In Windows 10 1709 – Creators Update Fall, Microsoft has made it much easier to troubleshoot what policies, application an more – this is done in the new “MDM Diagnostic Information” both in overview and in Advanced Diagnostic Report.
This is one of the greatest news in Windows 10 1709 seen from a modern management perspective in my opinion. It is more detailed then it has been in the previous versions of Windows 10, and the Advanced Diagnostic Report is being formatted so it is readable by default – where in previous versions of Windows 10 we need to converted from XML into HTML.
It can be found in the settings app:
Press Windows + I to start the settings App – click on Accounts
Click on Access work or School
Click on Connected to “Your Organisation” and click Info
The “Managed by…” is divided into 3 sections
The first section is Device sync status:
Under “Last Attempted Sync:” you can see if the last sync with the MDM backend was successful or if it has failed. You can also see when the last sync was attempted.
There is a Sync button that the end-user can sync there Windows 10 device with Intune – the sync button is also in the Intune Company Portal under settings. A MDM managed devices does not need the Company Portal to be managed.
The second section is Areas managed by…:
This section is divided up into 2 – policies where you can see what areas of policies that are set on the device from Intune
And a Applications where you can see what applications that are installed on the device from Intune, both MSI installations and Windows Apps.
In the last section you can see Connection info.
You also have the possibility to create a Advanced Diagnostic Report by clicking “Creat Report”
Click Export
Windows will then create MDMDiagReport.html in C:\Users\Public\Documents\MDMDiagnostics
The MDMDiagReport.html is divided up to sections:
- Device info
- Connection info
- Device Management Account
- Certificates
- Enrolled configuration sources and target resources
- Managed policies
Device info, Connection info and Device Management Account is overview information on the devices and MDM system information
At the Enrolled configuration sources and target resources section you can see Windows Hallo for Business settings from Intune
You can also see the applications that are installed per device or user
In the managed policies section, you can see the CSP policies that are set on the devices.
Here is a full list of CSP policies that can be set on a Windows 10 device Full list of Windows 10 CSP policies
In the list you can also see the default value for the CSP settings and what the settigns is changed into with Intune.
It is still possible to get a detailed log on setting set from the MDM system in the Windows Event Log – it can be found here:
Applications and Services Logs – Microsoft – Windows – DeviceManagement-Enterprise-Diagnostics-Provider
Cloud First 
What is the “knobs” area of Managed Policies all about? It is a bunch of telemetry regarding how many milliwatts of power my hard disk consumes in its idle state as well as settings such as what action my power button performs when the laptop is on battery power. Since you have the same noise in yours, it leads me to believe it is not something the Intune admin selected, but rather maybe some junk left behind by Microsoft forgetting to clean up their test case in the code.
I’m also curious about the “provisioning” rows in the Enrolled Configuration Sources section. Any idea what those are all about?