OneDrive Office Hours | July 2025
July 10, 2025Multi-Agent Systems and MCP Tools Integration with Azure AI Foundry
July 10, 2025
By: Chris Kunze – Principal Product Manager | Microsoft Intune
The Microsoft Intune management agent for macOS is a crucial part of deploying and managing applications and scripts through Intune. It manages running scripts and installing apps of types macOS app (DMG) and macOS app (PKG). The following questions will help you verify if your Intune management gent is installed, operational, and functioning properly.
Is the agent installed?
The Intune management agent, displayed as Microsoft Intune Agent on a device, is installed when scripts or apps requiring the agent are assigned. This is usually at device enrollment since the agent installs immediately after the device receives the Intune management profile. Once installed, you can find the agent at /Library/Intune/Microsoft Intune Agent.app. You can also check the version of the client installed by right clicking the file and selecting ‘Get Info’.
A screenshot of the Microsoft Intune agent information.
Are the agent processes running?
There are two processes that should run once the agent installs:
- IntuneMdmDaemon: Responsible for PKG, DMG, and running scripts as root.
- IntuneMdmAgent: Responsible for running scripts as user.
You can use the following command in Terminal to determine if the processes are running:
pgrep -il “^IntuneMdm”
If it’s determined that the processes aren’t running, they can be restarted by launching the Microsoft Intune Agent.app.
Are logs being generated?
The transaction logs for the Microsoft Intune Agent start with IntuneMDMDaemon and are found at /Library/Logs/Microsoft/Intune.
If the transaction logs aren’t being generated, and the Microsoft Intune Agent is installed, ensure that scripts or PKG or DMG apps are assigned to the device.
If the transaction logs aren’t being generated, and the Microsoft Intune Agent is installed, ensure that scripts or PKG or DMG apps are assigned to the device.
What is shown in the logs?
The IntuneMDMDaemon logs are broken up into 6 columns of data delimited by a pipe character (|). Each log line provides the following information:
- Date and time of the log
- Process (IntuneMDM-Daemon)
- Log level (Information, Warning, and Error)
- Process ID
- Task that wrote the log
- Task information
Note: The logs in this blog were collected on different days and times and may not align perfectly between sections.
A screenshot of the agents logs for the IntuneMDMDaemon process.
Did the app install?
If you’re troubleshooting a specific app that isn’t installing correctly, start by searching or filtering the log using the app ID or app name. The app ID is typically the most reliable identifier, as it consistently marks log entries related to that app. You can discover an app’s ID in the logs or in the URL of the app in the Microsoft Intune admin center. For example, in the screenshot below, the highlighted section of the URL in the address bar represents the app ID of the sample app shown.
A screenshot of the Microsoft Intune admin center, highlighting the app ID displayed in the URL.
You can also retrieve the app ID (displayed as the PolicyID) from the logs themselves by searching for the app name as in the following example log line:
2025-06-13 10:04:02:924 | IntuneMDM-Daemon | I | 10429 | AppDetector | Detecting app with specific bundle ID. PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, BundleID: com.intune.AddScripts, AppType: PKG, IgnoreVersion: true
The Microsoft Intune Agent detects if an app is installed on the device two ways:
- Is the bundle ID returned from a Spotlight Search?
- Is there a package receipt?
To manually check for bundle ID and package receipt, use the following Terminal commands.
Spotlight Search test
Note: This command is case sensitive so pay special attention to the case of the bundle ID.
mdfind “kMDItemCFBundleIdentifier == ‘{bundleid}'”
A screenshot of the output of the mdfind command run in Terminal.
Package receipt test
Use pkgutil in Terminal to check if the package is installed.
pkgutil –pkg-info {bundleid}
A screenshot of the output of the pkgutil command run in Terminal.
If your app or script isn’t in the logs, check its assignment in the Intune admin center. Log entries will show reasons for any installation failures.
When did the agent start?
Each time the agent starts, a full sync will be kicked off and you’ll see the following line in the logs:
2025-06-13 10:03:59:892 | IntuneMDM-Daemon | I | 10426 | SidecarDaemonLifecycleManager | Initializing service.
This line is added to the current log whenever the agent starts or restarts—whether due to a system reboot, the agent process being terminated, or an update being applied.
Missing device ID and tenant ID?
