3 Proven Ways to Collect Intune logs from macOS devices

In this article, we will demonstrate multiple methods to collect Intune logs from macOS devices. You can collect Intune diagnostic logs from macOS devices and send them to Microsoft for troubleshooting, or you can save a report locally on the device.

Whether you are using Configuration Manager or Intune, the first thing you will need if you are having trouble with app or script deployment is logs. Like Configuration Manager, you can also collect Intune logs from macOS devices and refer to them during troubleshooting. See how to collect logs on Windows clients using SCCM.

In our earlier article, we showed you how to collect Intune Logs from Windows devices. Even on Windows devices, you can use different methods to gather diagnostic logs. These are extremely helpful for troubleshooting issues related to Intune, particularly on remote devices.

There are three main Intune log files required for investigating sync and deployment problems with macOS devices.

• CompanyPortal.log
• IntuneMDMDaemon.log
• IntuneMDMAgent.log

You can use multiple methods described in this article to gather the above Intune logs on macOS devices.

Useful Article: Display Lock Screen Message for MacOS Users using Intune

When do you collect diagnostic logs on macOS devices?

Collecting Intune-related diagnostic logs on macOS devices is extremely useful in the situations listed below.

• The diagnostic logs are helpful for troubleshooting issues related to device enrollment. Only diagnostic logs can reveal the cause of a macOS device’s failure to enroll in Intune.
• After enrolling macOS devices in Intune, the device may fail to check in with Intune and download the policies in some cases. In this case, the first step in troubleshooting is to collect and examine the macOS device diagnostic logs.
• When you use a shell script on macOS devices in Intune, the script deployment may fail to apply on the remote macOS devices. The diagnostic logs collected from macOS devices aid in troubleshooting failure issues.

Apart from the reasons listed above, any deployments that fail on macOS devices necessitate an examination of the diagnostic logs. When you log a support case for Microsoft Intune, the support engineer will request for macOS device diagnostic logs. As a result, you must be aware of the correct procedure for collecting Intune diagnostic logs from a macOS device.

Also Read: Set MacOS Device Name to Serial Number using Intune

Requirements for log collection on macOS devices

The following items are required to collect Intune logs from macOS devices:

• The macOS devices must be enrolled into Intune before you can collect the diagnostic logs.
• The remote macOS device must be online if you are attempting to collect the logs from Intune admin center.
• To troubleshoot macOS shell script policies using log collection, you must specify the full, absolute log file path.
• File paths must be separated using only a semicolon (;).
• The maximum log collection size to upload is 60 MB (compressed) or 25 files, whichever occurs first.
• File types that are allowed for log collection include the following extensions: .log, .zip, .gz, .tar, .txt, .xml, .crash, .rtf

See Also: Enroll iOS iPadOS devices in Microsoft Intune

Methods to Collect Intune logs from MacOS devices

In this article, we will demonstrate three different approaches to collecting Intune diagnostic logs from macOS devices.

1. Collect logs from the Company Portal on macOS device
2. Manually gather Intune MDM Agent logs on macOS device
3. Collect macOS device diagnostic logs from Intune admin center

Method 1: Collect Intune logs from Company Portal on macOS device

One of the easiest ways to collect logs from macOS devices is using the company portal app. Microsoft uses the Company Portal-specific diagnostics to learn from and improve upon future products. First, try to reproduce the problem so that you receive the error message again. Then select Report to immediately upload and share the macOS device diagnostic logs.

If you encounter any issues with the Company Portal app on your macOS device, you can generate logs and send them to Microsoft Company Portal developers. You can report an issue or error that occurs in the Intune Company Portal app for macOS. The activities of the company portal are recorded in a separate file called companyportal.log.

The company portal app on macOS device lets you gather logs for troubleshooting issues. When you attempt to export Intune logs through macOS company portal, there are two options presented.

• Send Diagnostic Report: Selecting this option will share the diagnostic report generated by company portal directly with Microsoft.
• Save Diagnostic Report: Choose this option to first replicate the issue, and then right away choose Send diagnostic report to send the diagnostic report to Microsoft.

We will explore both the above options in detail and understand what each option does. Let’s see how to share macOS device diagnostic logs with your support person, and how to send a diagnostic report to Microsoft.

Send Diagnostic Report to Microsoft

Use the following steps to send diagnostic report from macOS company portal directly to Microsoft.

• Launch Company Portal App on your macOS device.
• Select Help > Send diagnostic report.

A “Send Diagnostic Report” window appears on the screen with the following message. We’ll send logs to Prajwal Desai and Microsoft Company Portal developers to assist in troubleshooting. After sending, you can email details to your support person.

In the below screenshot, we see an incident ID is generated and the Company Portal App diagnostic logs are sent to Microsoft. This incident ID is used by Microsoft support team to identify the issue and track it. It takes a few seconds to gather the company portal logs and send it to Microsoft company portal developers.

Once the logs are sent to Microsoft, you can click on Email Logs button to email the company portal diagnostic logs to Microsoft Support.

Save Diagnostic Report Locally

Follow the steps below to save the company portal diagnostics logs locally on your macOS device.

• Launch Company Portal App on your macOS device.
• Click on Help and then click on Save diagnostic report.

If necessary, you can modify the company portal log file’s name and location in the Save window. The company portal logs are placed into a zip file with the name Company Portal.zip that is saved in the Downloads folder.

