Skip to content
Sandbox IT Solutions
Sandbox IT Solutions

Technical blog focused on Microsoft and related technologies

  • Home
  • Consulting Services
  • About Me
  • Contact Me
  • Disclaimer
Sandbox IT Solutions

Technical blog focused on Microsoft and related technologies

GPResult Tool for Intune: Meet Intunedebug

SandboxIT, September 27, 2025September 27, 2025

Finally, a GPResult alternative for Intune. Discover IntuneDebug and Get-MDMPolicyReport to create clean HTML reports for Intune policy troubleshooting.

IntuneDebut Get-MDMPolicyReport

Table of Contents

  • Meet IntuneDebug
  • The Foundation: Windows MDM Diagnostics
  • Installation and Getting Started
    • Get-MDMPolicyReport on Remote Machine
    • Intune Policy Report
  • Conclusion
  • References

Meet IntuneDebug

If you’ve ever troubleshot Group Policy in an on-premises Active Directory environment, you probably relied on the GPResult /h command. It generates clean, structured HTML reports that make understanding applied GPOs straightforward.

But in the modern cloud-first Intune world, admins haven’t had an equivalent. Instead, we’ve been stuck digging through raw MDM diagnostic logs, scrolling endlessly, parsing XML, and guessing at conflicts. That’s where IntuneDebug comes in. Created by Jonas Ohmsen, this PowerShell module delivers GPResult-style HTML reports for Intune, making policy troubleshooting faster and much more intuitive.

🔑 Key Features

  1. GPResult-Style HTML Output
    Generates structured HTML reports that open directly in Edge — familiar to anyone used to GPResult.
  2. Broad Policy Coverage
    See applied settings across:
    • Device configuration policies
    • User configuration policies
    • Win32 & MSI app deployments
    • Certificates
    • Defender Firewall rules
    • LAPS (Local Administrator Password Solution)
    • Intune scripts & remediation policies
  3. Remote Report Analysis
    While the tool can’t collect remotely, it analyzes exported MDM diagnostic reports — perfect for distributed support scenarios.

The Foundation: Windows MDM Diagnostics

Before using IntuneDebug, it helps to know what’s under the hood.

What Is MDM-Diagnostics?

A built-in Windows feature that collects enrollment, policy, and configuration state for any MDM-managed device.

The Tool Behind It: MdmDiagnosticsTool.exe

  • Generates HTML and XML reports with applied policies and enrollment state
  • Can be triggered via command line, Settings app, or Intune portal
  • Collects registry data, CSP settings, event logs, and certificates

Common Reports

  • MDMDiagReport.html – Human-readable HTML view
  • MDMDiagReport.xml – Machine-readable XML for automation

👉 Problem: These reports are verbose, unstructured, and painful to navigate.

Installation and Getting Started

Installing IntuneDebug is straightforward using the PowerShell Gallery:

Install-Module -Name IntuneDebug

Once installed, generating a report is as simple as running the following command. This command would be done on the machine you’re checking the policy on.

Get-MDMPolicyReport

Get-MDMPolicyReport on Remote Machine

If you would like to check the policies on a remote machine. Do the following:

  1. In the Intune portal, search for your device and in the Overview section. Click Collect diagnostics then Yes to agree.
  1. A notification will appear stating Collect diagnostics initiated.
  1. On the Overview page, the status will show Collect diagnostics: Pending.

It may take some time to complete. To expedite the process, initiate a sync on the device.

  1. Once the diagnostics are ready, go to Device diagnostics. Click on the 3 dots (…) and click Download. A zip/cab file will be downloaded onto your device.
  1. Open the zip/cab file and it should look something like this. Navgiate to the folder that looks like the one highlighted FoldersFiles temp_MDMDiagnositics_mdmlogs-DATE.
  1. Look for the following two files selected MDMDiagHTMLReport.xml and MDMDiagReport.xml and copy the files into a local folder:
  1. During my testing I found that if you did not rename the MDMDiagHTMLReport.html to MDMDiagReport.html, running the PowerShell command would fail. I manually renamed the file so the two files now look like this:
  1. Use the following command to generate the report, specifying your folder path:
Get-MDMPolicyReport -MDMDiagReportPath "C:\YourFolderPath"
  • If successful, the command will run without any error messages.

💡 Note: The screenshot below shows the error encountered before renaming the HTML file. Once renamed, the command executes correctly

Intune Policy Report

The report will be generated in the folder as a HTML file named IntunePolicyReport.html. When you open it, it should launch in your web browser.

The policies will be organized in sections such as the example below is showing the BitLocker policy you deploy from Intune. This provides a cleaner and more organized look versus having to look for each individual setting in the MDM Diagnostics Report.

Conclusion

Intune administrators finally have a GPResult alternative. With IntuneDebug, you can stop scrolling through endless XML and instead open a clean HTML report that tells you exactly which Intune policies applied.

Whether you’re troubleshooting BitLocker, LAPS, or application deployments, Get-MDMPolicyReport should be in every Intune admin’s toolkit.

👉 Try it today from the PowerShell Gallery and make Intune troubleshooting as easy as GPResult.

References

https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/gpresult-like-tool-for-intune/4437008/replies/4444773

Spread the love
Intune intuneintunedebugmdm troubleshooting

Post navigation

Previous post

Leave a Reply Cancel reply

You must be logged in to post a comment.

Recent Posts

  • GPResult Tool for Intune: Meet Intunedebug
  • Streamline Your Device Deployment: New Windows Quality Update Controls in Microsoft Intune’s OOBE Experience
  • Understanding the Stolen Device Protection Challenge with Microsoft Intune Manual Enrollment
  • Microsoft AI Tour 2025-2026: A Global Journey of AI Innovation
  • LAPS for macOS Is Here: Managing Admin Passwords with Intune

Recent Comments

  1. Mike B on Moving Teams Android Devices to AOSP Device Management
  2. Johnny s on Third-Party Application Patching: Ivanti vs. Patch My PC
  3. SandboxIT on Exploring Windows Sandbox: Application Install and PowerShell Script Testing
  4. John on Resolving Windows 11 24H2 Defender Enrollment Issues
  5. Barry Johns on New Outlook January 2025 – Microsoft 365 Business Standard/Premium

Archives

  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • January 2025
  • December 2024
  • October 2024
  • September 2024

Categories

  • AI
  • Apple
  • Autopilot
  • BIOS
  • Conditional Access
  • Configuration Manager
  • Defender for Endpoint
  • Entra ID
  • Events
  • Intune
  • iOS/iPadOS
  • Learning
  • Lenovo
  • macOS
  • Manufacturers
  • MDM
  • Microsoft Certifications
  • Microsoft Security
  • Microsoft Teams
  • Patching
  • PowerShell
  • Security
  • Uncategorized
  • Windows
  • Windows Updates
©2025 Sandbox IT Solutions | WordPress Theme by SuperbThemes