Every admin knows that a smooth setup is the goal when managing Windows Autopilot deployments, but it’s not always guaranteed. From stalled profiles to apps that don’t install, deployment issues can leave you searching for answers. That’s where diagnostic tools come in, and Get-AutopilotDiagnostics stands out as a go-to script for dissecting Autopilot deployments.
In this blog, we’ll explore the ins and outs of this tool, why it’s invaluable for troubleshooting Autopilot, and how the community-enhanced version takes things a step further. If you’re ready to dive into advanced Autopilot diagnostics and see how the right tool can transform your troubleshooting process, read on.
Introduction: Why AutopilotDiagnostics Matter
When setting up devices with Windows Autopilot, things don’t always go as smoothly as planned. Enrollment failures, missing profiles, apps that don’t install, and Enrollment Status Page (ESP) errors can leave IT administrators scratching their heads. This is where Get-AutopilotDiagnostics steps in. Designed to simplify the troubleshooting process, this PowerShell tool helps you dig into the details of an Autopilot deployment. Analyzing profiles, policies, apps, and ESP sessions provides a clearer view of what’s happening under the hood.
Why and When to Use Get-AutopilotDiagnostics
You’d use this tool when you’re facing:
Profile Application Failures: When devices are enrolled but aren’t picking up the correct profiles.
App Deployment Errors: When Win32 or modern apps (UWP) fail to download or install during the Autopilot process.
ESP Freezes: When the Enrollment Status Page gets stuck, users are prevented from accessing their desktops.
Policy Processing Issues: When policies are out of order or not applying correctly, causing non-compliance.
This tool is particularly valuable for diagnosing these issues because it gathers the critical data points that determine the success of an Autopilot deployment. But there’s a catch.
Why the Community Version is Better: Introducing Get-AutopilotDiagnosticsCommunity
While Get-AutopilotDiagnostics offers a solid foundation for diagnostics, it’s not always updated with the latest features and troubleshooting needs. That’s where the community-enhanced version, Get-AutopilotDiagnosticsCommunity, comes into play. Developed by the Autopilot community, this version provides:
Enhanced Timeline Accuracy: Better event tracking so you can pinpoint exactly when an issue starts.
Support for New Graph API Modules: Integrates more effectively with the latest Graph API modules, ensuring detailed data retrieval about devices, policies, and apps.
Expanded Insights on ESP and Delivery Optimization: Offers more granular information on ESP progress and network bandwidth usage.
Ongoing Community Updates: Since it’s maintained by the community, updates are frequent, reflecting real-world use cases and the latest Intune features.
If you want Autopilot’s most comprehensive and up-to-date diagnostic tool, the community version is the way to go.
What Get-AutopilotDiagnosticsCommunity Does: A Breakdown of its Features
1. Profile and Tenant Information Analysis
This feature displays details about Autopilot profiles, tenant domains, and IDs. By verifying that the correct profile is applied and matched with the assigned tenant, you can quickly rule out issues related to incorrect configurations.
2. ESP (Enrollment Status Page) Monitoring
The script tracks the entire ESP flow, showing which apps, policies, and certificates have been successfully applied and which are causing delays. It also lets you check the settings for ESP timeout, blocking, and retry options, giving you control over the user experience.
3. App Deployment Status
You get a full view of both Win32 apps and UWP apps, examining their installation status:
MSI and Win32 Apps: The tool checks each app’s download and installation progress, flagging any failures or delays.
4. Policy Compliance Tracking
It provides detailed tracking of policies processed during the Autopilot setup. This includes checking NodeCache registry keys to see which policies have been applied and in what order, helping to identify if a specific policy is causing problems.
5. Sidecar Apps and Certificates
The tool checks sidecar app installations and SCEP certificate deployments, which are crucial for secure app management during ESP. It ensures that certificates and Win32 apps that require sidecar support are installed and configured properly.
6. Device Registration and Hybrid AD Join Verification
For hybrid Azure AD setups, the script checks whether the Offline Domain Join (ODJ) process succeeded or failed. It also logs device registration events, highlighting any issues with AD connectivity or hybrid join configurations.
7. Event Timeline Visualization
One of the best features of the community version is the enhanced timeline visualization. It logs every major event during the Autopilot deployment with timestamps, color-coding them for quick reference:
Green: Success
Yellow: In progress
Red: Failure
This allows you to see exactly where the deployment is stalling and understand the root cause more quickly.
8. Delivery Optimization (DO) Analysis
The tool displays stats on network usage during the deployment, including how much data is downloaded from peers and Connected Cache. This helps diagnose network-related issues that could affect app and policy deployments.
Running Get-AutopilotDiagnosticsCommunity: Example Commands
Shall we look at some example commands to start using the community version?
Install the Autopilot Diagnostics tool:
install-script -name get-autopilotdiagnosticscommunity
Basic Usage:
Get-AutopilotDiagnosticsCommunity.ps1
For Detailed Info with Graph Integration:
Use the Get-AutopilotDiagnosticsCommunity.ps1 -Online
Analyzing a CAB File:
To Analyze the cab use: Get-AutopilotDiagnosticsCommunity.ps1 -CABFile “C:PathToAutopilot.cab”
Showing Policy Order:
Get-AutopilotDiagnosticsCommunity.ps1 -ShowPolicies
Looking at how it helps with broken Autopilot Enrollments
When you end up staring at a broken Autopilot enrollment because of some app failed to install (0x87d1041c).
If we take a closer look at the diagnostics information, we will notice that the device-targeted apps installation failed but nothing more.
One thing is for sure: you will need to start using the Autopilot Diagnostics Tool. It is best practice to use the -online switch so you would immediately get the real Win32App names instead of the GUIDs
As shown below, within a couple of seconds, we found the culprit for our Autopilot provisioning process failing! Somehow, a weird Win32App failed to be installed.
Now we know which app failed, it becomes way easier to troubleshoot it! This is what the atuopilotdiagnosticscommunity tool is all about! Making your lives easier!
Conclusion: Get the Right Tool for the Job
While the original Get-AutopilotDiagnostics script provides essential diagnostics, the community version is a more powerful and versatile option. By leveraging its enhanced features and frequent updates, IT administrators can better understand Autopilot deployments and resolve issues more effectively. Whether you’re dealing with stuck apps, incomplete profiles, or ESP failures, Get-AutopilotDiagnosticsCommunity can help you get to the root of the problem with ease.
If you want to learn more about troubleshooting, please take a look at this webinar! We will go under the hood of how the IME works!
Intune Management Extension Deep Dive Webinar – Patch My PC