From 5459f635b209efb96c68bd011d7abfa709723195 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 13 Apr 2021 07:06:56 -0700 Subject: [PATCH 1/4] update includes --- windows/security/includes/microsoft-defender.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/includes/microsoft-defender.md b/windows/security/includes/microsoft-defender.md index 5d522f245c..ec183caa51 100644 --- a/windows/security/includes/microsoft-defender.md +++ b/windows/security/includes/microsoft-defender.md @@ -11,4 +11,4 @@ ms.topic: include --- > [!IMPORTANT] -> The improved [Microsoft 365 security center](https://security.microsoft.com) is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. [Learn what's new](/microsoft-365/security/mtp/overview-security-center). This topic might apply to both Microsoft Defender for Endpoint and Microsoft 365 Defender. Refer to the **Applies To** section and look for specific call outs in this article where there might be differences. \ No newline at end of file +> The improved [Microsoft 365 security center](https://security.microsoft.com) is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. [Learn what's new](/microsoft-365/security/mtp/overview-security-center). \ No newline at end of file From 8c3c0f750676203eb0d54b884280464a398a676b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 13 Apr 2021 07:46:35 -0700 Subject: [PATCH 2/4] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index d9828c61db..99e0af3157 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -16525,6 +16525,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md", + "redirect_url": "/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives", + "redirect_document_id": false + }, { "source_path": "windows/deployment/update/waas-mobile-updates.md", "redirect_url": "/windows/deployment/update/waas-configure-wufb", From 292ed7954c7aaee600feddec9112a161250a2c14 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 13 Apr 2021 08:07:38 -0700 Subject: [PATCH 3/4] changing author from beth to dan --- ...nable-virtualization-based-protection-of-code-integrity.md | 4 ++-- .../threat-protection/intelligence/coinminer-malware.md | 4 ++-- .../intelligence/coordinated-malware-eradication.md | 4 ++-- windows/security/threat-protection/intelligence/criteria.md | 4 ++-- .../intelligence/cybersecurity-industry-partners.md | 4 ++-- .../security/threat-protection/intelligence/developer-faq.md | 4 ++-- .../threat-protection/intelligence/developer-resources.md | 4 ++-- .../threat-protection/intelligence/exploits-malware.md | 4 ++-- .../threat-protection/intelligence/fileless-threats.md | 4 ++-- windows/security/threat-protection/intelligence/index.md | 4 ++-- .../security/threat-protection/intelligence/macro-malware.md | 4 ++-- .../security/threat-protection/intelligence/malware-naming.md | 4 ++-- .../threat-protection/intelligence/phishing-trends.md | 4 ++-- windows/security/threat-protection/intelligence/phishing.md | 4 ++-- .../intelligence/prevent-malware-infection.md | 4 ++-- .../threat-protection/intelligence/ransomware-malware.md | 4 ++-- .../threat-protection/intelligence/rootkits-malware.md | 4 ++-- .../threat-protection/intelligence/safety-scanner-download.md | 4 ++-- .../threat-protection/intelligence/submission-guide.md | 4 ++-- .../threat-protection/intelligence/supply-chain-malware.md | 4 ++-- .../security/threat-protection/intelligence/support-scams.md | 4 ++-- .../threat-protection/intelligence/trojans-malware.md | 4 ++-- .../threat-protection/intelligence/understanding-malware.md | 4 ++-- .../threat-protection/intelligence/unwanted-software.md | 4 ++-- .../intelligence/virus-information-alliance-criteria.md | 4 ++-- .../intelligence/virus-initiative-criteria.md | 4 ++-- .../security/threat-protection/intelligence/worms-malware.md | 4 ++-- 27 files changed, 54 insertions(+), 54 deletions(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index ab30615f6d..0628013832 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -4,8 +4,8 @@ description: This article explains the steps to opt in to using HVCI on Windows ms.prod: m365-security ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/coinminer-malware.md b/windows/security/threat-protection/intelligence/coinminer-malware.md index aa36031971..2f9e582a64 100644 --- a/windows/security/threat-protection/intelligence/coinminer-malware.md +++ b/windows/security/threat-protection/intelligence/coinminer-malware.