How to Collect Intune Logs from MacOS Devices

In this comprehensive guide, we will cover different methods to collect Intune logs from macOS devices. After you collect Intune diagnostic logs from macOS devices, you can send them to Microsoft support, or save a report locally on the device for troubleshooting.

Whether you are using Configuration Manager or Intune, the first thing you will need if you are having trouble with app or script deployment is logs. Configuration Manager has a long list of logs to aid troubleshooting, and we have documented all of them under the articleSCCM log files．Furthermore, see how tocollect logs on Windows clients using SCCM．

Like Configuration Manager, you can also collect Intune logs from macOS devices and refer to them for troubleshooting. The Intune logs on macOS contain critical information that can help you troubleshoot issues such as application deployment failures, script execution failures and much more. You can also use the log collection process to troubleshoot macOS shell script policies.

In our earlier article, we showed you how tocollect Intune Logs from Windows devices．Even on Windows devices, you can use different methods to gather diagnostic logs. These are extremely helpful for troubleshooting issues related to Intune, particularly on remote devices.

Why did we republish this article?

A note to our readers: Our previous article on gathering Intune logs on Mac devices ranked first in Google searches. Unfortunately, two of our articles received false DMCA notifications, and Google later restored one of them. After consulting our attorney, we filed a DMCA counter notice and reported the matter to Google, and we are confident that the Google Team is aware of it. If we find such fake copyright notices sent to us, we will take legal action against the site and its owner.

List of Intune Logs for troubleshooting macOS issues

There are three main Intune log files required for investigating sync and deployment problems with macOS devices.

CompanyPortal.log
IntuneMDMDaemon.log
IntuneMDMAgent.log

All of the above logs assist you in troubleshooting issues on macOS devices. These logs are found only after the macOS devices have been enrolled in Intune. Let’s go through some interesting methods to collect Intune diagnostic logs on macOS devices.

Useful Article:Display Lock Screen Message for MacOS Users using Intune

When do you collect diagnostic logs on macOS devices?

Collecting Intune-related diagnostic logs on macOS devices is extremely useful in the situations listed below.

The diagnostic logs are helpful for troubleshooting issues related to macOS device enrollment. Most administrators rely on diagnostic logs to determine why amacOS device failed to enroll in Intune．
After enrolling macOS devices in Intune, the device may fail to check in with Intune and download the policies in some cases. In this case, the first step in troubleshooting is to collect and examine the macOS device diagnostic logs.
When you使用shell脚本在Intune macOS设备, the script deployment may fail to apply to the remote macOS devices. The diagnostic logs collected from macOS devices aid in troubleshooting failure issues.

Apart from the reasons listed above, any deployments that fail on macOS devices necessitate an examination of the diagnostic logs. When you open a support case for Microsoft Intune, the support engineer will ask for macOS device diagnostic logs. As a result, you must be aware of the correct procedure for collecting Intune diagnostic logs from a macOS device.

Also Read:Set MacOS Device Name to Serial Number using Intune

Prerequisites for log collection on macOS devices

Please review the prerequisites below before collecting Intune logs from macOS devices.

ThemacOS devices must be enrolled into Intunebefore you can collect the diagnostic logs.
The remote macOS device must be online if you are attempting to collect the logs from the Intune admin center. Otherwise, the log collection will fail, and you may have to retry it later when the device is online.
解决macOS shell脚本使用的政策log collection, you must specify the full, absolute log file path. This path should be a valid path, and the file paths must be separated using only a semicolon (;).
According toMicrosoft, the maximum log collection size to upload is 60 MB (compressed) or 25 files, whichever occurs first.
The file types that are allowed for log collection include the following extensions: .log, .zip, .gz, .tar, .txt, .xml, .crash, .rtf.

Methods to Collect Intune logs from MacOS devices

In this article, we will demonstrate three different procedures for collecting Intune diagnostic logs from macOS devices.

Collect Intune logs from macOS devices using the Company Portal
Manually gather Intune MDM Agent logs on macOS device
Collect macOS device diagnostic logs from Intune admin center

Method 1: Collect Intune logs from Company Portal on macOS device

We believe that the company portal app is one of the most straightforward methods for collecting logs from macOS devices. Microsoft learns from and improves future products by using Company Portal-specific diagnostics.

