Use the Intune Troubleshooting blade for user-based diagnostics

  • 7 minutes

Rather than hunting through global policies when a single user reports an issue, the Troubleshooting blade provides a consolidated, user-centric view of everything Microsoft Intune knows about a specific identity and their hardware.

To best understand how this tool works, let's walk through a practical demonstration of a common support scenario.

Demonstration Scenario: "I can't access my email."

The Ticket: A user, Alex, submits a helpdesk ticket stating, "I just enrolled my new iPad, but I can't open my corporate email. It says my device is blocked."

Here is how you use the Troubleshooting blade to diagnose and resolve Alex's issue.

Step 1: Search and verify the user's foundation

Before looking at the iPad, we need to make sure Alex's core account is healthy.

  1. In the Microsoft Intune admin center, navigate to Troubleshooting + support > Troubleshoot.
  2. Click Select user and search for "Alex".
  3. The Observation: The dashboard loads Alex's profile. We immediately check the top summary tile.
    • User status: Account enabled
    • Intune license: Yes
    • Group memberships: We click this and confirm Alex is in the "Mobile Users" Microsoft Entra ID group.
    • Conclusion: The foundation is solid. The issue is not a licensing or identity problem.

Step 2: Check device health and enrollment

Next, we select the Devices tab on Alex's troubleshooting page to see what hardware is associated with their account.

  1. We see a list of Alex's devices: a Windows laptop and an iPad.
  2. The Observation: The Windows laptop shows a status of Compliant. However, the iPad shows a status of Non-compliant.
    • Conclusion: We have found the root cause of the block. Alex's email is being blocked by a Conditional Access policy because the iPad is failing a compliance check. Now we need to find out why it is non-compliant.

Step 3: Evaluate policy results

We need to drill down into the specific device to see the policy evaluation results.

  1. Still in the Troubleshooting blade, we click on the failing iPad in the device list.
  2. This opens a detailed view specifically for this iPad. We click on the Device Compliance tab.
  3. The Observation: We see a policy named "iOS Global Compliance Baseline" with a status of Error.
  4. We click on that policy to expand the line-by-line setting evaluation.
  5. The finding: The setting Require minimum OS version (iOS 16.0) is marked as Failed. The dashboard shows the iPad is currently running iOS 15.4.

Step 4: Determine the remediation options

Because we used the Troubleshooting blade, we went from a vague "email doesn't work" ticket to the exact failing setting in less than two minutes. We now have clear remediation options:

  • Remediation Action: We do not need to change any Intune configurations. We reply to Alex's ticket: "Hi Alex, your email is blocked because your iPad is running an older operating system. Please go to Settings > General > Software Update on your iPad and update to the latest iOS. Once updated, open the Company Portal app to sync your device, and your email will unlock."
  • Alternative Action (If needed): If Alex was a VIP and needed immediate access while traveling, we could temporarily navigate to the Microsoft Entra ID group and exclude Alex from that specific compliance policy, though this bypasses security protocols.