After enrollment, the first time the Microsoft Intune Agent runs, the logs will return these two lines:
2025-06-13 10:03:59:893 | IntuneMDM-Daemon | W | 10432 | TreatmentProvider | Missing device ID
2025-06-13 10:03:59:893 | IntuneMDM-Daemon | W | 10432 | TreatmentProvider | Missing tenant ID
This occurs because the agent doesn’t have the device or tenant ID yet, so it requests these details from the gateway. After the information has been collected, your logs will have something similar to these lines:
2025-06-13 10:04:01:415 | IntuneMDM-Daemon | I | 10434 | VerifyEnrollmentStatus | Successfully verified MDM server info. URL: https://i.manage.microsoft.com/DeviceGatewayProxy/ioshandler.ashx?Platform=MacMDM
2025-06-13 10:04:01:415 | IntuneMDM-Daemon | I | 10434 | VerifyEnrollmentStatus | Successfully verified device status. DeviceId: 04674b8c-69b5-4450-b4dc-82a8c0025d18, OSVersionActual: 15.5.0, Version: 2506.002, VersionInstalled: 2506.002
2025-06-13 10:04:01:415 | IntuneMDM-Daemon | I | 10434 | VerifyEnrollmentStatus | Successfully verified enrollment status. Environment: PROD, Region: NA, ASU: AMSUA0602, MSU: MSUA06, AccountID: 691617c5-0000-0000-0000-000000000000, AADTenantID: c53fda5f-0000-0000-0000-000000000000
What is the HealthCheckWorkflow?
The Microsoft Intune agent has a heartbeat that runs about every minute to verify the status of the agent and connection to Intune. If the agent is running properly, the following two log lines will represent this heartbeat:
2025-06-13 10:03:59:893 | IntuneMDM-Daemon | I | 10432 | HealthCheckWorkflow | Starting health check Domain: pulse
2025-06-13 10:03:59:901 | IntuneMDM-Daemon | I | 10426 | HealthCheckWorkflow | Completed health check Domain: pulse
What policies are installed?
You can see what policies are installed by the Microsoft Intune Agent in the logs. A line similar to the one below lists the policy IDs for the policies:
2025-06-13 10:04:02:923 | IntuneMDM-Daemon | I | 10435 | SyncActivityTracer | Validating data Context: apply mac app policies, Count: 4, PolicyID: [“14f79200-7c53-48ed-8d8e-287ae52a9c82”, “c76df059-7bc6-468c-956d-56cf63a59888”, “cc2af15f-9ed6-4c65-89bd-bc203031803f”, “f6b5b5bd-9e87-42fc-94f8-31a2bc4bc255”]
This list includes all Microsoft Intune Agent policies, including PKGs, DMGs, and shell scripts. If the policy ID isn’t listed for the app you want installed or script you want to run, it’s likely that itisn’t assigned properly.
What will I see when a required app installs?
When a device is notified of an app to install, the logs show the following.
- Determine intent for Required app:
2025-06-13 10:04:02:924 | IntuneMDM-Daemon | I | 10429 | AppPolicyHandler | Handling app policy. PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, Primary BundleID: com.intune.AddScripts, IgnoreVersion: true, Count: 1, AppType: PKG, App Policy Intent: RequiredInstall - Detecting app:
2025-06-13 10:04:02:924 | IntuneMDM-Daemon | I | 10429 | AppDetector | Detecting app with specific bundle ID. PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, BundleID: com.intune.AddScripts, AppType: PKG, IgnoreVersion: true - Detecting app by path:
2025-06-13 10:04:02:978 | IntuneMDM-Daemon | W | 10431 | AppDetector | Error detecting install path for app. Error: BundleInfoProviderError.bundleNotFound, PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, AppType: PKG, BundleID: com.intune.AddScripts, IgnoreVersion: true - App not found by path:
2025-06-13 10:04:02:978 | IntuneMDM-Daemon | I | 10431 | AppDetector | App not found on disk, trying to detect app receipt PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, BundleID: com.intune.AddScripts, AppType: PKG, IgnoreVersion: true - Detecting app by receipt (bundle ID):
2025-06-13 10:04:02:978 | IntuneMDM-Daemon | I | 10431 | AppDetector | App not found on disk, trying to detect app receipt PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, BundleID: com.intune.AddScripts, AppType: PKG, IgnoreVersion: true - App receipt not found:
2025-06-13 10:04:03:064 | IntuneMDM-Daemon | I | 10429 | AppDetector | Receipt not detected in receipt library, install app PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, BundleID: com.intune.AddScripts, AppType: PKG, IgnoreVersion: true
