Intune app protection diagnostics and Edge bookmarks

Many of the organizations I work with have deployed or are deploying Microsoft Intune to manage devices as well as applications. Microsoft Intune offers application protection (aka Mobile Application Management (MAM)) where policies manage applications. Application protection may be used with or without MDM enrollment. If you already have an MDM solution, Intune application protection may be utilized alongside of any MDM provider.

To learn more about Intune app protection please visit: https://docs.microsoft.com/en-us/intune/app-protection-policy

For those already utilizing Intune app protection, there’s a diagnostic feature available within Edge allowing users to view and send diagnostic logs to their support team and/or Microsoft support.

For more details on the Intune diagnostic console please visit: https://blogs.technet.microsoft.com/intunesupport/2017/11/10/support-tip-new-intune-diagnostic-console-for-log-submission-in-the-intune-managed-browser/

4/2020 Update – Android now supports App Protection diagnostics with Edge mobile browser.  For more details please visit: https://docs.microsoft.com/en-us/mem/intune/apps/manage-microsoft-edge#use-microsoft-edge-to-access-managed-app-logs

Let’s look at Intune Mobile App Protection (MAM) diagnostics

Requirements

  • Microsoft Intune
  • Intune app protection policy assigned to users
  • Intune managed browser
  • Apple iOS or Android device

Intune App Protection Policies

I won’t go into details about how to configure an app protect policy as there’s plenty of documentation available.  To learn more about creating app protection policies please visit: https://docs.microsoft.com/en-us/intune/app-protection-policies

If devices are enrolled with Intune simply deploy Edge to iOS and/or Android devices.  For devices that are not enrolled with Intune, have users download the Edge from the Apple app store or Google Play.

Use Edge to troubleshoot app protection

Open Edge on the iOS or Android device where applications are protected by Intune app protection policies.  In the navigation space type in: about:intunehelp and search.  You’ll be taken to Intune Diagnostics page where you can begin your investigation:

Remember to to configure Edge by visiting: https://docs.microsoft.com/en-us/mem/intune/apps/manage-microsoft-edge#use-microsoft-edge-to-access-managed-app-logs

Later in this post I’ll show you how to create a bookmark for your users to access Intune Diagnostics.

Review the device information and select “View Intune App Status”:

image

Select an application that is protected, in my case I’ve selected Outlook and I’m able to see diagnostic info about the app and the policies settings that are deployed to it:

image

Configure Edge with a bookmark that takes users straight to the Intune diagnostic screen

Navigate to the Intune admin portal via portal.azure.com and select Intune.  Next select Mobile apps, App configuration policies, and Add:

image

    1. In the General tab, give the policy a name
    2. In the Targeted apps tab, select Managed Browser
    3. In the Configuration tab, add the following:

Assign the configuration to users

Under Name

com.microsoft.intune.mam.managedbrowser.bookmarks

Under Value

Bing|https://www.bing.com||Intune Diagnostic|about:intunehelp

Note: Bing is optional, take it out if you don’t want to add it.

Once configuration is complete, assign the configuration to users.

image

After the policy syncs with the app (usually a few minutes or so), open the Intune managed browser or Edge and select bookmarks and your bookmarks will be populated as shown below:

image

That’s it, we looked at troubleshooting Intune app protection and adding a bookmark for your users to easily access it.

Author: Courtenay Bernier

Courtenay is a technology professional with expertise in aligning traditional software and cloud services to strategic business initiatives. He has over 20 years of experience in the technology field as well as industry experience working with distribution centers, call centers, manufacturing, retail, restaurant, software development, engineering, and consulting. I am a Principal PM on the Microsoft Endpoint Management Engineering Team, all posts, opinions, statements are my own.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.