If you encounter any issues with theCompany Portal app on your macOS device, you can generate logs and send them to Microsoft Company Portal developers. Most Microsoft apps, such as Configuration Manager, have this feature, which allows users toprovide feedback to the team．

When you install the company portal app on a Mac device, you can report an issue or error that occurs in the company portal app. As a macOS administrator, you should know that the activities of the company portal are recorded in a separate file calledcompanyportal.log．这s log file is located on the macOS device itself.

Thanks to Microsoft, the company portal app on macOS devices allows administrators and users to collect logs for troubleshooting purposes. When you attempt to export Intune logs on a macOS device from the company portal, you are given two options.

Send diagnostic report: By choosing this option, Microsoft will receive a direct copy of the diagnostic report the company portal generates.
Save Diagnostic Report: Use this option to save the diagnostic report to your device. The logs can then be reviewed by you, sent to your support person, or forwarded to the Microsoft support team for further investigation.

Note: According to Microsoft, the collected logs are encrypted on the device, transmitted and stored in Microsoft Azure storage for 30 days. Stored logs are decrypted on demand and downloaded using the Microsoft Intune admin center.

We will investigate both of the preceding options in depth and determine what each option does. Let us look at how to send diagnostic reports to Microsoft and how to share macOS device diagnostic logs with your support person.

发诊断报告to Microsoft

Use the steps below to send a diagnostic report directly to Microsoft from the company portal on the macOS device:

Launch theCompany Portal Appon your macOS device.
SelectHelp>Send diagnostic report．

发诊断报告to Microsoft from Company Portal on macOS device

Now a “发诊断报告” window appears on the screen with the following message:We’ll send logs to Prajwal Desai and Microsoft Company Portal developers to assist in troubleshooting．

In the below screenshot, we see a unique alphanumeric incident ID is generated, and the Company Portal App diagnostic logs are sent to Microsoft. Make a note of this incident ID because it will be used by the Microsoft support team to identify and track the issue. The company portal logs are gathered and sent to Microsoft company portal developers in a matter of seconds.

After sending the logs to Microsoft, you can email the diagnostic logs to your IT helpdesk or support team. Let’s try that. Click on theEmail Logsbutton, and now the company portal diagnostic logs are sent to your support person.

Save Diagnostic Report Locally

这s method demonstrates how to save the company portal diagnostics logs on your macOS device locally.

Launch theCompany Portal Appon your macOS device.
Click onHelp, and then click onSave diagnostic report．

Save Diagnostic Report Locally on macOS Device

You must specify the file name and location to save diagnostic logs on a macOS device. Specifying tags is optional but recommended. By default, the file name will be saved with the name Company Portal.zip and this will be saved in the Documents folder on a Mac device. You can change the file name and location, but for now, we will save it with the default settings.

Once the diagnostic logs are saved on the macOS device, you can extract theCompany Portal.zipusing the built-in archive utility on Mac.

After thecompanyportal.zipfile is extracted, you get theCompanyPortal.logwhich contains the activities related to the company portal app. Furthermore, you can now share company portal app diagnostic logs with your support person for troubleshooting.

Let’s review the companyportal.log by opening it with a built-in text editor on Mac. According to the screenshot below, theCompanyPortal.logfile on macOS contains all information related to the company portal activities, including errors, warnings, and crash issues.

When you forward this log to your support team, the support person will review theCompanyPortal.logand determine the root cause of the issue.

Method 2: Collect Intune MDM Agent logs from macOS Devices

Before we show you how to collect Intune MDM Agent logs from macOS devices, it is important to know what these logs are and their location. When troubleshooting app/script deployment failures or company portal sync issues on macOS devices, theIntune MDM agent logsare critical. If your macOS device is failing to sync with Intune, you must always review theIntuneMDMAgentandIntuneMDMDaemonlogs.

Location of IntuneMDMAgent.log and IntuneMDMDaemon.log

On a macOS device, the Intune management agent logs are located in the following folders:

/Library/Logs/Microsoft/Intune (System)
~/Library/Logs/Microsoft/Intune (User Account)

The Intune MDM agent log file names areIntuneMDMDaemon date–time.logandIntuneMDMAgent date-time.log．Once you locate the Intune MDM agent logs on your macOS device, you can review the log files or send them to the support person for further troubleshooting.

Locate IntuneMDMAgent.log on MacOS Device

To locate theIntuneMDMAgent.logon your macOS device, use these steps.

