From 0fd33ef1c618f84e799a1302050b0121156b71b2 Mon Sep 17 00:00:00 2001 From: mackie1604 Date: Thu, 3 Oct 2024 09:52:58 -0500 Subject: [PATCH 1/4] Update intune-endpoints.md Adding full list of URL's for diagnostic upload --- memdocs/intune/fundamentals/intune-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/intune-endpoints.md b/memdocs/intune/fundamentals/intune-endpoints.md index 76a708ef796..b02919bee29 100644 --- a/memdocs/intune/fundamentals/intune-endpoints.md +++ b/memdocs/intune/fundamentals/intune-endpoints.md @@ -113,7 +113,7 @@ ID |Desc |Category |ER |Addresses |Ports| 165 | Autopilot - NTP Sync | Default
Required | False | `time.windows.com` |**UDP:** 123| 169 | Autopilot - WNS Dependencies| Default
Required | False | `clientconfig.passport.net`
`windowsphone.com`
`*.s-microsoft.com`
`c.s-microsoft.com` | **TCP:** 443 | 173 | Autopilot - Third party deployment dependencies| Default
Required | False | `ekop.intel.com`
`ekcert.spserv.microsoft.com`
`ftpm.amd.com`
| **TCP:** 443| -182 | Autopilot - Diagnostics upload| Default
Required | False | `lgmsapeweu.blob.core.windows.net`
| **TCP:** 443| +182 | Autopilot - Diagnostics upload | Default
Required | False | `lgmsapeweu.blob.core.windows.net`
`lgmsapewus2.blob.core.windows.net`
`lgmsapesea.blob.core.windows.net`
`lgmsapeaus.blob.core.windows.net`
`lgmsapeind.blob.core.windows.net`
| **TCP:** 443| ### Remote Help From 5ffe65c3aa0c3db75ca6b458294bf05d239e9ad6 Mon Sep 17 00:00:00 2001 From: mackie1604 Date: Wed, 4 Dec 2024 14:04:54 -0600 Subject: [PATCH 2/4] Update collect-diagnostics.md Fixed a bug and removed the note about it. --- memdocs/intune/remote-actions/collect-diagnostics.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/remote-actions/collect-diagnostics.md b/memdocs/intune/remote-actions/collect-diagnostics.md index 5dad0d2b000..8bfa2de2f97 100644 --- a/memdocs/intune/remote-actions/collect-diagnostics.md +++ b/memdocs/intune/remote-actions/collect-diagnostics.md @@ -64,7 +64,7 @@ To download diagnostics: 2. On the **Summary** page, select the **Diagnostics** page and download the diagnostics. > [!IMPORTANT] -> For Android devices, if the Company Portal isn't signed in by the user, logs will not be available for download in the Intune portal. Diagnostic uploads exceeding 50 diagnostics or 4MB in diagnostic data cannot be downloaded directly from the Intune portal. For access to larger diagnostic uploads, reach out to [Microsoft Intune support](/mem/get-support). +> Diagnostic uploads exceeding 50 diagnostics or 4MB in diagnostic data cannot be downloaded directly from the Intune portal. For access to larger diagnostic uploads, reach out to [Microsoft Intune support](/mem/get-support). Diagnostics take approximately 30 minutes to be delivered from an end user's device. The user may be required to close and reopen the app if prompted for a pin when opening the app for the diagnostics request to prompt. From 49c75969e00dc682e035fe7979f6be133623c503 Mon Sep 17 00:00:00 2001 From: mackie1604 Date: Wed, 4 Dec 2024 15:57:00 -0600 Subject: [PATCH 3/4] Update collect-diagnostics.md Added supported apps for M365 diagnostics, added clarity around setting it up/configuring, and also around not needing MDM to collect M365 app logs --- .../remote-actions/collect-diagnostics.md | 27 ++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/memdocs/intune/remote-actions/collect-diagnostics.md b/memdocs/intune/remote-actions/collect-diagnostics.md index 8bfa2de2f97..8ee708d6890 100644 --- a/memdocs/intune/remote-actions/collect-diagnostics.md +++ b/memdocs/intune/remote-actions/collect-diagnostics.md @@ -32,19 +32,40 @@ ms.collection: # Collect diagnostics from an Intune managed device -The **Collect diagnostics** remote action lets you collect and download managed device logs without interrupting the user. Only nonuser locations and file types are accessed. +The **Collect diagnostics** remote action lets you collect and download managed device diagnostics without interrupting the user. Only nonuser locations and file types are accessed. > [!NOTE] -> Intune App Protection logs are available to download from the diagnostics tab in the **Troubleshooting** pane. However, M365 remote application logs are only available to their specific support engineers. +> Intune App