Get a better Intune policy report part 2.
By getting information directly from MDMDiagReport.xml
In my previous post, I've talked about parsing Intune MDMDiagReport.html report and how to convert it to a PowerShell object. There is also the final post that merges all this knowledge into the fully-featured solution.
Today I will continue this journey for getting a better Intune report by looking at the MDMDiagReport.xml file that contains a lot of interesting information that is unfortunately not available in the built-in Intune HTML report. I've created function ConvertFrom-MDMDiagReportXML that converts this XML into PowerShell object with just important report data or output the results to nice HTML report.
I haven't find any documentation describing content of MDMDiagReport.xml so I've just reverse engineered it. It means that results can miss or show incorrect information. If this will be your case, please let me know, so I can fix this function.
Btw when I'll talk about built-in Intune HTML report I mean this one
Table of contents
TL;DR
Download, dot source and run PowerShell function ConvertFrom-MDMDiagReportXML
Call ConvertFrom-MDMDiagReportXML to get PowerShell object
Call ConvertFrom-MDMDiagReportXML | Out-GridView to get nice GUI searchable output
Call ConvertFrom-MDMDiagReportXML -asHTML -showURLs to get nice HTML report like
Meet the ConvertFrom-MDMDiagReportXML function
All this blog post is about is my function ConvertFrom-MDMDiagReportXML. Don't forget it is a function, so you will have to dot source the downloaded script first and then explicitly call it!
Check the examples section for some usage tips.
What is MDMDiagReport.xml and how to get it?
MDMDiagReport.xml is XML file containing details about processing of Intune policies.
It can be generated by calling MdmDiagnosticsTool.exe -out "C:\IntuneReport" and the result will look like this
As you can see besides the MDMDiagReport.xml folder contains also the built-in HTML Intune report and some related event logs.
You don't have to generate it manually, my function will do it for you.
MDMDiagReport.xml contains a lot of information about Intune policies processing but (same as original HTML report) not all of them. For example what is missing:
Applied scripts (scripts and remediation scripts)
Windows app (Win32)
Name of deployed MSI installation
These kind of data will be added in my next and hopefully final ultimate Invoke-IntunePolicyResult (like gpresult) function. ๐
Interesting XML nodes
Now when we have MDMDiagReport.xml we need to understand its content hierarchy.
After several days of testing, guessing and testing I've found these important XML nodes:
MDMEnterpriseDiagnosticsReport.Resources.Enrollment
All Intune enrollments deployed to this client
What I get there: enrollment ID, scope, setting names
MDMEnterpriseDiagnosticsReport.Diagnostics.ErrorLog
Deployment errors
What I get there: type of policy, policy name, error code, time of evaluation, ...
MDMEnterpriseDiagnosticsReport.EnterpriseDesktopAppManagementInfo.MsiInstallation.TargetUser.Package.Details
Deployment errors for MSI installations
What I get there: package ID, download URL, used command line, product version, status, assignment type
MDMEnterpriseDiagnosticsReport.PolicyManager.ConfigSource
All policies deployed to this client
What I get there: enrollment ID, policy scope, policy area, policy settings
I ignore knobs policies because those are just some internal diagnostics data
MDMEnterpriseDiagnosticsReport.PolicyManager.AreaMetadata
Details for policies settings (metadata)
What I get there: policy type, default value, registry key and value it changes
MDMEnterpriseDiagnosticsReport.PolicyManager.IngestedAdmxPolicyMetadata
Details for ADMX based? policies settings (metadata)
What I get there: policy type, source Admx file, registry key and value it changes
Converting XML to PowerShell object
To be able to convert XML objects to PowerShell objects I have used function ConvertFrom-XML.
90% of function code is based on stackoverflow.com/questions/3242995/convert... I just fixed some bugs and make it 30% faster.
What are benefits of my report over the built-in one?
My report contains more information than a built-in one and more importantly shows just useful information
Knobs (debug) policies etc are omitted
My report contains:
policy errors (if any)
installed MSI applications with version, state etc (name is missing from XML, but will be added in my next version)
details like what registry key/value is changed, admx template is used, URL to CSP documentation, etc
Function can return PowerShell object (with all benefits it brings) or quite nice HTML report
How is my HTML report generated
I've used great PowerShell module PSWriteHTML. So I didn't have to write a single line of HTML code by myself :)
Special thanks go to @evotecpl for his assistance with tuning of this report ๐
Check this nice detail (red background for cells with errors (code different from 0))
Summary
Function ConvertFrom-MDMDiagReportXML gets content of **MDMDiagReport.xml **, extracts just important parts and merge them together to one structured PowerShell object or HTML report and returns it. Nothing less nothing more.
For the final solution check my next post. There you will see Get-ClientIntunePolicyResult function that merges XML data with registry ones which leads to a complete Intune policy report.
Examples
You can use standard PowerShell filtering a.k.a Where-Object.
You can also use Out-GridView to get some basic GUI with decent filtering capabilities. The disadvantage of using Out-GridView is the lack of nice readable output for individual setting details.
Moreover, you can use -PassThru to pass selected object down the pipe for further processing like:
And you will get:
Which can be drilled down like:
And this is how it looks when you generate HTML report
And now compare it with built-in one :)
