Feature Request - Import Overwrite

[iwarp]

Hi,
Great project I've used its to export and import between tenants, it would be nice if we could import and replace the existing policy, this way we could use a single tenant as a source for all changes, and deploy.

I don't think I've missed anything in the documentation.

Thanks

[Micke-K]

I did this deliberately because that was not the intention from the beginning. I will keep this in mind. I'll see if I can implement this in and easy way and be enabled in the settings like the Delete functionality.

[iwarp]

Cool thanks for the update, i'll be happy to test when required

[Micke-K]

I started to look into this. A bit more complicated than I was hoping for so it might take a while to implement. I can currently update approx. 50% of the profile types. Some requires quite a bit of work e.g. Compliancy policy is split up in multiple update APIs, I cannot find an API for replacing Settings for Endpoint Security objects so non-file values will be set to null but still visible in the UI etc. Will include a very early version of this in next release so you can test.

[iwarp]

Would it be easier to delete the existing policy and re-import where there isn't currently an update API?

[Micke-K]

That would be very easy but could cause other issues eg all assignments are lost, clients will get all new policies (shouldn't matter but just raisethe risk)

[Micke-K]

Or I could do this in multiple stages eg

• Import without assignment
• Copy assignments from existing
• Delete/rename existing

[iwarp]

That sounds reasonable, Intune never responds that fast anyway

[Micke-K]

Uploaded the first version. You have to enable it in the settings.
All objects I've tested looks good but I have NOT tested all types.
Replace was a bit tricky if PolicySets are used. This WILL update PolicySets so that should work as well but please verify it if you use PolicySets. It will also make sure that replaced Enrollment Restrictions and Autopilot profiles has the correct priority.

Assignments for PolicySets might take some time before showing up. I also saw issues with Enrolment Restrictions taking some time before the old objects are removed in the UI.

I kept the original Update code in there. I might look into that more when I have time. I feel more safe with Update over replace...

Let me know how it goes

[iwarp]

I'm not currently using PolicySets so no problems there! I'll give it a test later today and let you know how i get on.

[Micke-K]

I can see additional issues with replace e.g. if you replace an App you might break App Protection, Autopilot policies etc. It might work when importing all files using bulk import but break when you import a single file.
It is going to be interesting to hear how it goes.
Thank you for testing!

[iwarp]

Yes so far so good, replace seems to work well for the few changes I've migrated from my central tenancy to a 3rd party ill I'm on-boarding a new customer this week and will test with some live PC's.

Do you have a list of what types are supported for the in-place updates?

[Micke-K]

That is great! Thank you!

I've only have two types left to add support for. I'll try to that on the weekend and then some testing before I upload it. You should be able to test the update next week.

[Micke-K]

New version uploaded with Update support. See README.md file for tested object types. I did test most of them but there are 3-4 left and a few application types I expect might have some issues during update.

Let me know how it goes!

[iwarp]

Cool i'll give it a go, for the windows app imports is there a way to get the application package uploaded with the configuration? or is there a way to upload the package separately?

[Micke-K]

You can upload the package file with the configuration. Set the App packages folder in Settings. The json file for an app contains the name of the package and the script will look for that file in the specified folder. I have not tested this in a long time but it used to work :)

[iwarp]

Was just testing some more, for Autopilot profile, its not importing the assignments in either replace or update mode.

[Micke-K]

Thank you for the update. I'll have a look at it.

[Micke-K]

I just did a quick test.

If I do a Replace, the assignments remains and the log states:
Import AutoPilot object Test Profile
Loading migration objects
AutoPilot object imported successfully with id: c77c20a8-e21b-442e-8e6d-e6986d38f844
Loading Test Profile
Delete AutoPilot profile assignments
Delete Test Profile
Delete AutoPilot object Test Profile
Loading AutoPilot objects

What did your log say during the replace scenario?

The Update failed but I found the reason why. Microsoft added a new property in the latest version that cannot be included in the update, managementServiceAppId. Probably a new feature that will be available soon. I can't see anything in the UI for it. I uploaded a new version of the tool that includes the fix for updating AutoPilot profiles.

Both Update and Replace will only keep the existing assignments. They will NOT import assignments based on the exported json file. That is by design in case assignments has been added/changed manually.

[Micke-K]

Closing this. Two different solutions implemented. Please let me know if there are any additional issues with it.

Cheers!