![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 63%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
507 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Boopathi Subramaniam, Thanks for posting in Q&A. Based as I know, there are many log files in Autopilot.cab. To analyze the log, we can firstly set "Show app and profile configuration progress" to yes in ESP to show the status during ESP.
Then you can do Autopilot enrollment and find which phase the issue occurs. For example, if the issue occurs in "Register your device for mobile management" in Device preparation, then you can look into the "microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx" log.
https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-status#esp-tracking
Here are some logs we generally check for your reference:
AutopilotDDSZTDFile.json: This file contains the Autopilot profile settings being used for the device.
IntuneManagementExtension.log : This log will capture excruciating detail about the installation of Win32 apps being deployed via Intune. (Use one of the ConfigMgr log viewing tools, e.g. CMTrace.exe, to view this.)
microsoft-windows-aad-operational.evtx : This event log shows Azure AD join and Hybrid Azure AD Join-related info.
microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx : This event log covers MDM enrollment (including failure reasons) and other pertinent MDM activities.
microsoft-windows-moderndeployment-diagnostics-provider-autopilot.evtx : This is the key event log used by Autopilot, and one that you’ll almost always want to look at.
TpmHliInfo_Output.txt : This log (which is created even when not specifying the TPM area) contains basic details about the TPM in the device: the manufacturer, the firmware level of that TPM, whether it has a required EK cert, etc.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.