In this article, we will cover different methods to collect Intune logs from macOS devices. After you collect Intune diagnostic logs from macOS devices, you can send them to Microsoft support or save a report locally on the device for troubleshooting.
Whether you are using Configuration Manager or Intune, the first thing you will need if you are having trouble with app or script deployment is logs. Configuration Manager has a long list of logs to aid troubleshooting, and we have documented all of them under the article SCCM log files. Furthermore, see how to collect logs on Windows clients using SCCM.
Like Configuration Manager, you can also collect Intune logs from macOS devices and refer to them for troubleshooting. The Intune logs on macOS contain critical information that can help you troubleshoot issues such as application deployment failures, script execution failures and much more. You can also use the log collection process to troubleshoot macOS shell script policies.
In our earlier article, we showed you how to collect Intune Logs from Windows devices. Even on Windows devices, you can use different methods to gather diagnostic logs. These are extremely helpful for troubleshooting issues related to Intune, particularly on remote devices.
List of Intune Logs for troubleshooting macOS issues
There are three main Intune log files required for investigating sync and deployment problems with macOS devices.
- CompanyPortal.log
- IntuneMDMDaemon.log
- IntuneMDMAgent.log
All of the above logs assist you in troubleshooting issues on Mac devices. The Intune device logs are found only after the macOS devices have been enrolled in Intune. Let’s go through some interesting methods to collect Intune diagnostic logs on macOS devices.
Useful Article: Display Lock Screen Message for MacOS Users using Intune
When do you collect Intune diagnostic logs on Mac Devices?
Collecting Intune-related diagnostic logs on Mac devices is extremely useful in the situations listed below.
- The diagnostic logs are helpful for troubleshooting issues related to macOS device enrollment. Most administrators rely on diagnostic logs to determine why a macOS device failed to enroll in Intune.
- After enrolling macOS devices in Intune, the device may fail to check in with Intune and download the policies in some cases. In this case, the first step in troubleshooting is to collect and examine the system logs on the macOS device, also known as diagnostic logs.
- When you use a shell script on macOS devices in Intune, the script deployment may fail to apply to the remote macOS devices. The diagnostic logs collected from macOS devices aid in troubleshooting failure issues.
Apart from the reasons listed above, any deployments that fail on macOS devices necessitate an examination of the diagnostic logs. When you open a support case for Microsoft Intune, the support engineer will ask for macOS device diagnostic logs. As a result, you must be aware of the correct procedure to check logs on Mac and collect diagnostic logs from a macOS device.
Also Read: Set MacOS Device Name to Serial Number using Intune
Prerequisites for log collection on macOS devices
Please review the prerequisites below before collecting Intune logs from mac devices.
- The macOS devices must be enrolled into Intune before you can collect the diagnostic logs.
- The remote macOS device must be online if you are attempting to collect the logs from the Intune admin center. Otherwise, the log collection will fail, and you may have to retry it later when the device is online.
- To troubleshoot macOS shell script policies using log collection, you must specify the full, absolute log file path. This path should be a valid path, and the file paths must be separated using only a semicolon (;).
- According to Microsoft, the maximum log collection size to upload is 60 MB (compressed) or 25 files, whichever occurs first.
- The file types that are allowed for log collection include the following extensions: .log, .zip, .gz, .tar, .txt, .xml, .crash, .rtf.
See Also: Enroll iOS iPadOS devices in Microsoft Intune
Methods to Collect Intune logs from MacOS devices
In this article, we will demonstrate three different procedures for collecting Intune diagnostic logs from Mac devices.
- Collect Intune logs from macOS devices using the Company Portal
- Manually gather Intune MDM Agent logs on Mac device
- Collect macOS device diagnostic logs from Intune admin center
Also Read: Remove Device from Company Portal for macOS
Method 1: Collect Intune logs from Company Portal on macOS device
We believe that the company portal app is one of the most straightforward methods for collecting logs from macOS devices. Microsoft learns from and improves future products by using Company Portal-specific diagnostics.
If you encounter any issues with the Company Portal app on your macOS device, you can generate logs and send them to Microsoft Company Portal developers. Most Microsoft apps, such as Configuration Manager, have this feature, which allows users to provide feedback to the team.
