaves — a policy doesn’t apply, an app refuses to install, BitLocker silently fails — the truth lives on the client itself. Microsoft’s MDM Diagnostic Report bundles all of that into a single ZIP that contains everything from MDM event logs to current policy values. The problem is that browsing through the raw HTML, EVTX and registry exports is painful, and most admins never make it past the cover page. This post shows the simplest practical workflow I use to analyse MDM Diagnostic data on real client devices, extract the answers fast, and pick the few files you should open first to answer 80 % of all support questions.
In this blog I would like to give you a helpful tool to analyse MDM Diagnostic data directly on the client with the help of PowerShell, and how you can process the content in a simple way to implement remediations or to build a monitoring solution. The MDM Diagnostic data is the single richest source of truth for enrollment, policy and app state, so learning to read it quickly pays off on every support ticket. In the following sections I will explain step by step how you can use this script.
