Finally, a GPResult alternative for Intune. Discover IntuneDebug and Get-MDMPolicyReport to create clean HTML reports for Intune policy troubleshooting.
Table of Contents
Meet IntuneDebug
If you’ve ever troubleshot Group Policy in an on-premises Active Directory environment, you probably relied on the GPResult /h command. It generates clean, structured HTML reports that make understanding applied GPOs straightforward.
But in the modern cloud-first Intune world, admins haven’t had an equivalent. Instead, we’ve been stuck digging through raw MDM diagnostic logs, scrolling endlessly, parsing XML, and guessing at conflicts. That’s where IntuneDebug comes in. Created by Jonas Ohmsen, this PowerShell module delivers GPResult-style HTML reports for Intune, making policy troubleshooting faster and much more intuitive.
🔑 Key Features
- GPResult-Style HTML Output
Generates structured HTML reports that open directly in Edge — familiar to anyone used to GPResult. - Broad Policy Coverage
See applied settings across:- Device configuration policies
- User configuration policies
- Win32 & MSI app deployments
- Certificates
- Defender Firewall rules
- LAPS (Local Administrator Password Solution)
- Intune scripts & remediation policies
- Remote Report Analysis
While the tool can’t collect remotely, it analyzes exported MDM diagnostic reports — perfect for distributed support scenarios.
The Foundation: Windows MDM Diagnostics
Before using IntuneDebug, it helps to know what’s under the hood.
What Is MDM-Diagnostics?
A built-in Windows feature that collects enrollment, policy, and configuration state for any MDM-managed device.
The Tool Behind It: MdmDiagnosticsTool.exe
- Generates HTML and XML reports with applied policies and enrollment state
- Can be triggered via command line, Settings app, or Intune portal
- Collects registry data, CSP settings, event logs, and certificates
Common Reports
- MDMDiagReport.html – Human-readable HTML view
- MDMDiagReport.xml – Machine-readable XML for automation
👉 Problem: These reports are verbose, unstructured, and painful to navigate.
Installation and Getting Started
Installing IntuneDebug is straightforward using the PowerShell Gallery:
Install-Module -Name IntuneDebug
Once installed, generating a report is as simple as running the following command. This command would be done on the machine you’re checking the policy on.
Get-MDMPolicyReport
Get-MDMPolicyReport on Remote Machine
If you would like to check the policies on a remote machine. Do the following:
- In the Intune portal, search for your device and in the Overview section. Click Collect diagnostics then Yes to agree.
- A notification will appear stating Collect diagnostics initiated.
- On the Overview page, the status will show Collect diagnostics: Pending.
It may take some time to complete. To expedite the process, initiate a sync on the device.
- Once the diagnostics are ready, go to Device diagnostics. Click on the 3 dots (…) and click Download. A zip/cab file will be downloaded onto your device.
- Open the zip/cab file and it should look something like this. Navgiate to the folder that looks like the one highlighted FoldersFiles temp_MDMDiagnositics_mdmlogs-DATE.
- Look for the following two files selected MDMDiagHTMLReport.xml and MDMDiagReport.xml and copy the files into a local folder:
- During my testing I found that if you did not rename the MDMDiagHTMLReport.html to MDMDiagReport.html, running the PowerShell command would fail. I manually renamed the file so the two files now look like this:
- Use the following command to generate the report, specifying your folder path:
Get-MDMPolicyReport -MDMDiagReportPath "C:\YourFolderPath"- If successful, the command will run without any error messages.
💡 Note: The screenshot below shows the error encountered before renaming the HTML file. Once renamed, the command executes correctly
Intune Policy Report
The report will be generated in the folder as a HTML file named IntunePolicyReport.html. When you open it, it should launch in your web browser.
The policies will be organized in sections such as the example below is showing the BitLocker policy you deploy from Intune. This provides a cleaner and more organized look versus having to look for each individual setting in the MDM Diagnostics Report.
Conclusion
Intune administrators finally have a GPResult alternative. With IntuneDebug, you can stop scrolling through endless XML and instead open a clean HTML report that tells you exactly which Intune policies applied.
Whether you’re troubleshooting BitLocker, LAPS, or application deployments, Get-MDMPolicyReport should be in every Intune admin’s toolkit.
👉 Try it today from the PowerShell Gallery and make Intune troubleshooting as easy as GPResult.