When you install the company portal app on a Mac device, you can report an issue or error that occurs in the company portal app. As a macOS administrator, you should know that the activities of the company portal are recorded in a separate file called companyportal.log. This log file is located on the macOS device itself.
Thanks to Microsoft, the company portal app on macOS devices allows administrators and users to collect logs for troubleshooting purposes. When you attempt to export Intune logs on a macOS device from the company portal, you are given two options.
- Send diagnostic report: By choosing this option, Microsoft will receive a direct copy of the diagnostic report the company portal generates.
- Save Diagnostic Report: Use this option to save the diagnostic report to your device. The logs can then be reviewed by you, sent to your support person, or forwarded to the Microsoft support team for further investigation.
Note: According to Microsoft, the collected logs are encrypted on the device, transmitted and stored in Microsoft Azure storage for 30 days. Stored logs are decrypted on demand and downloaded using the Microsoft Intune admin center.
We will investigate both of the preceding options in depth and determine what each option does. Let us look at how to send diagnostic reports to Microsoft and how to share macOS device diagnostic logs with your support person.
Send a Diagnostic Report to Microsoft
Use the steps below to send a diagnostic report directly to Microsoft from the company portal on the macOS device:
- Launch the Company Portal App on your macOS device.
- Select Help > Send diagnostic report.
Now a “Send Diagnostic Report” window appears on the screen with the following message: We’ll send logs to Prajwal Desai and Microsoft Company Portal developers to assist in troubleshooting.
In the below screenshot, we see a unique alphanumeric incident ID is generated, and the Company Portal App diagnostic logs are sent to Microsoft. The Microsoft support team will use this incident ID to find and follow up on the issue, so make a note of it. The company portal logs are gathered and sent to Microsoft company portal developers in a matter of seconds.
After sending the logs to Microsoft, you can email the diagnostic logs to your IT helpdesk or support team. Let’s try that. Click on the Email Logs button, and now the company portal diagnostic logs are sent to your support person.
Save Diagnostic Report Locally
This method demonstrates how to save the company portal diagnostics logs on your macOS device locally.
- Launch the Company Portal App on your macOS device.
- Click on Help, and then click on Save diagnostic report.
You must specify the file name and location to save diagnostic logs on a macOS device. Specifying tags is optional but recommended. By default, the file name will be saved with the name Company Portal.zip and this will be saved in the Documents folder on a Mac device. You can change the file name and location, but for now, we will save it with the default settings.
Once the diagnostic logs are saved on the macOS device, you can extract the Company Portal.zip using the built-in archive utility on Mac.
After the companyportal.zip file is extracted, you get the CompanyPortal.log which contains the activities related to the company portal app. Furthermore, you can now share company portal app diagnostic logs with your support person for troubleshooting.
Let’s review the companyportal.log by opening it with a built-in text editor on Mac. According to the screenshot below, the CompanyPortal.log file on macOS contains all information related to the company portal activities, including errors, warnings, and crash issues.
When you forward this log to your support team, the support person will review the CompanyPortal.log and determine the root cause of the issue.
Method 2: Collect Intune MDM Agent logs from macOS Devices
Before we show you how to collect Intune MDM Agent logs from macOS devices, it is important to know what these logs are and the Intune logs location. When troubleshooting app/script deployment failures or company portal sync issues on macOS devices, the Intune MDM agent logs are critical. If your macOS device is failing to sync with Intune, you must always review the IntuneMDMAgent and IntuneMDMDaemon logs.
Location of IntuneMDMAgent.log and IntuneMDMDaemon.log
On a macOS device, the Intune management agent logs are located in the following folders:
- /Library/Logs/Microsoft/Intune (System)
- ~/Library/Logs/Microsoft/Intune (User Account)
The Intune MDM agent log file names are IntuneMDMDaemon date–time.log and IntuneMDMAgent date–time.log. Once you locate the Intune MDM agent logs on your macOS device, you can review the log files or send them to the support person for further troubleshooting.
Locate IntuneMDMAgent.log on MacOS Device
To locate the IntuneMDMAgent.log on your macOS device, use these steps.