2025-06-13 10:04:03:064 | IntuneMDM-Daemon | I | 10429 | AppDetector | App with specific bundle ID is NOT installed on the device. PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, BundleID: com.intune.AddScripts, AppType: PKG, IgnoreVersion: true - Need to install app:
2025-06-13 10:04:03:064 | IntuneMDM-Daemon | I | 10429 | AppInstallManager | App policy execution plan: Install PKG app [CK] Add Scripts PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, AppType: PKG, BundleID: com.intune.AddScripts - Starting app install:
2025-06-13 10:04:03:064 | IntuneMDM-Daemon | I | 10429 | AppInstallManager | Starting app installation for mac app policy. PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, AppType: PKG, BundleID: com.intune.AddScripts - Download app:
2025-06-13 10:04:03:064 | IntuneMDM-Daemon | I | 10429 | AppBinaryDownloader | Start app content info metadata download PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, BundleID: com.intune.AddScripts
2025-06-13 10:04:03:064 | IntuneMDM-Daemon | I | 10429 | SidecarService | Getting mac app content info from GW PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts
2025-06-13 10:04:03:788 | IntuneMDM-Daemon | I | 10432 | AppBinaryDownloader | Starting app binary download for mac app policy. PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, Size: 2948.0
2025-06-13 10:04:03:812 | IntuneMDM-Daemon | I | 10432 | AppBinaryDownloader | Attempt 1 of 3 to download app binary. PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, BundleID: com.intune.AddScripts
2025-06-13 10:04:03:817 | IntuneMDM-Daemon | I | *10417 | HttpClientLogger | Network request succeeded. Method: PUT, StatusCode: 200, Description: ok, URL: https://agents.amsua0602.manage.microsoft.com/TrafficGateway/TrafficRoutingService/SideCar/StatelessSideCarGatewayService/SideCarGatewaySessions(‘7EFAA5B2-ADA9-4422-A55C-A2A08FBB6655’)?api-version=1.1, ClientRequestId: 7665A5F1-3E11-406E-910B-715EE3231BD1
2025-06-13 10:04:03:943 | IntuneMDM-Daemon | I | 10427 | AppBinaryDownloader | Successfully downloaded app binary content. PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, BundleID: com.intune.AddScripts - Decrypt content:
2025-06-13 10:04:03:943 | IntuneMDM-Daemon | I | 10427 | AppInstallManager | Starting app binary decryption for mac app policy. PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, AppType: PKG, BundleID: com.intune.AddScripts - Install Required app:
2025-06-13 10:04:03:945 | IntuneMDM-Daemon | I | 10427 | AppInstallManager | Install required for app PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, AppType: PKG, BundleID: com.intune.AddScripts
2025-06-13 10:04:03:945 | IntuneMDM-Daemon | I | 10427 | PkgInstaller | Starting PKG app installation PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, BundleID: com.intune.AddScripts, AppName: [CK] Add Scripts
2025-06-13 10:04:03:945 | IntuneMDM-Daemon | I | 10427 | ScriptOrchestrationLogger | Running system script. Domain: apps, User: root, PolicyID: c76df059-7bc6-468c-956d-56cf63a59888 - Successful app install:
2025-06-13 10:04:05:362 | IntuneMDM-Daemon | I | 10551 | PkgInstaller | Successful PKG installation – installer completed with success status PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, BundleID: com.intune.AddScripts, AppName: [CK] Add Scripts
2025-06-13 10:04:05:363 | IntuneMDM-Daemon | I | 10551 | AppInstallManager | Successfully installed all apps PolicyID: c76df059-7bc6-468c-956d-56cf63a59888, AppName: [CK] Add Scripts, ComplianceState: Installed, EnforcementState: Success, Product Version (BundleID of primary app): 1.0, Primary BundleID: com.intune.AddScripts
2025-06-13 10:04:05:363 | IntuneMDM-Daemon | I | 10551 | ExecutionClock | Policy measurement. ID: c76df059-7bc6-468c-956d-56cf63a59888, Context: macAppInstall, Duration: 2.4395320415496826, Status: success
If your logs diverge from the above, be sure that the app is assigned properly and all the correct endpoints are reachable by the client system.
What do I see when an available app installs?
Available app installs are very similar to required app installs. The main difference is that no detection is run prior to installing the app. In addition, the log lines that show the determined intent and installation are slightly different.