Log in to your Mac device.
Hold theCommand+Shift+Gkeys to open a Go-to folder window.
Navigate to the~/Library/Logs/Microsoft/Intunepath to locate theIntuneMDMAgent.log．

Locate IntuneMDMAgent.log – Collect Intune MDM Agent logs from macOS Devices

Locate IntuneMDMDaemon.log on macOS device

Use the below steps to find theIntuneMDMDaemon.logon your macOS device.

Log in to your Mac device.
Hold theCommand+Shift+Gkeys to open a Go-to folder window.
Navigate to the/Library/Logs/Microsoft/Intunepath to locate theIntuneMDMDaemon.log．

Method 3: Collect macOS device diagnostic logs from Intune admin center

From the Intune admin center, you can collect the macOS device logs using the following steps:

Sign in to theMicrosoft Intune admin center．
Navigate toDevices>macOS>Shell Scriptsand select a macOS shell script.
In theDevice StatusorUser Statusreport, select a device and click onCollect Logs．

Collect macOS device diagnostic logs from Intune admin center

Enter the absolute log file path for collecting the logs. To begin the log collection, Microsoft recommends providing file paths separated by a semicolon (;), as discussed in the prerequisites section. You can specify either a single file path or multiple file paths.

Note: Multiple log file paths separated by a comma, period, newline, or quotation mark with or without spaces will result in a log collection error on macOS devices. Spaces are also not allowed as separators between paths.

Once you have specified a valid log file path, clickOKto start collecting logs on the macOS device.

A notification appears in the top-right corner of the Intune Portal indicating that log collection has begun. After a few seconds, we see a new notification: “Log collection initiated successfully“.

Collect macOS diagnostics logs from Intune Admin Center — Collect macOS diagnostic logs from Intune Admin Center

Expedite log collection on the remote macOS device

Once you have initiated a log collection request in the Intune portal, logs are collected the next time the Intune management agent on the macOS device checks in with Intune. This check-in usually occurs every 8 hours on all macOS devices. Once the log collection is complete, you will be able to download the requested logs from the Intune admin center.

To expedite log collection on the remote macOS device, instruct the user to force device check-in with Intune. Refer to the guide onhow to manually sync macOS devices for new policies with Intune．这s will immediately start the log collection process on the macOS device, and you should be able to download logs from the Intune admin center.

Download the macOS Device Diagnostic logs from Intune

Once the log collection process is completed, use these steps to download the macOS diagnostic logs from the Intune admin center:

Sign in to the Microsoft Intune admin center.
Go toDevices>macOS>Shell Scriptsand select a macOS shell script.
In theDevice StatusorUser Statusreport, select a device and click onDownload Logs．

Download the macOS Device Diagnostic logs from Intune Admin Center

After you click onDownload Logs, your browser downloads a .zip file containing the logs from the macOS device. The zip file name has a unique format, and it begins withScriptTroubleshootingLogs_week month date year.zip．Extract this zip file to your device to a folder to view the collected Intune log files.

In addition to the admin-specified logs, the Intune management agent logs are also collected from these folders:/Library/Logs/Microsoft/Intuneand~/Library/Logs/Microsoft/Intune．The agent log file names areIntuneMDMDaemon date–time.logandIntuneMDMAgent date-time.log．

If any admin-specified file is missing or has the incorrect file extension, the file names will be listed inLogCollectionInfo.txt.

The following logs are included in the diagnostic logs collected from the remote macOS device:

IntuneMDMDaemon date–time.log
IntuneMDMAgent date-time.log
LogCollectionInfo.txt

Fix Intune Download Logs Button Grayed Out

When you attempt to download macOS logs from the Intune admin center, you may notice that theDownload Logsoption is grayed out in some cases. This occurs when the log collection process has not yet been completed. To resolve this issue, you’ll have to wait until the logs have been collected from the macOS device, or you can force device check-in with Intune from the company portal app on macOS. Additionally, ensure that the remote mac device is connected to the internet for log collection.

Conclusion

We hope that this comprehensive guide has made it easier for you to collect Intune logs from macOS devices for troubleshooting. We have done our best to demonstrate the methods in an easy-to-follow manner. Troubleshooting issues on macOS devices enrolled in Microsoft Intune begins with collecting diagnostic logs and reviewing them. If your organization manages macOS devices with Intune, IT administrators can now collect logs without having to contact the end user. An Intune administrator can begin remote troubleshooting by looking through the log files to identify the root cause.