By Mihai Lucian Androne | Support Escalation Engineer & Rob Lane | Sr. Service Engineer - Microsoft Endpoint Manager
Help us help you! Whenever you are contacting Microsoft support, either through the initial query in console or as a follow-up support ticket, it’s important to add in a few key details of your request. The information you share can often immediately surface content or diagnostics to help you. Or, by adding in additional data, we will be able to offer you the best support experience from the first moment you reach us. This post shares best practices.
Where do you start? Login to Microsoft Endpoint Manager, head to the Troubleshooting + support blade, then select Help and support. When you land on the Help and support blade, you will be prompted to select a management type with three choices. Pick the correct one as that helps us route any case you create to the appropriate support team. For this article we’ve focused on Intune management.
Once you’ve made your choice you’ll be presented with the Need help? dialog, and an empty text box. We are looking for a brief description of your issue – just a few words – based on which we try to provide you some instant guidance. Within this field, be as specific as possible and mention only the key words for your issue like the platform and the unexpected behavior. Also include any explicit error code or error messages as relevant.
Based on this initial query string you type, we will share articles, documentation, relevant Message Center and Service Health Dashboard posts, and troubleshooters (if available) for the topic you are contacting us about. Do look at the content – it may well be relevant to your issue.
We may also trigger a diagnostic to run against your tenant. Some diagnostics require no input while others may prompt you for the UPN of an affected user. These user diagnostics are great at picking up common issues, so they are worth the extra few moments it takes to run them!
“Need Help” Query Examples
Let's see some other examples on how we could describe possible issues to surface the most relevant content:
Query: Android LOB application installation fails 0xC7D24FBA
Query: On-Demand VPN for iOS not working
Query: Windows not compliant due to BitLocker
Contact Support Tips
If the articles that we shared as a result of initial query in the step above did not help you resolve the issue, move forward and select Contact support. You will be able to add a more detailed description of the issue and as needed add attachments.
Below are some examples of the more detailed descriptions which might be associated with the initial query you typed in. We use the initial query as the title.
Title: Android LOB application installation fails 0xC7D24FBA
Description: For our Galaxy S8 devices running Android 9, users are unable to install our LOB application. Users are trying to install the app manually via Company Portal; however, they see a "failed" error after pressing install while in the portal “0xC7D24FBA”is presented. Devices are enrolled as Android Enterprise with Work Profile. When the application was sideloaded by our developers and it was installed fine, thus I am expecting it to work via Intune as well.
Title: On-Demand VPN for iOS not working
Description: We have deployed an on-demand VPN configuration profile called “ACOD VPN” to our iPad’s. However, the IPSEC vpn connection is not triggered when the end user tries to access one of our domains (contoso.com).
Title: Windows not compliant due to BitLocker
Description: Windows 10 1903 device are reporting Not Compliant due to due to BitLocker not being enabled. I checked locally on the device and BitLocker has been enabled, however device is still Not Compliant. This is affecting multiple users including a test user email@example.com.
This description data is very useful for our support team as it represents the starting point for us in troubleshooting the issue that you are facing. Be sure to provide a valid phone number and email so we can contact you back.
Let me add couple tips on how to make the most out of the Contact support blade:
Additional Data Requests
Even with a solid description, sometimes we may need additional information to resolve the issue. Below you’ll find additional details about the most commonly requested data and where you can find it and attach it to your support incident. These common elements include:
This data is crucial for troubleshooting. Knowing the exact timestamp of the issue will help us review a smaller set of data, thus it will considerably reduce the overall troubleshooting time.
Tip 1: Note the time zone for your issue TimeStamp. We do our best to ensure the support agent that works with you has comparable business hours, but sometimes there may be a few hours difference.
Tip 2: Contact us as soon as possible after the issue occurred. We retain data for 30 days so, if the issue happened more than 30 days ago, we may not have the backend trace data.
If at all possible, please include the day and approximate time (hour & minute) at which the issue occurred. If you are able to reproduce the issue at will, note down the specific time. Also let us know what timezone the user of affected device was working in. These are all useful data points.
How to find the Intune/AzureAdDeviceId? Navigate to Intune -> Devices -> All Devices blade and choose your impacted device. Then, under Hardware Tab -> here you will find both Intune & AzureAD deviceId.
The UPN is used by Azure AD to allow users to sign-in thus, in order to enroll a device to Intune on behalf of a user, you will need to use the UPN. The UserPrincipalName attribute value is the Azure AD username for the user accounts.
How do you find UPN? Navigate to Intune -> Users -> All Users -> *search for the user* -> User Name column = UPN
There are thousands of device models out there. Each model has different hardware thus different features will be enabled within the OS. Knowing the model of the affected device will help us narrow down the issue and see if the behavior happens only on some specific models. Also, we can try to do a repro if we own such device – our agents have access to many of the more popular models.
How do you find the device model? Depending on the operating system, this information can be placed in different location:
Each operating system has its own particularities in terms of features and MDM capabilities. Furthermore, as technology develops each OS will get new features as new versions ship.
How do you find the OS Version? Depending on OS version and device model, this information can be found in different places. However, I will mention below where this information is generally available for each platform:
A serial number is a unique identifier assigned to your device by the vendor. Once a device is enrolled, serial number is pulled along with the hardware inventory and we are able to uniquely identify your device. At the same time, serial numbers are used for specific corporate enrollment scenarios like DEP or Autopilot or used to record your corporate devices.
How do you find the Serial Number? Well, each vendor has its own way of doing it, so I won't be able to cover all scenarios. However, from the OS side, you should be able to find it here:
Represents the unique identifier for your tenant. How do you find the TenantId? Navigate to the Azure Active Directory blade -> Properties -> Directory ID.
Unique identifier for any policy that was created within Intune: Configuration, Compliance, Applications, App Protection Policy, etc. Knowing the name of the policy is good but not as accurate as the id. Policies can be renamed and at the same time, the policy name can be duplicated while the id will be always unique.
Where do you find the PolicyId? For the following policy types, the unique identifier can be found within the URL of the page, once you opened that specific policy/application. After selecting the blade that contains the policy type that you are interested in, choose the policy/app. Once opened, the URL of the portal will hold the unique id:
For Device configurations & Device compliance policies, finding the unique identifier is not always completely straight forward. Share the policy name with us and we can find the correct unique identifier.
Depending on each platform, there are different methods to gather the MDM logs generated by your device. These logs are very useful when we need to track down issues that are not very obvious and required deeper investigation.
For more information – see How to create an Intune MAM diagnostic report on iOS devices
We’ve shared a lot of data in this article and hope you’ve found it useful! Let us know if you have any additional questions regarding support tickets.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.