How to collect Intune logs from macOS device

In this blog post, we’ll explore the process of gathering diagnostic logs related to Intune on macOS. Whether you’re dealing with issues related to script deployment, application deployment, or device configuration, you can extract valuable information from log files to pinpoint the underlying problem.

I have written a blog post about How to force Intune Sync manually from macOS which also helps while troubleshooting Intune deployment issues. You can force MDM check-in and Intune agent check-in from a macOS device if required.

We will check CompanyPortal.log, IntuneMDMDaemon*.log, and IntuneMDMAgent*.log files for troubleshooting macOS Intune deployment issues. In the next sections, you will find out how to locate these files and what information is stored in these logs.

1. Collect logs from the Company Portal App on macOS

CompanyPortal.log file contains below Information about the device, Enrollment information, and registered user Information. Along with that, it provides details about the error message.

Device Information

  • Device Build version
  • Device Model
  • Device Operating System Version
  • Device Azure AD ID
  • Device Compliant State
  • Device Last Contact Time
  • MDM Enrollment State of the device.

Registered User Information

  • User Account ID
  • Tenant ID
  • User ID

1.1 Save Company portal diagnostic report locally

If you encounter any problems with the Company Portal app on a macOS device, you can review the CompanyPortal.log file. To capture data pertaining to the issue, follow these steps:

  • Reproduce the Issue on your MacOS device.
  • Open the Company Portal App > Help > Save diagnostic report.
Save diagnostic report Company Portal app
Save diagnostic report Company Portal app
  • Click on Save.
Save Company Portal diagnostic file
Save the Company Portal diagnostic file
  • Extract the contents of the Company Portal.zip file by right-clicking on the file > Open With > Archive Utility.
Company Portal.zip file extract contents
Company Portal.zip file extract contents
  • The CompanyPortal.log file will be extracted in the same folder. Double-click on the file to open and search for the errors.
CompanyPortal.log file
CompanyPortal.log file
  • You can search for keywords in the file to jump directly to the error message. For Example: Search for “Error”, “Failed” etc. in the file to see if there are any errors logged.
CompanyPortal.log file contents
CompanyPortal.log file contents

1.2 Send Company Portal App diagnostic logs to Microsoft

To share a diagnostic report with Microsoft, start by reproducing the issue, and then promptly click on the “Send diagnostic report” option to send the file directly to Microsoft.

  • Launch the Company Portal App on your device.
  • Go to Help > Send diagnostic report.
Send diagnostic report option in Company Portal app
Send diagnostic report option in the Company Portal app
  • As evident in the screenshot below, an incident ID is generated. Additionally, you have the option to click on the “Email Logs” button to send an email to a Microsoft support engineer.
Send Company Portal App diagnostic logs to Microsoft
Send Company Portal App diagnostic logs to Microsoft

2. Collect Intune MDM Agent logs from a macOS device

If you’re experiencing problems with macOS deployment or encountering issues with Intune sync and device check-in, you can review the Intune management logs. These logs can be found in the following locations:

  • For system logs: /Library/Logs/Microsoft/Intune
  • For user logs: ~/Library/Logs/Microsoft/Intune

The log files are named “IntuneMDMDaemon date–time.log” and “IntuneMDMAgent date–time.log

2.1 Location of IntuneMDMDaemon date–time.log file

  • Go to Finder App > Go > Go to Folder...
  • Type /Library/Logs/Microsoft/Intune path and double-click on the searched location to open.
Search for IntuneMDMDaemon*.log files on macOS
Search for IntuneMDMDaemon*.log files on macOS
  • Find the most recent IntuneMDMDaemon log file using the Date Modified column and double-click on it to open the file.
IntuneMDMDaemon*.log file location on macOS
IntuneMDMDaemon*.log file location on macOS
  • To check real-time Intune Device check-in logs, You can manually Initiate Intune sync on the device and will find the logs in IntuneMDMDaemon date–time.log file updating in real-time.
macOS device check-in process / logs in IntuneMDMDaemon*.log file
macOS device check-in process/logs in IntuneMDMDaemon*.log file