- Determine intent for Available app:
2025-06-18 12:52:38:693 | IntuneMDM-Daemon | I | 27013 | AppPolicyHandler | Handling app policy. PolicyID: 69045d7b-4e79-464b-bff6-3d4908f303f3, Primary BundleID: com.intune.TestScript, IgnoreVersion: true, Count: 1, AppType: PKG, App Policy Intent: Available - Install Available app:
2025-06-18 12:52:38:693 | IntuneMDM-Daemon | I | 27013 | AppInstallManager | Available app install, skipping detection PolicyID: 69045d7b-4e79-464b-bff6-3d4908f303f3, AppName: [CK] Test Script, AppType: PKG, BundleID: com.intune.TestScript
2025-06-18 12:52:38:693 | IntuneMDM-Daemon | I | 27013 | AppInstallManager | Install required for app PolicyID: 69045d7b-4e79-464b-bff6-3d4908f303f3, AppName: [CK] Test Script, AppType: PKG, BundleID: com.intune.TestScript
What do I see when a script runs?
Scripts and their execution are also captured in the logs. Since you can only assign scripts as required, no intent is determined. Unless you schedule a script to run on a recurring basis, scripts will only run once on a Mac.
- Script to run
2025-06-18 13:12:38:188 | IntuneMDM-Daemon | I | 8303 | ScriptPolicyRunner | Running ad-hoc script policy PolicyID: b9b4b299-9a36-40bf-b43a-db295ee49dd6, ExecutionContext: root, ExecutionFrequency: 0, RetryCount: 3, BlockExecutionNotifications: true - Starting script
2025-06-18 13:12:38:235 | IntuneMDM-Daemon | I | 5355 | ScriptOrchestrationLogger | Running management script. Domain: policy, User: root, PolicyID: b9b4b299-9a36-40bf-b43a-db295ee49dd6 - Completing script
2025-06-18 13:12:43:949 | IntuneMDM-Daemon | I | 5355 | ScriptOrchestrationLogger | Finished management script. Domain: policy, User: root, PolicyID: b9b4b299-9a36-40bf-b43a-db295ee49dd6 - Script run status
2025-06-18 13:12:43:950 | IntuneMDM-Daemon | I | 5355 | ScriptPolicyRunner | Ad-hoc script policy ran PolicyID: b9b4b299-9a36-40bf-b43a-db295ee49dd6, TotalRetries: 0, Status: Success, ExitCode: 0 - How long did it take to run?
2025-06-18 13:12:43:950 | IntuneMDM-Daemon | I | 5355 | ExecutionClock | Policy measurement. ID: b9b4b299-9a36-40bf-b43a-db295ee49dd6, Context: shellScript, Duration: 5.769531011581421, Status: success - Already run script
2025-06-18 13:13:28:232 | IntuneMDM-Daemon | I | 11413 | AdHocScriptProcessor | Not running script policy because this policy has already been run. PolicyID: b9b4b299-9a36-40bf-b43a-db295ee49dd6
When you assign a script to a device, the install configuration is also sent to the device. The configuration for this is also listed in the log and an example is included above in the “Script to run” bullet. The following table shows the mapping of settings from the Intune admin center for a script to the values shown in the log for this type of log line.
|
Value in Intune |
Representation in logs |
|
Run script as signed-in user |
ExecutionContext |
|
Hide script notifications on devices |
ExecutionFrequency |
|
Script frequency |
RetryCount |
|
Max number of times to retry if script fails |
BlockExecutionNotifications |
Conclusion
The Microsoft Intune Agent for macOS is a critical part of Mac management in Intune as it’s responsible for running shell scripts and installing both PKG and DMG types of macOS apps. This blog discussed how to access the logs for the macOS Microsoft Intune management agent, what is collected, how to read, and understand the logs to determine what apps were installed and what scripts were ran.
Resources
Here are some additional resources to help with your macOS management journey with Intune.
- Understanding Microsoft Intune management agent for macOS
- Add an unmanaged macOS PKG app to Microsoft Intune
- Add a macOS DMG app to Microsoft Intune
- Use shell scripts on macOS devices in Microsoft Intune
- Network endpoints for Microsoft Intune
If you have any questions or want to share how you’re managing your macOS devices with Intune, leave a comment below or reach out to us on X @IntuneSuppTeam or @MSIntune. You can also connect with us on LinkedIn.