Generally you will need an agent on the devices. You might not be able to put agents on all of your user systems but you could run an agent on the systems that you do manage. Sort of a sample method.
It might help to narrow down the type of errors. If this is an Azure hosted app then there may be some related AAD logs. I assume it could be possible to gather those events within your software somehow.