Need to access the windows event viewer logs of azure ad joined machine using the azure ad user credential

Naija R C 0 Reputation points
2024-02-14T12:08:38.0466667+00:00

Hi, I have joined a workgroup machine to azure ad , now the machine is Microsoft Entra Azure joined device. I am able to login to the device using the azure ad user credential, but I couldn't remotely access the event viewer logs of that azure ad joined machine using the same azure ad user credential. Kindly give me the steps to remotely access the event viewer logs of azure ad joined machine using azure ad user credential. Thank you.

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,502 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,315 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 18,451 Reputation points Microsoft Employee
    2024-02-15T12:52:26.6333333+00:00

    @Naija R C
    Thank you for posting this in Microsoft Q&A. It is not possible to connect to event viewer remotely on the AAD joined device.

    However, Intune has a feature which utilizes the Windows DiagnosticLog CSP, allowing Intune to collect a set of files, like registry, event viewers and commands. For the event viewer log, it contains Application, System, Setup and Applocker related event log. We can see more details in the following link:
    https://learn.microsoft.com/en-us/mem/intune/remote-actions/collect-diagnostics

    On windows 11 device, we can also use this feature. on the device, select "Collect diagnostics" to collect the log. After the status shows complete. Go to "Device diagnostics" and click download button to download the logs.
    238779-image.png
    https://techcommunity.microsoft.com/t5/intune-customer-success/intune-public-preview-windows-10-device-diagnostics/ba-p/2179712 In addition, for the firewall port, I didn't find the official article mentioned any additional ports required. We can firstly try the above feature. if it is failed to collect due to port issue, we can capture netmon log to see which port is used.

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.