Intune app protection diagnostics and managed browser bookmarks
Many of the organizations I work with have deployed or are deploying Microsoft Intune to manage devices as well as applications. Microsoft Intune offers application protection (aka Mobile Application Management (MAM)) where policies manage applications. Application protection may be used with or without MDM enrollment. If you already have an MDM solution, Intune application protection may be utilized alongside of any MDM provider.
To learn more about Intune app protection please visit: /en-us/intune/app-protection-policy
For those already utilizing Intune app protection, there’s a diagnostic feature available within the Intune managed browser for iOS allowing users to view and send diagnostic logs to their support team and/or Microsoft support.
For more details on the Intune diagnostic console please visit: https://blogs.technet.microsoft.com/intunesupport/2017/11/10/support-tip-new-intune-diagnostic-console-for-log-submission-in-the-intune-managed-browser/
Let’s look at Intune Mobile App Protection (MAM) diagnostics
Requirements
- Microsoft Intune
- Intune app protection policy assigned to users
- Intune managed browser
- Apple iOS device
Intune App Protection Policies
I won’t go into details about how to configure an app protect policy as there’s plenty of documentation available. To learn more about creating app protection policies please visit: https://docs.microsoft.com/en-us/intune/app-protection-policies
If devices are enrolled with Intune simply deploy the Intune managed browser to iOS devices. For devices that are not enrolled with Intune, have users download the Intune managed browser from the Apple app store: https://itunes.apple.com/us/app/intune-managed-browser/id943264951?mt=8
- Also review the Intune partners were app protection is available: https://www.microsoft.com/en-us/cloud-platform/microsoft-intune-apps
- Protect your line of business apps with the Intune app SDK: https://docs.microsoft.com/en-us/intune/app-sdk
Use Intune managed browser to troubleshoot app protection
Open in the Intune managed browser on the iOS device where applications are protected by Intune app protection policies. In the navigation space type in: about:intunehelp and search. You’ll be taken to Intune Diagnostics page where you can begin your investigation:
Later in this post I’ll show you how to create a bookmark for your users to access Intune Diagnostics.
Review the device information and select “View Intune App Status”:
Select an application that is protected, in my case I’ve selected Outlook and I’m able to see diagnostic info about the app and the policies settings that are deployed to it:
Configure the Intune managed browser with a bookmark that takes users straight to the Intune diagnostic screen
Navigate to the Intune admin portal via portal.azure.com and select Intune. Next select Mobile apps, App configuration policies, and Add:
- In the General tab, give the policy a name
- In the Targeted apps tab, select Managed Browser
- In the Configuration tab, add the following:
- Assign the configuration to users
Under Name
com.microsoft.intune.mam.managedbrowser.bookmarks
Under Value
Bing|https://www.bing.com||Intune Diagnostic|about:intunehelp
Note: Bing is optional, take it out if you don’t want to add it.
Once configuration is complete, assign the configuration to users.
After the policy syncs with the app (usually a few minutes or so), open the Intune managed browser and select bookmarks and your bookmarks will be populated as shown below:
That’s it, we looked at troubleshooting Intune app protection and adding a bookmark for your users to easily access it.