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md index 47e4ffb819..6e6173e36d 100644 --- a/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md +++ b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index 1071528e78..8f05e1c296 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md b/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md index fec4892d00..6df748d442 100644 --- a/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md +++ b/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/developer-faq.md b/windows/security/threat-protection/intelligence/developer-faq.md index a4cfc8871c..73ca4ec48c 100644 --- a/windows/security/threat-protection/intelligence/developer-faq.md +++ b/windows/security/threat-protection/intelligence/developer-faq.md @@ -8,8 +8,8 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro diff --git a/windows/security/threat-protection/intelligence/developer-resources.md b/windows/security/threat-protection/intelligence/developer-resources.md index bdfa49c2ef..659eaad25b 100644 --- a/windows/security/threat-protection/intelligence/developer-resources.md +++ b/windows/security/threat-protection/intelligence/developer-resources.md @@ -9,8 +9,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium ms.pagetype: security -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/exploits-malware.md b/windows/security/threat-protection/intelligence/exploits-malware.md index c7a418d55c..3a88ecaf55 100644 --- a/windows/security/threat-protection/intelligence/exploits-malware.md +++ b/windows/security/threat-protection/intelligence/exploits-malware.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md index 98da71d16d..39371c3da0 100644 --- a/windows/security/threat-protection/intelligence/fileless-threats.md +++ b/windows/security/threat-protection/intelligence/fileless-threats.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/index.md b/windows/security/threat-protection/intelligence/index.md index efabf4d941..7fce4cc28d 100644 --- a/windows/security/threat-protection/intelligence/index.md +++ b/windows/security/threat-protection/intelligence/index.md @@ -6,8 +6,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/macro-malware.md b/windows/security/threat-protection/intelligence/macro-malware.md index dee6c55a23..9c57408a5d 100644 --- a/windows/security/threat-protection/intelligence/macro-malware.md +++ b/windows/security/threat-protection/intelligence/macro-malware.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/malware-naming.md b/windows/security/threat-protection/intelligence/malware-naming.md index abd3753a03..ef4a133061 100644 --- a/windows/security/threat-protection/intelligence/malware-naming.md +++ b/windows/security/threat-protection/intelligence/malware-naming.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/phishing-trends.md b/windows/security/threat-protection/intelligence/phishing-trends.md index d8cd025a74..9645672acd 100644 --- a/windows/security/threat-protection/intelligence/phishing-trends.md +++ b/windows/security/threat-protection/intelligence/phishing-trends.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/phishing.md b/windows/security/threat-protection/intelligence/phishing.md index b7732c2e51..55d1b756ed 100644 --- a/windows/security/threat-protection/intelligence/phishing.md +++ b/windows/security/threat-protection/intelligence/phishing.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 342c428ef2..4b3b38c797 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/ransomware-malware.md b/windows/security/threat-protection/intelligence/ransomware-malware.md index c81d578a51..4f7f59f8ff 100644 --- a/windows/security/threat-protection/intelligence/ransomware-malware.md +++ b/windows/security/threat-protection/intelligence/ransomware-malware.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/rootkits-malware.md b/windows/security/threat-protection/intelligence/rootkits-malware.md index ab4fa996bd..3a795c9074 100644 --- a/windows/security/threat-protection/intelligence/rootkits-malware.md +++ b/windows/security/threat-protection/intelligence/rootkits-malware.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md index 91fd803cf6..1027ebf999 100644 --- a/windows/security/threat-protection/intelligence/safety-scanner-download.md +++ b/windows/security/threat-protection/intelligence/safety-scanner-download.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/submission-guide.md b/windows/security/threat-protection/intelligence/submission-guide.md index 87667989e4..97dda7a1ad 100644 --- a/windows/security/threat-protection/intelligence/submission-guide.md +++ b/windows/security/threat-protection/intelligence/submission-guide.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/supply-chain-malware.md b/windows/security/threat-protection/intelligence/supply-chain-malware.md index fff7e3b7b3..edd8709cdf 100644 --- a/windows/security/threat-protection/intelligence/supply-chain-malware.md +++ b/windows/security/threat-protection/intelligence/supply-chain-malware.