2.2 Location of IntuneMDMAgent date–time.log file

To find the location of the IntuneMDMAgent*.log file, follow the below steps:

  • Go to Finder App > Go > Go to Folder...
  • Search for ~/Library/Logs/Microsoft/Intune path and double-click on the searched location to open.
Location of IntuneMDMAgent*.log file
Location of IntuneMDMAgent*.log file

3. Collect macOS device logs from the Intune admin center

You can use the Intune script agent to remotely collect logs from a macOS device through the Intune admin center. Let’s walk through the steps:

  • Login on Microsoft Intune admin center.
  • Click on Devices > macOS >Shell scripts.
  • Click on any Script deployment name.
  • Go to either Device status or User status under Monitor.
  • Click on the Device Name or User name > A Pane will open on the right-hand side.
  • Click on Collect logs.
Collect Logs option for macOS device
Collect Logs option for macOS device
  • To collect the logs, you’ll need to input the absolute file path for each log. If you wish to collect multiple log files, simply separate their paths using a semicolon (;).
  • The “Collect logs” option supports file types such as .log, .zip, .gz, .tar, .txt, .xml, .crash, and .rtf. It’s important to note that the combined size of all the log files you want to collect remotely should not exceed 60 MB or 25 files in total, whichever limit is reached first.

For Example: if you want to remotely collect the IntuneMDMAgent*.log, IntuneMDMDaemon*.log, and CompanyPortal.log files from a macOS device, you should add the following file path for log collection: “/users/<username>/downloads/CompanyPortal.log” This will result in the collection of the CompanyPortal.log file, as well as the Intune Agent log files.

It’s important to note that even if you specify only one log file for collection, such as “CompanyPortal.log,” the process will automatically include the most recent IntuneMDMAgent*.log and IntuneMDMDaemon*.log log files.

To add multiple paths for log collection, you can separate file paths with semicolons. For Example: <LogfilePath1>;<LogfilePath2>;<LogfilePath3>…. and so on.

Other Examples:

  • /Library/Logs/Microsoft/Intune/*.log – This will fetch IntuneMDMAgent*.log, IntuneMDMDaemon*.log files from macOS device.
Collect logs file path to collect logs remotely for a macOS device
Collect logs file path to collect logs remotely for a macOS device

3.1 Download macOS device logs from the Intune admin center

Now that you’ve initiated the log collection request, it’s expected to be completed in less than 8 hours. After successful completion of the log collection process, you will be able to download the requested logs from the Intune admin center.

If you have access to the macOS device or are on a call with an end user who has access to that macOS device, you can request the user to Initiate a device check-in with Intune. This will trigger the log collection immediately, and you’ll be able to download the logs from the Intune admin center within a few minutes, eliminating the need to wait for a couple of hours.

To download logs from the Intune admin center, please follow these steps:

  • Login on Microsoft Intune admin center.
  • Click on Devices > macOS >Shell scripts.
  • Click on any Script deployment name.
  • Go to either Device status or User status under Monitor.
  • Click on the Device Name or User name > A Pane will open on the right-hand side.
  • Click on Download logs.
Download Logs option for macOS device on Intune admin center
Download Logs
  • Once you click on “Download logs” a window will pop up, allowing you to save the log files in a zip format. The zip file will be named “ScriptTroubleshootingLogs_<date>.zip” Extract this zip file to access and inspect the log files.
Downloaded Intune log files from mac device
Downloaded Intune log files from Mac device

Conclusion

In this blog post, we’ve explored various methods for collecting Intune troubleshooting logs from a managed macOS device. The ability to remotely collect logs from macOS devices is a powerful tool for IT administrators, as it eliminates the need to involve end users or take remote control of their devices. Administrators can initiate troubleshooting remotely by examining log files, which helps in pinpointing the root causes of issues efficiently.

Leave a Comment