Use the troubleshooting portal to help users at your company

Applies to: Intune in the Azure portal
Looking for documentation about Intune in the classic portal? Read this introduction to Intune.

The troubleshooting portal lets help desk operators and Intune administrators view user information to address user help requests. Organizations that include a help desk can assign the Help desk operator to a group of users. The help desk operator role can use the Troubleshoot pane.

The Troubleshoot pane also shows user enrollment issues. Details about the issue and suggested remediation steps can help administrators and help desk operators troubleshoot problems. Certain enrollment issues aren't captured and some errors might not have remediation suggestions.

For steps on adding a help desk operator role, see Role-based administration control (RBAC) with Intune

When a user contacts support with a technical issue with Intune, the help desk operator enters the user's name. Intune shows useful data that can help resolve many tier-1 issues, including:

  • User status
  • Assignments
  • Compliance issues
  • Device not
  • Device not getting VPN or Wi-Fi settings
  • App installation failure

To review troubleshooting details

In the troubleshooting pane, choose Select user to view user information. User information can help you understand the current state of users and their devices.

  1. Sign into the Azure portal.
  2. Choose All services > Intune. Intune is located in the Monitoring + Management section.
  3. On the Intune pane, choose Troubleshoot.
  4. Click Select to select a user to troubleshoot.
  5. Select a user by typing the name or email address. Click Select. The troubleshooting information for the user shows in the Troubleshooting pane. The following tables explains the information.

Note

You can also access the troubleshooting pane by pointing your browser to: https://aka.ms/intunetroubleshooting.

Areas of troubleshooting dashboard

You can use the Troubleshoot pane to review user information.

Area Name Description
1. Account status Shows the status of the current Intune tenant as Active or Inactive.
2. User selection The name of the currently selected user. Click Change user to choose a new user.
3. User status Displays the status of the user's Intune license, number of devices, each device compliance, number of apps, and app compliance.
4. User information Use the list to select the details to review in the pane.
You can select:
  • Mobile apps
  • App protection policies
  • Compliance policies
  • Configuration policies
5. Group membership Yadda

Mobile apps reference

The apps that are running on devices or devices owned by users managed by Intune and Azure Active Directory (AD).

Properties

The properties of mobile apps.

Property Description
Name The name of the application.
OS The operating system installed on the device.
Type You can choose an assignment type for each app.
Available - Users install the app from the Company Portal app or website.
Not Applicable - The app is not installed or shown in the Company Portal.
Uninstall - The app is uninstalled from devices in the selected groups.
Available with or without enrollment - Assign this app to groups of users whose devices are not enrolled with Intune.
Last Modified The name of the type of device.

Devices

Devices managed by Intune or by users managed by Intune or Azure AD.

Property Description
Device name The name of the type of device.
Managed by The timestamp the policy was modified.
Azure AD join type The status of each of the users' app protection apps. The possible statuses for the apps are Checked in and Not checked in.
Ownership The type of device ownership. This can be Company, Personal, and Unknown.
Intune compliant The name of the type of device.
Azure AD compliant The status of each of the users' app protection apps. The possible statuses for the apps are Checked in and Not checked in.
OS The operating system installed on the device.
OS version The Operating System version number of the device.
Last check-in The name of the type of device.

App protection status

An app protection policy is available to mobile apps that integrate with Enterprise Mobility Solution (EMS) technologies. This gives a baseline of protection for your corporate data when it is downloaded to mobile apps, including the Office mobile apps. 

Property Description
Status The type of device ownership. This can be Company, Personal, and Unknown.
App name The name of the application
Device name The name of the type of device.
Device type The name of the type of device.
Policies The type of device ownership. This can be Company, Personal, and Unknown.
Last sync The timestamp of the last time the device synchronized with Intune.

App protection policies reference

An app protection policy is available to mobile apps that integrate with EMS technologies. This gives a baseline of protection for your corporate data when it is downloaded to mobile apps, including the Office mobile apps. 

Properties

The table summarizes app protection policies status for devices managed by Intune.

Property Description
Name The name of the application.
Deployed The status of each of the users' app protection apps. The possible statuses for the apps are Checked in and Not checked in.
Platform The type of device ownership. This can be Company, Personal, and Unknown.
Enrollment The name of the type of device.
Last Update The timestamp the policy was modified.