Protection logs are available to download from the diagnostics tab in the **Troubleshooting** pane. However, M365 remote application diagnostics are only available to their specific support engineers. +> +> Devices do not have to be managed by MDM (Mobile device mangement) to have Intune app protection or M365 app diagnostics collected, only managed by an Intune app protection policy. > > The data is stored in Microsoft support systems and isn't subject to Intune data management policies or protections. Some applications might collect and store data using systems other than Intune. ## Collect diagnostics for Microsoft 365 remote applications -The Microsoft 365 remote application diagnostics allows Intune admins to request Intune app protection logs and Microsoft 365 application logs (where applicable) directly from the Intune console. Admins can find this report in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) by selecting **Troubleshooting + support** > **Troubleshoot** > *select a user* > **Summary** > *App protection**. This feature is exclusive to applications that are under Intune app protection management. If supported, the application specific logs are gathered and stored within dedicated storage solutions for each application. +The Microsoft 365 remote application diagnostics allows Intune admins to request Intune app protection diagnostics and Microsoft 365 application diagnostics (where applicable) directly from the Intune console. Admins can find this report in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) by selecting **Troubleshooting + support** > **Troubleshoot** > *select a user* > **Summary** > *App protection**. This feature is exclusive to applications that are under Intune app protection management. If supported, the application specific logs are gathered and stored within dedicated storage solutions for each application. +Applications with support for M365 application diagnostics: + +- Outlook iOS/Android +- Teams iOS/Android +- OneDrive iOS/Android +- Microsoft Edge iOS/Android +- Microsoft Word iOS +- Microsoft Excel iOS +- Microsoft PowerPoint iOS +- OneNote iOS +- Microsoft 365 (Office) iOS + ### Collect diagnostics from a M365 Application +Requirements to collect diagnostics from an M365 application: + +1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +2. Navigate to **Tenant administration** > **Device diagnostics** > Make sure the 3rd setting is enabled. +3. Create and deploy an Intune App Protection policy to a user, more information [here](https://learn.microsoft.com/mem/intune/apps/app-protection-policies). +4. Confirm the application has been managed by Intune App Protection policy. This can be checked locally on the device and/or loading the user into the Intune Troubleshooting Pane and opening the App Protection summary page. + To use the *Collect diagnostics* action: 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) From 0a88d33cac68fdd33a2f06bc89b5cf3cef113d85 Mon Sep 17 00:00:00 2001 From: Smriti Bhardwaj <95657523+Smritib17@users.noreply.github.com> Date: Tue, 17 Dec 2024 09:36:27 -0800 Subject: [PATCH 4/4] Update collect-diagnostics.md fixing a link --- memdocs/intune/remote-actions/collect-diagnostics.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/remote-actions/collect-diagnostics.md b/memdocs/intune/remote-actions/collect-diagnostics.md index 8ee708d6890..118525c200d 100644 --- a/memdocs/intune/remote-actions/collect-diagnostics.md +++ b/memdocs/intune/remote-actions/collect-diagnostics.md @@ -63,7 +63,7 @@ Requirements to collect diagnostics from an M365 application: 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. Navigate to **Tenant administration** > **Device diagnostics** > Make sure the 3rd setting is enabled. -3. Create and deploy an Intune App Protection policy to a user, more information [here](https://learn.microsoft.com/mem/intune/apps/app-protection-policies). +3. Create and deploy an Intune App Protection policy to a user, more information [here](../apps/app-protection-policies.md). 4. Confirm the application has been managed by Intune App Protection policy. This can be checked locally on the device and/or loading the user into the Intune Troubleshooting Pane and opening the App Protection summary page. To use the *Collect diagnostics* action: