Get-UserDeviceRegistrationEvents

1.4

Get-UserDeviceRegistrationEvents.ps1

                                
<#PSScriptInfo

.VERSION 1.4

.GUID 28a1b634-1267-415c-891d-4afb3a72e217

.AUTHOR Iain Borghoff

.COMPANYNAME 

.COPYRIGHT 

.TAGS Windows Autopilot

.LICENSEURI 

.PROJECTURI 

.ICONURI 

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS 

.EXTERNALSCRIPTDEPENDENCIES 

.RELEASENOTES

Version 1.0: Initial publish.

Version 1.1: Fixed script exiting after installing required module.

Version 1.2: Fixed previous fix in 1.1.

Version 1.3: Removed the export to XLSX. The file will now be generated as a CSV.

Version 1.4: Fixed typo in Export-CSV.

#>

<#

.DESCRIPTION 

 Retrieves the User Device Registration events from the device and saves them as a log file to C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\UserDeviceRegistrationEvents.log. This allows easy collection of the log file using the 'Collect Diagnostics' action from Endpoint. Be sure to change the extension on the log file to .csv before opening it. Alternatively, specify a file name and path to save it locally as a CSV file.

 .PARAMETER outputfile

The filename and path if saving as a CSV locally

.EXAMPLE

.\Get-UserDeviceRegistrationEvents.ps1

.EXAMPLE

.\Get-UserDeviceRegistrationEvents.ps1 -logfile C:\temp\UserDeviceRegistrationEvents.csv

#>

[CmdletBinding()]

param (

    $logfile

)

# Generate log or CSV of events

Write-Host 'Getting events...' -ForegroundColor Cyan

$events = Get-WinEvent -LogName 'Microsoft-Windows-User Device Registration/Admin' -Oldest | Where-Object { $_.ID -like '4096' -or $_.ID -like '304' -or $_.ID -like '306' -or $_.ID -like '334' -or $_.ID -like '335' } | Select-Object TimeCreated, ID, ProviderName, LevelDisplayName, Message

if ($logfile) {

    $events | Export-Csv -Path "$logfile" -NoTypeInformation

    Write-Host "CSV file generated - $logfile" -ForegroundColor Green

}

else {

    $events | Export-CSV -Path 'C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\UserDeviceRegistrationEvents.log' -NoTypeInformation

    Write-Host "Log generated - C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\UserDeviceRegistrationEvents.log" -ForegroundColor Green

}