Step 5. Verify and monitor app protection
You can verify and monitor the status of the app protection policies that you've applied to users from Intune. The App protections status report provides the name and email of the user, the app protection status, the app protection policy targeted to the related app for the user, and the timestamp of the last sync of the app with Microsoft Intune. Additionally, there are several other details provided in the App protection status report that can be used to filter the success of applied app protection policies.
Note
App protection data is retained for a minimum of 90 days. Any app instances that have checked in to the Intune service within the past 90 days is included in the app protection status report.
Before checking on successfully deployed app protection policies, check to make sure the user has installed the app. For more information, see the following reports:
To verify an app protection policy, start by viewing the App protection status report in Intune (Apps > Monitor > App protection status). Next, export your data so you can filter and sort the results. You will need to filter the App Protection Status column to determine whether the related app is unprotected by not being targeted with a MAM policy. You will want to sort the list by App. Determine whether the end-user is licensed for app protection and Microsoft 365. If they are not licensed, assign an Intune license and/or a Microsoft 365 license to the user. If a user's app is listed as Not checked in, check if you've correctly configured the app protection policy for that app. In addition, look for issues based on App version and Platform. If you find a particular set of users that need an app protection policy for a specific app, verify the last sync of the app with Intune.
Note
Ensure that the conditions of your app protection policy applies across all end-users that must have the policy.
For more information, see How to validate your app protection policy setup in Microsoft Intune.
App protection logs
You can enable and collect app protection logs by enabling Intune Diagnostics on the end-user's device. Each platform has a different process to enable and collect app logs. For more information, see Review client app protection logs.
Intune diagnostics
The Intune Company Portal app has multiple options for gathering diagnostic information. The Company Portal includes UI that:
- Enables end users to gather Company Portal logs.
- Displays device and account metadata.
- Includes per-app information about the current MAM policy.
End users can also launch the Company Portal's diagnostic console through Microsoft Edge, by entering about:intunehelp in the address bar to assist in debugging.
Important
Diagnostics information for the device is only available when the Company Portal is installed on device.
Next step
Continue with Step 6 to use app protection actions in Microsoft Intune.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for