Collect Intune Logs from macOS Devices

In this blog post, we will explore different methods for collecting Intune diagnostic logs from macOS devices. These logs are helpful for troubleshooting purpose and identifying issues related to configuration, script, or application deployment.

If you are troubleshooting an Issue related to Intune deployment. You can also try to manually force Initiate Intune sync on macOS and check if the issue is resolved. Refer to this guide for more information: Manually Sync macOS Devices with Intune.

Tip

The main log files which could help find the root cause of macOS Intune deployment issues are CompanyPortal.log, IntuneMDMDaemon*.log, and IntuneMDMAgent*.log. Let’s check the location of these files and what information is stored in these files.

1. Collect Intune logs from Company Portal App on macOS

You can collect logs from the company portal app installed on your Mac. Log file name is CompanyPortal.log which contains information about the device, Intune enrollment related information and Information about the registered user. If there are any issues with company portal app, then you can refer to this log file. CompanyPortal.log file contains below information:

• Device Information
  • Device Build version
  • Device Model
  • Device Operating System Version
  • Device Azure AD ID
  • Device Compliant State
  • Device Last Contact Time

• Enrollment Related Information
  • MDM Enrollment State of the device.

• Registered User Information
  • User Account ID
  • Tenant ID
  • User ID

1.1 Save Company Portal Diagnostic Report Locally

If you get any issues with the company portal app on a macOS device, you can review the CompanyPortal.log file. To capture the issue/error in the log file, follow the below steps:

• Reproduce the Issue on the Mac.
• Open the Company Portal App > Help > Save diagnostic report.

• Click on Save.

• Extract the contents of the Company Portal.zip file by right-clicking on the file > Open With > Archive Utility.

• The CompanyPortal.log file will be extracted into the same folder – Double-click on the file to open it and search for errors.

• You can search for keywords in the file to jump directly to the error message. For Example, you can search for Error, Failed, etc. in the file to see if any errors or failures.

1.2 Send Company Portal App diagnostic logs to Microsoft

To share a diagnostic report with Microsoft, start by reproducing the issue and promptly click the Send diagnostic report option to send the file directly to Microsoft.

• Launch the Company Portal App on your device.
• Go to Help > Send diagnostic report.

• As evident in the screenshot below, an incident ID is generated. You can also click the Email Logs button to email a Microsoft support engineer.

2. Collect Intune MDM Agent logs from a macOS device

If you have gone through companyportal.log file and found no issues, you can further investigate the problem using MDM Agent logs. MDM agent log files can be located at below locations on the Mac.

• For system logs: /Library/Logs/Microsoft/Intune
• For user logs: ~/Library/Logs/Microsoft/Intune

The log files are named IntuneMDMDaemon date–time.log and IntuneMDMAgent date–time.log.

2.1 Location of IntuneMDMDaemon date–time.log file

• Go to Finder App > Go > Go to Folder...
• Type /Library/Logs/Microsoft/Intune path and double-click on the searched location to open.

• Find the most recent IntuneMDMDaemon log file using the Date Modified column and double-click on it to open the file.

• To check real-time Intune Device check-in logs, you can manually Initiate Intune sync on the device. The logs will be in the IntuneMDMDaemon date–time.log file and updated in real time. Look for any errors during the sync process.

2.2 Location of IntuneMDMAgent date–time.log file

To find the location of the IntuneMDMAgent*.log file, follow the below steps:

• Go to Finder App > Go > Go to Folder...
• Search for ~/Library/Logs/Microsoft/Intune path and double-click on the searched location to open.

3. Collect Intune Logs for macOS from Intune admin center

Intune script agent can remotely collect the logs from a macOS device and make it available for download from Intune admin center. This really helps administrators who do not have access to the device and still want to review the logs for troubleshooting purpose. First step is to initiate Collect logs task and then download logs task once the logs are available.

Collect Logs

To collect the logs for a specific deployment, e.g., a shell script. Follow below steps:

• Sign in to the Intune admin center > Devices > macOS > Shell scripts.
• Click on any Script deployment name.
• Go to either Device status or User status under Monitor.
• Click on the Device Name or User name > A Pane will open on the right-hand side.
• Click on Collect logs.

• You’ll need to input the absolute file path for each log to collect the logs. To separate multiple log files, use a semicolon (;).

• Collect logs option supports file types such as .log, .zip, .gz, .tar, .txt, .xml, .crash, and .rtf. It’s important to note that the combined size of all the log files you want to collect remotely should not exceed 60 MB or 25 files in total, whichever limit is reached first.

• For Example, if you want to remotely collect the IntuneMDMAgent*.log, IntuneMDMDaemon*.log, and CompanyPortal.log files from a macOS device, you should add the following file path for log collection: /users/<username>/downloads/CompanyPortal.log. This will result in the collection of the CompanyPortal.log file, as well as the Intune Agent log files.

• It’s important to note that even if you specify only one log file for collection, such as CompanyPortal.log, the process will automatically include the most recent IntuneMDMAgent*.log and IntuneMDMDaemon*.log files.

• You can separate file paths with semicolons to add multiple paths for log collection. For Example: <LogfilePath1>;<LogfilePath2>;<LogfilePath3>…. and so on.

If you specify /Library/Logs/Microsoft/Intune/*.log path for collection of logs: This will fetch IntuneMDMAgent*.log, IntuneMDMDaemon*.log files from macOS device.

Note

Download Logs

Now that you’ve initiated the log collection request, it’s expected to be completed in less than 8 hours. After successfully completing the log collection process, you can download the requested logs from the Intune admin center.

If you have access to the macOS device, you can request that the user initiate a device check-in with Intune. This will trigger the log collection immediately, and you’ll be able to download the logs from the Intune admin center within a few minutes, eliminating the need to wait for a couple of hours.

• Sign in to the Intune admin center > Devices > macOS > Shell scripts.
• Click on any Script deployment name.
• Go to either Device status or User status under Monitor.
• Click on the Device Name or User name > A Pane will open on the right-hand side.
• Click on Download logs.

• A window will pop up once you click Download logs, allowing you to save the log files in a zip format. The zip file will be named ScriptTroubleshootingLogs_<date>.zip. Extract this zip file to access and inspect the log files.

Conclusion

We have seen various methods to collect Intune logs from macOS device for troubleshooting purpose. If you have direct access to the device, you can locate the log files and go through them to find any issues. When you don’t have access to the device, in that case you can Initiate Log collection request remotely from Intune admin center as well. Please note that for remote log collection, the device needs to be switched on and connected to the Internet.

Read Next

Enable/Configure macOS Firewall using Intune

Manually Sync macOS Devices with Intune