Many of the organizations I work with have deployed or are deploying Microsoft Intune to manage devices as well as applications. Microsoft Intune offers application protection (aka Mobile Application Management (MAM)) where policies manage applications. Application protection may be used with or without MDM enrollment. If you already have an MDM solution, Intune application protection may be utilized alongside of any MDM provider.
To learn more about Intune app protection please visit: https://docs.microsoft.com/en-us/intune/app-protection-policy
For those already utilizing Intune app protection, there’s a diagnostic feature available within Edge allowing users to view and send diagnostic logs to their support team and/or Microsoft support.
For more details on the Intune diagnostic console please visit: https://blogs.technet.microsoft.com/intunesupport/2017/11/10/support-tip-new-intune-diagnostic-console-for-log-submission-in-the-intune-managed-browser/
4/2020 Update – Android now supports App Protection diagnostics with Edge mobile browser. For more details please visit: https://docs.microsoft.com/en-us/mem/intune/apps/manage-microsoft-edge#use-microsoft-edge-to-access-managed-app-logs
Let’s look at Intune Mobile App Protection (MAM) diagnostics
Requirements
- Microsoft Intune
- Intune app protection policy assigned to users
- Intune managed browser
- Apple iOS or Android device
Intune App Protection Policies
I won’t go into details about how to configure an app protect policy as there’s plenty of documentation available. To learn more about creating app protection policies please visit: https://docs.microsoft.com/en-us/intune/app-protection-policies
If devices are enrolled with Intune simply deploy Edge to iOS and/or Android devices. For devices that are not enrolled with Intune, have users download the Edge from the Apple app store or Google Play.
- Also review the Intune partners were app protection is available: https://www.microsoft.com/en-us/cloud-platform/microsoft-intune-apps
- Protect your line of business apps with the Intune app SDK: https://docs.microsoft.com/en-us/intune/app-sdk
Use Edge to troubleshoot app protection
Open Edge on the iOS or Android device where applications are protected by Intune app protection policies. In the navigation space type in: about:intunehelp and search. You’ll be taken to Intune Diagnostics page where you can begin your investigation:
Remember to to configure Edge by visiting: https://docs.microsoft.com/en-us/mem/intune/apps/manage-microsoft-edge#use-microsoft-edge-to-access-managed-app-logs
Later in this post I’ll show you how to create a bookmark for your users to access Intune Diagnostics.
Review the device information and select “View Intune App Status”:
Select an application that is protected, in my case I’ve selected Outlook and I’m able to see diagnostic info about the app and the policies settings that are deployed to it:
Configure Edge with a bookmark that takes users straight to the Intune diagnostic screen
Navigate to the Intune admin portal via portal.azure.com and select Intune. Next select Mobile apps, App configuration policies, and Add:
-
- In the General tab, give the policy a name
- In the Targeted apps tab, select Managed Browser
- In the Configuration tab, add the following:
Assign the configuration to users
Under Name
com.microsoft.intune.mam.managedbrowser.bookmarks
Under Value
Bing|https://www.bing.com||Intune Diagnostic|about:intunehelp
Note: Bing is optional, take it out if you don’t want to add it.
Once configuration is complete, assign the configuration to users.
After the policy syncs with the app (usually a few minutes or so), open the Intune managed browser or Edge and select bookmarks and your bookmarks will be populated as shown below:
That’s it, we looked at troubleshooting Intune app protection and adding a bookmark for your users to easily access it.
Mobility, Management, & Security 