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/support-scams.md b/windows/security/threat-protection/intelligence/support-scams.md index 9b5452182c..ffb5104d6c 100644 --- a/windows/security/threat-protection/intelligence/support-scams.md +++ b/windows/security/threat-protection/intelligence/support-scams.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/trojans-malware.md b/windows/security/threat-protection/intelligence/trojans-malware.md index 25a5c3e4c9..f2b7fe2a80 100644 --- a/windows/security/threat-protection/intelligence/trojans-malware.md +++ b/windows/security/threat-protection/intelligence/trojans-malware.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/understanding-malware.md b/windows/security/threat-protection/intelligence/understanding-malware.md index 5ce86ce593..63477837e9 100644 --- a/windows/security/threat-protection/intelligence/understanding-malware.md +++ b/windows/security/threat-protection/intelligence/understanding-malware.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/unwanted-software.md b/windows/security/threat-protection/intelligence/unwanted-software.md index cc7c3034bc..0083b9496c 100644 --- a/windows/security/threat-protection/intelligence/unwanted-software.md +++ b/windows/security/threat-protection/intelligence/unwanted-software.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md index a70ae6fe7e..65a11f61ab 100644 --- a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md index 8512c8d267..83ca25908d 100644 --- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/intelligence/worms-malware.md b/windows/security/threat-protection/intelligence/worms-malware.md index 37b7aadc45..ed4e5aaf84 100644 --- a/windows/security/threat-protection/intelligence/worms-malware.md +++ b/windows/security/threat-protection/intelligence/worms-malware.md @@ -7,8 +7,8 @@ ms.prod: m365-security ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: ellevin -author: levinec +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance From 1c68f457b492f148bd5cc561e4af3ebc0941d43f Mon Sep 17 00:00:00 2001 From: gkomatsu Date: Tue, 13 Apr 2021 09:34:46 -0700 Subject: [PATCH 4/4] instructions to collect MDM log with command line Add instructions to collect MDM Diagnostics Log using command line and information on the cab structure. --- .../diagnose-mdm-failures-in-windows-10.md | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md index 28c2b08822..eff91fca3c 100644 --- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md +++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md @@ -14,7 +14,7 @@ ms.date: 06/25/2018 # Diagnose MDM failures in Windows 10 -To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. +To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop. The following sections describe the procedures for collecting MDM logs. ## Download the MDM Diagnostic Information log from Windows 10 PCs @@ -30,6 +30,27 @@ To help diagnose enrollment or device management issues in Windows 10 devices m 1. In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report. +## Use command to collect logs directly from Windows 10 PCs + +You can also collect the MDM Diagnostic Information logs using the following command: + +```xml +mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -cab c:\users\public\documents\MDMDiagReport.cab +``` +- In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report. + +### Understanding cab structure +The cab file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment,DeviceProvisioning and Autopilot areas. It applies to the cab files collected via command line or Feedback Hub + +- DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls +- DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider) +- MDMDiagHtmlReport.html: Summary snapshot of MDM space configurations and policies. Includes, management url, MDM server device id, certificates, policies. +- MdmDiagLogMetadata,json: mdmdiagnosticstool metadata file, contains command line arguments used to run the tool +- MDMDiagReport.xml: contains a more detail view into the MDM space configurations, e.g enrollment variables +- MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations +- MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command +- *.evtx: Common event viewer logs microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx main one that contains MDM events. + ## Collect logs directly from Windows 10 PCs Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location: