Need to access the windows event viewer logs of azure ad joined machine using the azure ad user credential

Question

Hi, I have joined a workgroup machine to azure ad , now the machine is Microsoft Entra Azure joined device. I am able to login to the device using the azure ad user credential, but I couldn't remotely access the event viewer logs of that azure ad joined machine using the same azure ad user credential. Kindly give me the steps to remotely access the event viewer logs of azure ad joined machine using azure ad user credential. Thank you.

Answer 1

@Naija R C
Thank you for posting this in Microsoft Q&A. It is not possible to connect to event viewer remotely on the AAD joined device.

However, Intune has a feature which utilizes the Windows DiagnosticLog CSP, allowing Intune to collect a set of files, like registry, event viewers and commands. For the event viewer log, it contains Application, System, Setup and Applocker related event log. We can see more details in the following link:
https://learn.microsoft.com/en-us/mem/intune/remote-actions/collect-diagnostics

On windows 11 device, we can also use this feature. on the device, select "Collect diagnostics" to collect the log. After the status shows complete. Go to "Device diagnostics" and click download button to download the logs.

https://techcommunity.microsoft.com/t5/intune-customer-success/intune-public-preview-windows-10-device-diagnostics/ba-p/2179712 In addition, for the firewall port, I didn't find the official article mentioned any additional ports required. We can firstly try the above feature. if it is failed to collect due to port issue, we can capture netmon log to see which port is used.

Let me know if you have any further questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.