You can extract the Company Portal.zip using the built-in Archive Utility on Mac. You get the CompanyPortal.log which contains the company portal activity. Furthermore, you can share company portal app diagnostic logs with your support person for troubleshooting.

The CompanyPortal.log on macOS contains all the information related to company portal including errors, warnings, crash issues etc. The support person will review the CompanyPortal.log and determine the root cause of the issue.

Method 2: Collect Intune MDM Agent logs from macOS Devices

The Intune MDM agent logs are critical when you want to troubleshoot issues with app/script deployment failures on macOS devices. If your macOS device is failing to sync with Intune, you must review the IntuneMDMAgent and IntuneMDMDaemon logs.

Location of IntuneMDMAgent.log and IntuneMDMDaemon.log

On a macOS device, the Intune management agent logs are also located in the following folders.

• /Library/Logs/Microsoft/Intune (System)
• ~/Library/Logs/Microsoft/Intune (User Account)

The Intune agent log file-names are IntuneMDMDaemon date–time.log and IntuneMDMAgent date–time.log. Once you locate the Intune MDM agent logs on macOS device, you can review the log file or send them to the support person for further troubleshooting.

Locate IntuneMDMAgent.log on MacOS Device

If you need to locate the IntuneMDMAgent.log on your macOS device, use these steps.

• Log in to your Mac device.
• Hold Command+Shift+G to open a Go-to folder window.
• Navigate to ~/Library/Logs/Microsoft/Intune path to locate the IntuneMDMAgent.log.

Locate IntuneMDMDaemon.log on macOS device

Use the below steps to find the IntuneMDMDaemon.log on your macOS device.

• Log in to your Mac device.
• Hold Command+Shift+G to open a Go-to folder window.
• Navigate to /Library/Logs/Microsoft/Intune path to locate the IntuneMDMDaemon.log.

Method 3: Collect macOS device diagnostic logs from Intune admin center

From the Intune admin center, you can collect the diagnostic logs from macOS devices using the following steps:

1. Sign in to the Microsoft Intune admin center.
2. Navigate to Devices > macOS > Shell Scripts and select a macOS shell script.
3. In the Device Status or User Status report, select a device and click on Collect logs.

To collect the logs, enter the absolute log file path. Microsoft suggests providing file paths separated by a semicolon (;) to begin the log collection. You can specify either a single file path or multiple file paths.

Note: Multiple log file paths separated using comma, period, newline, or quotation marks with or without spaces will result in a log collection error. Spaces are also not allowed as separators between paths.

File types that are allowed for log collection include the following extensions: .log, .zip, .gz, .tar, .txt, .xml, .crash, .rtf. Please ensure that the size of all the log files which you want to collect remotely should not be more than 60 MB or 25 files in total, whichever occurs first.

Click OK to begin the log collection on macOS device.

A notification appears in the top-right corner of the Intune Portal indicating that log collection has begun. After a few seconds, we see a new notification: “Log collection initiated successfully“.

Download the macOS Device Diagnostic logs from Intune

Once you have initiated a log collection request in the Intune portal, logs are collected the next time the Intune management agent on the macOS device checks in with Intune. This check-in usually occurs every 8 hours. Once the log collection is complete, you will be able to download the requested logs from the Intune admin center.

To expedite log collection on the remote macOS device, instruct the user to force device check-in with Intune. Refer to the guide on how to manually sync macOS devices with Intune. This will immediately start the log collection process, and you will be able to download logs from the Intune admin center without having to wait a couple of hours.

Once the log collection process is completed, use these steps to download the macOS diagnostic logs from the Intune admin center:

• Sign in to the Microsoft Intune admin center.
• Go to Devices > macOS > Shell Scripts and select a macOS shell script.
• In the Device Status or User Status report, select a device and click on Download logs.

Note: If the “Download Logs” button is grayed out in Intune while collecting the logs for the selected macOS device, it means the log collection process isn’t completed yet. You’ll have to wait until the logs have been collected from the macOS device, or you can force device check-in with Intune from the company portal app on macOS.

After you click on Download Logs, your browser downloads a .zip file containing the logs from the macOS device. The zip file name has a unique format, and it begins with ScriptTroubleshootingLogs_week month date year.zip. Extract this zip file to a folder to view the collected log files.

In addition to the admin-specified logs, the Intune management agent logs are also collected from these folders: /Library/Logs/Microsoft/Intune and ~/Library/Logs/Microsoft/Intune. The agent log file-names are IntuneMDMDaemon date–time.log and IntuneMDMAgent date–time.log.

If any admin-specified file is missing or has the wrong file-extension, you will find these file-names listed in LogCollectionInfo.txt.

The following logs are included in the diagnostic logs collected from the remote macOS device:

• IntuneMDMDaemon date–time.log
• IntuneMDMAgent date–time.log
• LogCollectionInfo.txt

Conclusion

In this article, we have demonstrated three unique methods to collect Intune logs from macOS devices. You can collect diagnostic logs from Intune managed macOS devices using any of the methods listed above. It is extremely useful for IT administrators to be able to remotely control macOS devices and collect logs without having to call the end user. An IT administrator can begin remote troubleshooting by looking through the log files to identify the root cause.

Recommended Reading

• Disable Software Update Notifications on macOS Using Intune
• Enable Guest Account on MacOS using Intune
• How to Enable Screen Sharing on MacOS using Intune
• Manage macOS Software Updates using Intune
• Fix Intune Profile Installation Failed during macOS Enrollment