On Microsoft Intune Mobile Device Management (MDM) managed devices, sometimes app or profile installations can fail. When these app or profile installs fail, it can be challenging to understand the failure reason or troubleshoot the issue. Microsoft Intune provides app installation failure details that allow help desk operators and Intune administrators to view app information to address user help requests. The troubleshooting pane within Intune provides failure details, including details about managed apps on a user’s device. Details about the end-to-end life cycle of an app are provided under each individual device in the Managed Apps pane. You can view installation or deployment issues, such as when the app or profile was created, modified, targeted, and delivered to a device.
iOS error
Error message/code: iOS device is currently busy.
Description: After VPN profile deployment, The iOS device was busy, which resulted in an error.
Interpretation or Error
Example: Deployed the VPN profile on the device and got the error iOS device is currently busy.
In the back-end, I use device id a2db70be-406b-4d77-a6ab-014exxxxx of ABCD to check its status reported to Intune portal. There were many “NOTNOW” errors indicating this is not the right time to install the VPN profile.
In that case, the issue happens when the iOS device is locked during installation of the VPN profile. The most common cause for a NOTNOW response is that the device is locked with a passcode or the device is locked and has Data Protection enabled.
This is just a very possible cause for this issue, in that case simply unlock the device and let it run for a while, you may also sync device via company portal to see if it works. This could also explain why the affected device numbers are decreasing.
Description
An MDM command is a message sent via Apple (APNS) to the device letting the device know that there are commands for it to fetch and then perform. If there is a break in this communication (for whatever reason) then the device does not know that it needs to perform the fetch action. This would then mean that this command was incomplete, and the desired action will not occur. The below diagram shows the interactions between the MDM, Apple and the Device when a command is triggered from Microsoft Intune
The flow can be explained as follows
An MDM command is triggered from Microsoft Intune and this is sent to Apple via an APNS message. Status is SENT.
There is the misunderstanding that Microsoft Intune sends this directly to the device, but there is the Apple interaction which adds an additional step and therefore additional complexity.
If the Device has successfully received the APNS message then the Status changes to PUSHED, meaning that the device has responded to receiving the APNS message letting it know that it should fetch the command from Microsoft Intune .
If the Device has not received the APNS message and therefore, cannot action the command, the status changes to NOTNOW. NOTNOW means that the Device is unable to process requests at this time, it also means that when the Device is eventually able to process commands, it will.
The most common cause for a NOTNOW response is that the device is locked with a passcode or the device is locked and has Data Protection enabled. Microsoft Intune has added the ability for the user to “Poke” a device once they know it is unlocked and active, this sends the APNS message.
The Device then fetches the command from Microsoft Intune and responds with a success message meaning the Device has successfully acknowledged the information fetched. Status is ACKNOWLEDGED and this is the desired status.
If the Device has not been able to acknowledge the information fetched from Microsoft Intune it will inform with an error. Status is iOS device is currently busy.
Where to find it on the Intune Console
1. In the Azure portal, select All Services> filter on Intune > select Intune.
2. Select Device configuration >Select Profiles
3. Select the profile which is deployed under configuration profile> Select device status.
4. Select device configuration:
5. Policy Error:
6. Click on Policy
I hope you find this helpful, thank you for reading.