Devices

Devices managed by Intune or by users managed by Intune or Azure AD.

Property Text
Device Name The name of the type of device.
Managed By The timestamp the policy was modified.
Azure AD join type The status of each of the users' app protection apps. The possible statuses for the apps are Checked in and Not checked in.
Ownership The type of device ownership. This can be Company, Personal, and Unknown.
Intune compliant The name of the type of device.
Azure AD compliant The status of each of the users' app protection apps. The possible statuses for the apps are Checked in and Not checked in.
Azure AD compliant The status of each of the users' app protection apps. The possible statuses for the apps are Checked in and Not checked in.
OS The operating system installed on the device.
OS version The Operating System version number of the device.
Last Check in The name of the type of device.

Compliance policies reference

Makes sure that the devices used to access company apps and data, comply with certain rules like using a PIN to access the device, and encryption of data stored on the device.

Properties

The properties of the compliance policies.

Property Description
Assignment The status of each of the users' app protection apps. The possible statuses for the apps are Checked in and Not checked in.
Name The name of the application.
OS The operating system installed on the device.
Policy Type The type of device ownership. This can be Company, Personal, and Unknown.
Last Modified The name of the type of device.

Devices

Devices managed by Intune or by users managed by Intune or Azure AD.

Property Description
Device name The name of the type of device.
Managed by The timestamp the policy was modified.
Azure AD join type The status of each of the users' app protection apps. The possible statuses for the apps are Checked in and Not checked in.
Ownership The type of device ownership. This can be Company, Personal, and Unknown.
Intune compliant The name of the type of device.
Azure AD compliant The status of each of the users' app protection apps. The possible statuses for the apps are Checked in and Not checked in.
OS The operating system installed on the device.
OS version The Operating System version number of the device.
Last check-in The name of the type of device.

App protection policies

An app protection policy is available to mobile apps that integrate with EMS technologies. This gives a baseline of protection for your corporate data when it is downloaded to mobile apps, including the Office mobile apps. 

Property Description
Status The type of device ownership. This can be Company, Personal, and Unknown.
App name The name of the application
Device name The name of the type of device.
Device type The name of the type of device.
Policies The type of device ownership. This can be Company, Personal, and Unknown.
Last sync The timestamp of the last time the device synchronized with Intune.

Configuration policies reference

An app configuration policy is available to mobile apps with vendor-specific configuration. 

Properties

The properties of the configuration policies.

Property Description
Assignment The status of each of the users' app protection apps. The possible statuses for the apps are Checked in and Not checked in.
Name The name of the application.
OS The operating system installed on the device.
Policy Type The type of device ownership. This can be Company, Personal, and Unknown.
Last Modified The name of the type of device.

Devices

Devices managed by Intune or by users managed by Intune or Azure AD.

Property Description
Device name The name of the type of device.
Managed by The timestamp the policy was modified.
Azure AD join type The status of each of the users' app protection apps. The possible statuses for the apps are Checked in and Not checked in.
Ownership The type of device ownership. This can be Company, Personal, and Unknown.
Intune compliant The name of the type of device.
Azure AD compliant The status of each of the users' app protection apps. The possible statuses for the apps are Checked in and Not checked in.
OS The operating system installed on the device.
OS version The Operating System version number of the device.
Last check-in The name of the type of device.

App protection policies

An app protection policy is available to mobile apps that integrate with EMS technologies. This gives a baseline of protection for your corporate data when it is downloaded to mobile apps, including the Office mobile apps. 

Property Description
Status The type of device ownership. This can be Company, Personal, and Unknown.
App name The name of the application
Device name The name of the type of device.
Device type The name of the type of device.
Policies The type of device ownership. This can be Company, Personal, and Unknown.
Last sync The timestamp of the last time the device synchronized with Intune.

Next steps

You can learn more about Role-based administration control (RBAC) to define roles in your organizational device, mobile application management, data protection tasks. For more information, see Role-based administration control (RBAC) with Intune.

Learn about any known issues in Microsoft Intune. For more information, see Known issues in Microsoft Intune.

Learn how to create a support ticket a get help when you need it. Get support.