- Log in to your Mac device.
- Hold the Command+Shift+G keys to open a Go-to folder window.
- Navigate to the ~/Library/Logs/Microsoft/Intune path to locate the IntuneMDMAgent.log.
Locate IntuneMDMDaemon.log on macOS device
Use the below steps to find the IntuneMDMDaemon.log on your macOS device.
- Log in to your Mac device.
- Hold the Command+Shift+G keys to open a Go-to folder window.
- Navigate to the /Library/Logs/Microsoft/Intune path to locate the IntuneMDMDaemon.log.
Method 3: Collect macOS device diagnostic logs from Intune admin center
From the Intune admin center, you can collect the macOS device logs using the following steps:
- Sign in to the Microsoft Intune admin center.
- Navigate to Devices > macOS > Shell Scripts and select a macOS shell script.
- In the Device Status or User Status report, select a device and click on Collect Logs.
Enter the absolute log file path for collecting the Mac logs. To begin the log collection on macOS device, Microsoft recommends providing file paths separated by a semicolon (;), as discussed in the prerequisites section. You can specify either a single file path or multiple file paths.
Note: Multiple log file paths separated by a comma, period, newline, or quotation mark with or without spaces will result in a log collection error on macOS devices. Spaces are also not allowed as separators between paths.
Once you have specified a valid log file path, click OK to start collecting logs on the macOS device.
A notification appears in the top-right corner of the Intune Portal indicating that log collection has begun. After a few seconds, we see a new notification: “Log collection initiated successfully“.
Expedite log collection on the remote macOS device
Once you have initiated a log collection request in the Intune portal, logs are collected the next time the Intune management agent on the macOS device checks in with Intune. This check-in usually occurs every 8 hours on all macOS devices. Once the log collection is complete, you will be able to download the requested logs from the Intune admin center.
To expedite log collection on the remote Mac device, you can instruct the user to force device check-in with Intune. Refer to the guide on how to manually sync macOS devices for new policies with Intune. This will immediately start the log collection process on the Mac device, and you should be able to download logs from the Intune admin center.
Download the macOS Device Diagnostic logs from Intune
Once the macOS log collection process is completed, use these steps to download the diagnostic logs of Mac device from the Intune admin center:
- Sign in to the Microsoft Intune admin center.
- Go to Devices > macOS > Shell Scripts and select a macOS shell script.
- In the Device Status or User Status report, select a device and click on Download Logs.
After you click on Download Logs, your browser downloads a .zip file containing the logs from the macOS device. The zip file name has a unique format, and it begins with ScriptTroubleshootingLogs_week month date year.zip. Extract this zip file to your device to a folder to view the collected Intune log files.
In addition to the admin-specified logs, the Intune management agent logs are also collected from these folders: /Library/Logs/Microsoft/Intune and ~/Library/Logs/Microsoft/Intune. The agent log file names are IntuneMDMDaemon date–time.log and IntuneMDMAgent date–time.log.
If any admin-specified file is missing or has the incorrect file extension, the file names will be listed in LogCollectionInfo.txt.
The following logs are included in the diagnostic logs collected from the remote macOS device:
- IntuneMDMDaemon date–time.log
- IntuneMDMAgent date–time.log
- LogCollectionInfo.txt
Fix Intune Download Logs Button Grayed Out
When you attempt to download macOS logs from the Intune admin center, you may notice that the Download Logs option is grayed out in some cases. This occurs when the log collection process has not yet been completed. To resolve this issue, you’ll have to wait until the logs have been collected from the macOS device, or you can force device check-in with Intune from the company portal app on macOS. Additionally, ensure that the remote Mac device is connected to the internet for log collection.
Conclusion
We hope that this comprehensive guide has made it easier for you to collect Intune logs from macOS devices for troubleshooting. We have done our best to demonstrate the methods in an easy-to-follow manner. Troubleshooting issues on macOS devices enrolled in Microsoft Intune begins with collecting diagnostic logs and reviewing them. If your organization manages macOS devices with Intune, IT administrators can now collect logs without having to contact the end user. An Intune administrator can begin remote troubleshooting by looking through the log files to identify the root cause.
