How to Collect Intune Logs from macOS device

In this blog post, we’ll explore the process of gathering diagnostic logs related to Intune on macOS. Whether you’re dealing with script deployment, application deployment, or device configuration issues, you can extract valuable information from log files to pinpoint the underlying problem.

Manually initiating Intune Sync on a device is also one of the Intune deployment troubleshooting steps; refer to the step-by-step guide on forcing Intune Sync manually from macOS.

We will check the CompanyPortal.log, IntuneMDMDaemon*.log, and IntuneMDMAgent*.log files to troubleshoot macOS Intune deployment issues. In the next sections, you will learn how to locate these files and what information is stored in them.

• How to Enroll Personal/BYOD MacOS in Intune
• How To Set Desktop Wallpaper On MacOS Using Intune.

1. Collect logs from Company Portal App on macOS

The CompanyPortal.log file contains information about the device, enrollment information, and registered user information below. Along with that, it provides details about the error message.

Device Information

• Device Build version
• Device Model
• Device Operating System Version
• Device Azure AD ID
• Device Compliant State
• Device Last Contact Time

Enrollment Related Information

• MDM Enrollment State of the device.

Registered User Information

• User Account ID
• Tenant ID
• User ID

1.1 Save Company portal diagnostic report locally

If you encounter any problems with the Company Portal app on a macOS device, you can review the CompanyPortal.log file. To capture data about the issue, follow these steps:

• Reproduce the Issue on your MacOS device.
• Open the Company Portal App > Help > Save diagnostic report.

• Click on Save.

• Extract the contents of the Company Portal.zip file by right-clicking on the file > Open With > Archive Utility.

• The CompanyPortal.log file will be extracted into the same folder—Double-click on the file to open it and search for errors.

• You can search for keywords in the file to jump directly to the error message. For Example, you can search for Error, Failed, etc., in the file to see if any errors are logged.

1.2 Send Company Portal App diagnostic logs to Microsoft

To share a diagnostic report with Microsoft, start by reproducing the issue and promptly click the Send diagnostic report option to send the file directly to Microsoft.

• Launch the Company Portal App on your device.
• Go to Help > Send diagnostic report.

• As evident in the screenshot below, an incident ID is generated. You can also click the Email Logs button to email a Microsoft support engineer.

2. Collect Intune MDM Agent logs from a macOS device

If you’re experiencing problems with macOS deployment or encountering issues with Intune sync and device check-in, you can review the Intune management logs. These logs can be found in the following locations:

• For system logs: /Library/Logs/Microsoft/Intune
• For user logs: ~/Library/Logs/Microsoft/Intune

The log files are named IntuneMDMDaemon date–time.log and IntuneMDMAgent date–time.log.

2.1 Location of IntuneMDMDaemon date–time.log file

• Go to Finder App > Go > Go to Folder...
• Type /Library/Logs/Microsoft/Intune path and double-click on the searched location to open.

• Please find the most recent IntuneMDMDaemon log file using the Date Modified column and double-click on it to open the file.

• To check real-time Intune Device check-in logs, you can manually Initiate Intune sync on the device. The logs will be in the IntuneMDMDaemon date–time.log file and updated in real time.

2.2 Location of IntuneMDMAgent date–time.log file

To find the location of the IntuneMDMAgent*.log file, follow the below steps:

• Go to Finder App > Go > Go to Folder...
• Search for ~/Library/Logs/Microsoft/Intune path and double-click on the searched location to open.

3. Collect macOS device logs from Intune admin center

The Intune script agent can remotely collect logs from a macOS device through the Intune admin center. Let’s walk through the steps:

• Sign in to the Intune admin center.
• Click on Devices > macOS >Shell scripts.
• Click on any Script deployment name.
• Go to either Device status or User status under Monitor.
• Click on the Device Name or User name > A Pane will open on the right-hand side.
• Click on Collect logs.

• You’ll need to input the absolute file path for each log to collect the logs. To separate multiple log files, use a semicolon (;).

• The Collect logs option supports file types such as .log, .zip, .gz, .tar, .txt, .xml, .crash, and .rtf. It’s important to note that the combined size of all the log files you want to collect remotely should not exceed 60 MB or 25 files in total, whichever limit is reached first.

For Example, if you want to remotely collect the IntuneMDMAgent*.log, IntuneMDMDaemon*.log, and CompanyPortal.log files from a macOS device, you should add the following file path for log collection: “/users/<username>/downloads/CompanyPortal.log” This will result in the collection of the CompanyPortal.log file, as well as the Intune Agent log files.

It’s important to note that even if you specify only one log file for collection, such as CompanyPortal.log, the process will automatically include the most recent IntuneMDMAgent*.log and IntuneMDMDaemon*.log log files.

You can separate file paths with semicolons to add multiple paths for log collection. For Example: <LogfilePath1>;<LogfilePath2>;<LogfilePath3>…. and so on.

Other Examples:

• /Library/Logs/Microsoft/Intune/*.log – This will fetch IntuneMDMAgent*.log, IntuneMDMDaemon*.log files from macOS device.

3.1 Download macOS device logs from the Intune admin center

Now that you’ve initiated the log collection request, it’s expected to be completed in less than 8 hours. After successfully completing the log collection process, you can download the requested logs from the Intune admin center.

If you have access to the macOS device, you can request that the user initiate a device check-in with Intune. This will trigger the log collection immediately, and you’ll be able to download the logs from the Intune admin center within a few minutes, eliminating the need to wait for a couple of hours.

To download logs from the Intune admin center, please follow these steps:

• Sign in to the Intune admin center.
• Click on Devices > macOS >Shell scripts.
• Click on any Script deployment name.
• Go to either Device status or User status under Monitor.
• Click on the Device Name or User name > A Pane will open on the right-hand side.
• Click on Download logs.

• A window will pop up once you click Download logs, allowing you to save the log files in a zip format. The zip file will be named ScriptTroubleshootingLogs_<date>.zip. Extract this zip file to access and inspect the log files.

Conclusion

This blog post explored various methods for collecting Intune troubleshooting logs from a managed macOS device. The ability to collect logs remotely from macOS devices is a powerful tool for IT administrators, as it eliminates the need to involve end users or take remote control of their devices. Administrators can initiate troubleshooting remotely by examining log files, which helps pinpoint the root causes of issues efficiently.

READ NEXT

• How To Set Desktop Wallpaper On MacOS Using Intune.
• How To Force Intune Sync Manually From MacOS.
• How to Enroll Personal/BYOD MacOS in Intune
• MacOS Profile Installation Failed While Intune Enrollment.
• How To Create A Scheduled Task Using Intune.