Microsoft Surface Diagnostic Toolkit for Business

by | Jun 19, 2023 | Surface | 0 comments

Doing the troubleshooting of devices is one of most difficult work for the end-users. Every time there are multiple questions what should be done or they are afraid if they doing it correctly.

And here for a help is coming…. Microsoft Surface Diagnostic Toolkit for Business. Application which is designed to help end-user to diagnose their device if there is any issue – like Windows Update, hardware and other software issue(s).

On this post I want to show you how to configure SDTfB (Surface Diagnostic Toolkit for Business) and how to deploy it via Microsoft Intune for the End-user devices.

To download the package which you can install on the end-user devices, visit the Surface for IT downloads page and select proper version, for example, Surface_Diagnostic_Toolkit_for_Business_v2.193.139.0.msi or newer version.

Now If you don’t want to customize this package and allow end-users to do any tests you can install this package manually by clicking next, next on the end-user devices. But we don’t want to do that, right? We want some automation, yes? 🙂

So – let’s do first some automation stuff.

Configure Toolkit first.

To configure Toolkit which will be deployed to our devices – we need to use Surface device. We cannot use designer to on any other vendor device. Brr…

So – first step is install the Toolkit from MSI package where you need to select that you’re installing Advanced Type. If you select Standard type – there will be no possibility to configure package for all devices.

After installation, run the program with Administrator rights and select Create custom package.

On first step of wizard – you need to select language and allow or disallow end-users to change this setting. Also, you can disable sending Telemetry to the Microsoft.

Step two is settings for the Windows update.

Step third is system repair – what can be done by the end-users.

On the fourth step you need to decide, what logs and information will be collected from end-user device.

Last step is saving the package to location which you choose.

Prepare package for the Microsoft Intune.

If we have prepared package from Toolkit, we can prepare our package for the Microsoft Intune. As on my previous posts, I will be not focusing on the whole part of customization the PSAppDeploymentToolkit, just provide installation commands and uninstallation.

For more information how to customize PSADT – visit this post.

First – copy the original MSI from Surface for IT site to Files folder.

Second – copy the generated .json from configurator to Files folder.

Installation command will looks like:

Execute-MSI -Action 'Install' -Path "$dirFiles\Surface_Diagnostic_Toolkit_for_Business_v2.193.139.0.msi"
Copy-File -Path "$dirSupportFiles\SurfaceDiagnosticToolkit.json" -Destination "C:\Program Files\Microsoft\Surface\Microsoft Surface Diagnostic Toolkit for Business (64-bit)\SurfaceDiagnosticToolkit.json"

I will be not providing additonal parameters which were mentioned on the Microsoft website, because default parameters – are ok for me. Telemetry = 1 as default also the Type installation = 0 for User installation, not the admin.

The uninstallation command looks like:

Execute-MSI -Action 'Uninstall' -Path '{58100067-3DA7-4D09-BB7E-853636EF79A9}'

Save package, pack it via IntuneWrapper and upload the Intune as Win32app.

For the installation command use:

Deploy-Application.exe -DeploymentType "Install"

For the uninstallation command use:

Deploy-Application.exe -DeploymentType "UnInstall"

For the detection you can use MSI without checking the product version:


Assign application to the proper groups and wait for the installation on the end-users devices.

But… how to use that application?

End-users need to have administrator privileges on the workstation or they can ask someone from IT support to run this application with administrator rights.

Users will see start screen where they can provide some additional description

Next Windows update will be checked if we configured it.

And on the next screen, users will be able to run specific tests, actions, system repair or run the log collector. On the end, they are able to generate a report and send it to the IT for checking.


It will be something interesting because this application has also a Command Line interface! You can run this via script and collect necessary information and send it to the Admins or share to the Sharepoint or some another location.

First, open CMD / PowerShell with Administrator rights, go to the path where program was installed and… Run the proper SurfaceDiagnosticToolkit_console.exe file. This will show you what options you can use to collect diagnostic remotely via CLI.

And it will be everything. It is good to have tool like this which can help us – Administrators to troubleshoot devices which are in our organization.

Jakub Piesik

Jakub Piesik

Microsoft 365 Consultant

I’m writing not only about Intune and Windows 365. I’m writing about everything what I leared previously and want to share with you!

#security #microsoft365 #intune #windows365 #powershell #automation 🙂